Removing PUP.BundleInstaller.DW from infected machine

[Ssekar111]

  Hi All,

 

  I have put Malwarebytes Anti-Malware Free on my mother's computer and she recently sent me an email saying that it has detected "PUP.BundleInstaller.DW" but it is not able to remove or quantine the file.  I'd like to help her get rid of this but am not sure of the steps to take and I was wondering if I could get some help.  She has updated Anti-Malware Free and has run multiple scans but still not able to get rid of it.

 

  Thanks,

 

  Sarat..

[D-FRED-BROWN]

Hello Ssekar111 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.

  Vista/Windows 7 users right-click and select Run As Administrator.

• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
• Do not use the computer during the scan
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.

• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

• TDSSKiller's logfile
• MBAR mbar-log.txt and system-log.txt
• ComboFix's report (C:\ComboFix.txt)
• Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[Ssekar111]

  Hi DFB,

 

  I asked my mom to do what you suggested.  Here are the log files.  She did mention that while doing all of this, something called Delta Search came up and became the default search page.  I'm going to have her look at the browser's preferences to make sure that the Delta search is not the default page to be opened when a new window/tab is opened. 

 

  She also turned off the machine after doing everything and ran AVG and Malware again.  AVG ran fine and Malware found 20 threats, all PUP with different extensions.    She removed them all and ran Malware again and this time did not find any other threats.  Other than the Delta search, everything else is working fine.  I'm attaching the logs for the Malware scans as well at the end.

 

  Thanks,

 

  Sarat..

 

  Here are the log files.  She could not do Step 4 as the link wasn't working for her.

 

  TDSSKiller's log file :

09:10:02.0656 3308  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
09:10:03.0656 3308  ============================================================
09:10:03.0656 3308  Current date / time: 2013/08/13 09:10:03.0656
09:10:03.0656 3308  SystemInfo:
09:10:03.0656 3308  
09:10:03.0656 3308  OS Version: 5.1.2600 ServicePack: 3.0
09:10:03.0656 3308  Product type: Workstation
09:10:03.0656 3308  ComputerName: GEETHA
09:10:03.0656 3308  UserName: Administrator
09:10:03.0656 3308  Windows directory: C:\WINDOWS
09:10:03.0656 3308  System windows directory: C:\WINDOWS
09:10:03.0656 3308  Processor architecture: Intel x86
09:10:03.0656 3308  Number of processors: 2
09:10:03.0656 3308  Page size: 0x1000
09:10:03.0656 3308  Boot type: Normal boot
09:10:03.0656 3308  ============================================================
09:10:05.0140 3308  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:10:05.0156 3308  ============================================================
09:10:05.0156 3308  \Device\Harddisk0\DR0:
09:10:05.0171 3308  MBR partitions:
09:10:05.0171 3308  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
09:10:05.0187 3308  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0x4E1EDEC
09:10:05.0218 3308  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88B515A, BlocksNum 0x4E1EDEC
09:10:05.0265 3308  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xD6D3F85, BlocksNum 0x5340C7B
09:10:05.0265 3308  ============================================================
09:10:05.0296 3308  C: <-> \Device\Harddisk0\DR0\Partition1
09:10:05.0312 3308  D: <-> \Device\Harddisk0\DR0\Partition2
09:10:05.0359 3308  E: <-> \Device\Harddisk0\DR0\Partition3
09:10:05.0375 3308  F: <-> \Device\Harddisk0\DR0\Partition4
09:10:05.0375 3308  ============================================================
09:10:05.0375 3308  Initialize success
09:10:05.0375 3308  ============================================================
09:10:07.0265 3960  ============================================================
09:10:07.0265 3960  Scan started
09:10:07.0265 3960  Mode: Manual;
09:10:07.0265 3960  ============================================================
09:10:08.0109 3960  ================ Scan system memory ========================
09:10:08.0109 3960  System memory - ok
09:10:08.0109 3960  ================ Scan services =============================
09:10:08.0218 3960  Abiosdsk - ok
09:10:08.0234 3960  abp480n5 - ok
09:10:08.0281 3960  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:10:08.0281 3960  ACPI - ok
09:10:08.0312 3960  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
09:10:08.0312 3960  ACPIEC - ok
09:10:08.0359 3960  [ ABC395A2EFC085B079495E1157617012 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:10:08.0359 3960  ADIHdAudAddService - ok
09:10:08.0437 3960  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:10:08.0437 3960  AdobeFlashPlayerUpdateSvc - ok
09:10:08.0453 3960  adpu160m - ok
09:10:08.0453 3960  [ 358063AB6C1C4173B735525CDFA65F94 ] AEAudio         C:\WINDOWS\system32\drivers\AEAudio.sys
09:10:08.0468 3960  AEAudio - ok
09:10:08.0484 3960  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
09:10:08.0484 3960  aec - ok
09:10:08.0531 3960  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
09:10:08.0531 3960  AFD - ok
09:10:08.0546 3960  Aha154x - ok
09:10:08.0546 3960  aic78u2 - ok
09:10:08.0562 3960  aic78xx - ok
09:10:08.0609 3960  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
09:10:08.0609 3960  Alerter - ok
09:10:08.0625 3960  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
09:10:08.0625 3960  ALG - ok
09:10:08.0640 3960  AliIde - ok
09:10:08.0656 3960  amsint - ok
09:10:08.0687 3960  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
09:10:08.0687 3960  AppMgmt - ok
09:10:08.0703 3960  asc - ok
09:10:08.0703 3960  asc3350p - ok
09:10:08.0718 3960  asc3550 - ok
09:10:08.0843 3960  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:10:08.0843 3960  aspnet_state - ok
09:10:08.0859 3960  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:10:08.0875 3960  AsyncMac - ok
09:10:08.0890 3960  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
09:10:08.0890 3960  atapi - ok
09:10:08.0906 3960  Atdisk - ok
09:10:08.0937 3960  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:10:08.0937 3960  Atmarpc - ok
09:10:08.0984 3960  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:10:08.0984 3960  AudioSrv - ok
09:10:09.0015 3960  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
09:10:09.0015 3960  audstub - ok
09:10:09.0250 3960  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
09:10:09.0296 3960  AVGIDSAgent - ok
09:10:09.0343 3960  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
09:10:09.0343 3960  AVGIDSDriver - ok
09:10:09.0375 3960  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
09:10:09.0375 3960  AVGIDSHX - ok
09:10:09.0406 3960  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
09:10:09.0406 3960  AVGIDSShim - ok
09:10:09.0421 3960  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:10:09.0421 3960  Avgldx86 - ok
09:10:09.0437 3960  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
09:10:09.0437 3960  Avglogx - ok
09:10:09.0453 3960  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:10:09.0453 3960  Avgmfx86 - ok
09:10:09.0453 3960  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:10:09.0468 3960  Avgrkx86 - ok
09:10:09.0484 3960  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:10:09.0484 3960  Avgtdix - ok
09:10:09.0531 3960  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
09:10:09.0531 3960  avgwd - ok
09:10:09.0578 3960  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:10:09.0578 3960  Beep - ok
09:10:09.0625 3960  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
09:10:09.0625 3960  BITS - ok
09:10:09.0671 3960  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
09:10:09.0671 3960  Browser - ok
09:10:09.0703 3960  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
09:10:09.0703 3960  cbidf2k - ok
09:10:09.0718 3960  cd20xrnt - ok
09:10:09.0734 3960  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
09:10:09.0734 3960  Cdaudio - ok
09:10:09.0765 3960  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:10:09.0765 3960  Cdfs - ok
09:10:09.0812 3960  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:10:09.0812 3960  Cdrom - ok
09:10:09.0812 3960  Changer - ok
09:10:09.0859 3960  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
09:10:09.0859 3960  CiSvc - ok
09:10:09.0890 3960  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
09:10:09.0890 3960  ClipSrv - ok
09:10:09.0937 3960  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:10:09.0937 3960  clr_optimization_v2.0.50727_32 - ok
09:10:09.0953 3960  CmdIde - ok
09:10:09.0953 3960  COMSysApp - ok
09:10:09.0984 3960  Cpqarray - ok
09:10:10.0015 3960  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:10:10.0015 3960  CryptSvc - ok
09:10:10.0031 3960  dac2w2k - ok
09:10:10.0031 3960  dac960nt - ok
09:10:10.0078 3960  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:10:10.0078 3960  DcomLaunch - ok
09:10:10.0093 3960  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:10:10.0093 3960  Dhcp - ok
09:10:10.0109 3960  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:10:10.0109 3960  Disk - ok
09:10:10.0125 3960  dmadmin - ok
09:10:10.0171 3960  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:10:10.0171 3960  dmboot - ok
09:10:10.0187 3960  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
09:10:10.0187 3960  dmio - ok
09:10:10.0203 3960  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:10:10.0203 3960  dmload - ok
09:10:10.0234 3960  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:10:10.0234 3960  dmserver - ok
09:10:10.0250 3960  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:10:10.0250 3960  DMusic - ok
09:10:10.0296 3960  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:10:10.0296 3960  Dnscache - ok
09:10:10.0328 3960  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:10:10.0328 3960  Dot3svc - ok
09:10:10.0343 3960  dpti2o - ok
09:10:10.0375 3960  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:10:10.0375 3960  drmkaud - ok
09:10:10.0406 3960  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
09:10:10.0406 3960  EapHost - ok
09:10:10.0421 3960  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
09:10:10.0437 3960  ERSvc - ok
09:10:10.0453 3960  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
09:10:10.0468 3960  Eventlog - ok
09:10:10.0500 3960  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
09:10:10.0500 3960  EventSystem - ok
09:10:10.0531 3960  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
09:10:10.0531 3960  Fastfat - ok
09:10:10.0562 3960  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:10:10.0578 3960  FastUserSwitchingCompatibility - ok
09:10:10.0609 3960  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
09:10:10.0609 3960  Fdc - ok
09:10:10.0625 3960  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:10:10.0625 3960  Fips - ok
09:10:10.0640 3960  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
09:10:10.0640 3960  Flpydisk - ok
09:10:10.0671 3960  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
09:10:10.0671 3960  FltMgr - ok
09:10:10.0718 3960  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:10:10.0718 3960  FontCache3.0.0.0 - ok
09:10:10.0734 3960  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:10:10.0734 3960  Fs_Rec - ok
09:10:10.0750 3960  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:10:10.0750 3960  Ftdisk - ok
09:10:10.0796 3960  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:10:10.0796 3960  Gpc - ok
09:10:10.0843 3960  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:10:10.0843 3960  gusvc - ok
09:10:10.0875 3960  [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
09:10:10.0875 3960  HdAudAddService - ok
09:10:10.0906 3960  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:10:10.0906 3960  HDAudBus - ok
09:10:10.0984 3960  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:10:10.0984 3960  helpsvc - ok
09:10:11.0000 3960  HidServ - ok
09:10:11.0031 3960  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:10:11.0031 3960  hidusb - ok
09:10:11.0062 3960  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
09:10:11.0062 3960  hkmsvc - ok
09:10:11.0078 3960  hpn - ok
09:10:11.0109 3960  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:10:11.0109 3960  HTTP - ok
09:10:11.0140 3960  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:10:11.0156 3960  HTTPFilter - ok
09:10:11.0156 3960  i2omgmt - ok
09:10:11.0171 3960  i2omp - ok
09:10:11.0203 3960  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:10:11.0203 3960  i8042prt - ok
09:10:11.0281 3960  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:10:11.0281 3960  idsvc - ok
09:10:11.0296 3960  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
09:10:11.0296 3960  Imapi - ok
09:10:11.0343 3960  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
09:10:11.0343 3960  ImapiService - ok
09:10:11.0359 3960  ini910u - ok
09:10:11.0375 3960  IntelIde - ok
09:10:11.0406 3960  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:10:11.0406 3960  intelppm - ok
09:10:11.0437 3960  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
09:10:11.0437 3960  Ip6Fw - ok
09:10:11.0468 3960  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:10:11.0468 3960  IpFilterDriver - ok
09:10:11.0500 3960  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:10:11.0500 3960  IpInIp - ok
09:10:11.0531 3960  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:10:11.0531 3960  IpNat - ok
09:10:11.0546 3960  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:10:11.0546 3960  IPSec - ok
09:10:11.0562 3960  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:10:11.0562 3960  IRENUM - ok
09:10:11.0609 3960  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:10:11.0609 3960  isapnp - ok
09:10:11.0703 3960  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
09:10:11.0703 3960  JavaQuickStarterService - ok
09:10:11.0718 3960  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:10:11.0718 3960  Kbdclass - ok
09:10:11.0734 3960  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:10:11.0734 3960  kmixer - ok
09:10:11.0765 3960  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:10:11.0765 3960  KSecDD - ok
09:10:11.0796 3960  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
09:10:11.0796 3960  lanmanserver - ok
09:10:11.0843 3960  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:10:11.0843 3960  lanmanworkstation - ok
09:10:11.0843 3960  Lavasoft Kernexplorer - ok
09:10:11.0859 3960  Lbd - ok
09:10:11.0875 3960  lbrtfdc - ok
09:10:11.0937 3960  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:10:11.0937 3960  LmHosts - ok
09:10:11.0968 3960  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:10:11.0968 3960  Messenger - ok
09:10:12.0015 3960  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:10:12.0015 3960  mnmdd - ok
09:10:12.0046 3960  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
09:10:12.0046 3960  mnmsrvc - ok
09:10:12.0078 3960  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:10:12.0078 3960  Modem - ok
09:10:12.0093 3960  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:10:12.0093 3960  Mouclass - ok
09:10:12.0140 3960  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:10:12.0140 3960  mouhid - ok
09:10:12.0156 3960  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:10:12.0156 3960  MountMgr - ok
09:10:12.0203 3960  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:10:12.0203 3960  MozillaMaintenance - ok
09:10:12.0218 3960  mraid35x - ok
09:10:12.0250 3960  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:10:12.0250 3960  MRxDAV - ok
09:10:12.0265 3960  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:10:12.0281 3960  MRxSmb - ok
09:10:12.0296 3960  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
09:10:12.0312 3960  MSDTC - ok
09:10:12.0328 3960  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:10:12.0328 3960  Msfs - ok
09:10:12.0343 3960  MSIServer - ok
09:10:12.0359 3960  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:10:12.0375 3960  MSKSSRV - ok
09:10:12.0375 3960  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:10:12.0375 3960  MSPCLOCK - ok
09:10:12.0390 3960  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:10:12.0406 3960  MSPQM - ok
09:10:12.0437 3960  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:10:12.0437 3960  mssmbios - ok
09:10:12.0453 3960  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:10:12.0468 3960  Mup - ok
09:10:12.0484 3960  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:10:12.0484 3960  napagent - ok
09:10:12.0531 3960  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:10:12.0531 3960  NDIS - ok
09:10:12.0562 3960  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:10:12.0562 3960  NdisTapi - ok
09:10:12.0578 3960  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:10:12.0578 3960  Ndisuio - ok
09:10:12.0593 3960  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:10:12.0593 3960  NdisWan - ok
09:10:12.0625 3960  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:10:12.0625 3960  NDProxy - ok
09:10:12.0625 3960  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:10:12.0640 3960  NetBIOS - ok
09:10:12.0656 3960  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:10:12.0656 3960  NetBT - ok
09:10:12.0687 3960  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:10:12.0703 3960  NetDDE - ok
09:10:12.0703 3960  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:10:12.0703 3960  NetDDEdsdm - ok
09:10:12.0734 3960  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:10:12.0734 3960  Netlogon - ok
09:10:12.0781 3960  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
09:10:12.0781 3960  Netman - ok
09:10:12.0812 3960  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:10:12.0812 3960  NetTcpPortSharing - ok
09:10:12.0859 3960  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:10:12.0859 3960  Nla - ok
09:10:12.0890 3960  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:10:12.0890 3960  Npfs - ok
09:10:12.0921 3960  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:10:12.0937 3960  Ntfs - ok
09:10:12.0937 3960  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
09:10:12.0953 3960  NtLmSsp - ok
09:10:12.0984 3960  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:10:13.0000 3960  NtmsSvc - ok
09:10:13.0031 3960  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:10:13.0031 3960  Null - ok
09:10:13.0062 3960  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:10:13.0062 3960  NwlnkFlt - ok
09:10:13.0078 3960  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:10:13.0078 3960  NwlnkFwd - ok
09:10:13.0171 3960  [ 0F7B2D0A2D7182B318B358E2B9C498E2 ] Olympus DVR Service C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
09:10:13.0171 3960  Olympus DVR Service - ok
09:10:13.0203 3960  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:10:13.0203 3960  ose - ok
09:10:13.0250 3960  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
09:10:13.0250 3960  Parport - ok
09:10:13.0265 3960  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:10:13.0265 3960  PartMgr - ok
09:10:13.0312 3960  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:10:13.0312 3960  ParVdm - ok
09:10:13.0328 3960  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:10:13.0328 3960  PCI - ok
09:10:13.0343 3960  PCIDump - ok
09:10:13.0359 3960  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
09:10:13.0359 3960  PCIIde - ok
09:10:13.0375 3960  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
09:10:13.0390 3960  Pcmcia - ok
09:10:13.0390 3960  PDCOMP - ok
09:10:13.0406 3960  PDFRAME - ok
09:10:13.0421 3960  PDRELI - ok
09:10:13.0421 3960  PDRFRAME - ok
09:10:13.0437 3960  perc2 - ok
09:10:13.0453 3960  perc2hib - ok
09:10:13.0500 3960  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:10:13.0500 3960  PlugPlay - ok
09:10:13.0515 3960  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:10:13.0531 3960  PolicyAgent - ok
09:10:13.0562 3960  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:10:13.0562 3960  PptpMiniport - ok
09:10:13.0562 3960  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:10:13.0578 3960  ProtectedStorage - ok
09:10:13.0578 3960  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:10:13.0578 3960  PSched - ok
09:10:13.0609 3960  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:10:13.0609 3960  Ptilink - ok
09:10:13.0609 3960  ql1080 - ok
09:10:13.0625 3960  Ql10wnt - ok
09:10:13.0640 3960  ql12160 - ok
09:10:13.0656 3960  ql1240 - ok
09:10:13.0671 3960  ql1280 - ok
09:10:13.0703 3960  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:10:13.0703 3960  RasAcd - ok
09:10:13.0734 3960  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:10:13.0734 3960  RasAuto - ok
09:10:13.0750 3960  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:10:13.0750 3960  Rasl2tp - ok
09:10:13.0796 3960  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:10:13.0796 3960  RasMan - ok
09:10:13.0812 3960  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:10:13.0812 3960  RasPppoe - ok
09:10:13.0828 3960  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:10:13.0828 3960  Raspti - ok
09:10:13.0843 3960  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:10:13.0843 3960  Rdbss - ok
09:10:13.0859 3960  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:10:13.0875 3960  RDPCDD - ok
09:10:13.0890 3960  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:10:13.0890 3960  rdpdr - ok
09:10:13.0921 3960  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:10:13.0921 3960  RDPWD - ok
09:10:13.0953 3960  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:10:13.0953 3960  RDSessMgr - ok
09:10:13.0984 3960  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:10:13.0984 3960  redbook - ok
09:10:14.0031 3960  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:10:14.0031 3960  RemoteAccess - ok
09:10:14.0062 3960  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:10:14.0062 3960  RemoteRegistry - ok
09:10:14.0078 3960  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:10:14.0078 3960  RpcLocator - ok
09:10:14.0125 3960  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
09:10:14.0125 3960  RpcSs - ok
09:10:14.0156 3960  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
09:10:14.0156 3960  RSVP - ok
09:10:14.0187 3960  [ 25BE98C05808C57E4D8D26477DC12D39 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:10:14.0187 3960  RTLE8023xp - ok
09:10:14.0203 3960  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:10:14.0203 3960  SamSs - ok
09:10:14.0234 3960  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:10:14.0234 3960  SCardSvr - ok
09:10:14.0265 3960  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:10:14.0265 3960  Schedule - ok
09:10:14.0296 3960  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:10:14.0296 3960  Secdrv - ok
09:10:14.0328 3960  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:10:14.0328 3960  seclogon - ok
09:10:14.0343 3960  [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService  C:\WINDOWS\system32\drivers\Senfilt.sys
09:10:14.0343 3960  SenFiltService - ok
09:10:14.0359 3960  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
09:10:14.0359 3960  SENS - ok
09:10:14.0375 3960  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
09:10:14.0375 3960  serenum - ok
09:10:14.0390 3960  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:10:14.0390 3960  Serial - ok
09:10:14.0421 3960  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
09:10:14.0421 3960  Sfloppy - ok
09:10:14.0468 3960  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:10:14.0468 3960  SharedAccess - ok
09:10:14.0500 3960  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:10:14.0500 3960  ShellHWDetection - ok
09:10:14.0500 3960  Simbad - ok
09:10:14.0531 3960  [ C14863DECE98B65195429DF2DCC038BC ] SiS315          C:\WINDOWS\system32\DRIVERS\sisgrp.sys
09:10:14.0546 3960  SiS315 - ok
09:10:14.0562 3960  [ C29363D5855C4B55012A31EF6436013C ] SiSkp           C:\WINDOWS\system32\DRIVERS\srvkp.sys
09:10:14.0562 3960  SiSkp - ok
09:10:14.0640 3960  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
09:10:14.0640 3960  SkypeUpdate - ok
09:10:14.0656 3960  Sparrow - ok
09:10:14.0703 3960  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:10:14.0703 3960  splitter - ok
09:10:14.0734 3960  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:10:14.0734 3960  Spooler - ok
09:10:14.0750 3960  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:10:14.0750 3960  sr - ok
09:10:14.0796 3960  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
09:10:14.0796 3960  srservice - ok
09:10:14.0828 3960  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:10:14.0843 3960  Srv - ok
09:10:14.0875 3960  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:10:14.0890 3960  SSDPSRV - ok
09:10:14.0921 3960  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:10:14.0937 3960  stisvc - ok
09:10:14.0984 3960  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:10:14.0984 3960  swenum - ok
09:10:15.0000 3960  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:10:15.0000 3960  swmidi - ok
09:10:15.0015 3960  SwPrv - ok
09:10:15.0031 3960  symc810 - ok
09:10:15.0046 3960  symc8xx - ok
09:10:15.0046 3960  sym_hi - ok
09:10:15.0062 3960  sym_u3 - ok
09:10:15.0093 3960  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:10:15.0093 3960  sysaudio - ok
09:10:15.0109 3960  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:10:15.0109 3960  SysmonLog - ok
09:10:15.0140 3960  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:10:15.0140 3960  TapiSrv - ok
09:10:15.0187 3960  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:10:15.0187 3960  Tcpip - ok
09:10:15.0218 3960  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:10:15.0218 3960  TDPIPE - ok
09:10:15.0234 3960  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:10:15.0234 3960  TDTCP - ok
09:10:15.0250 3960  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:10:15.0265 3960  TermDD - ok
09:10:15.0281 3960  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
09:10:15.0281 3960  TermService - ok
09:10:15.0312 3960  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:10:15.0312 3960  Themes - ok
09:10:15.0343 3960  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
09:10:15.0343 3960  TlntSvr - ok
09:10:15.0359 3960  TosIde - ok
09:10:15.0390 3960  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:10:15.0390 3960  TrkWks - ok
09:10:15.0437 3960  [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35          C:\WINDOWS\system32\DRIVERS\uagp35.sys
09:10:15.0437 3960  uagp35 - ok
09:10:15.0453 3960  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:10:15.0453 3960  Udfs - ok
09:10:15.0468 3960  ultra - ok
09:10:15.0500 3960  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:10:15.0500 3960  Update - ok
09:10:15.0531 3960  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:10:15.0531 3960  upnphost - ok
09:10:15.0546 3960  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
09:10:15.0546 3960  UPS - ok
09:10:15.0593 3960  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
09:10:15.0593 3960  usbaudio - ok
09:10:15.0609 3960  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:10:15.0609 3960  usbccgp - ok
09:10:15.0656 3960  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:10:15.0656 3960  usbehci - ok
09:10:15.0671 3960  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:10:15.0671 3960  usbhub - ok
09:10:15.0703 3960  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:10:15.0703 3960  usbohci - ok
09:10:15.0750 3960  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:10:15.0750 3960  usbscan - ok
09:10:15.0781 3960  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:10:15.0781 3960  usbstor - ok
09:10:15.0796 3960  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:10:15.0796 3960  VgaSave - ok
09:10:15.0796 3960  ViaIde - ok
09:10:15.0843 3960  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:10:15.0843 3960  VolSnap - ok
09:10:15.0875 3960  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
09:10:15.0875 3960  VSS - ok
09:10:15.0906 3960  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
09:10:15.0921 3960  W32Time - ok
09:10:15.0937 3960  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:10:15.0937 3960  Wanarp - ok
09:10:15.0937 3960  WDICA - ok
09:10:15.0968 3960  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:10:15.0968 3960  wdmaud - ok
09:10:16.0000 3960  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:10:16.0000 3960  WebClient - ok
09:10:16.0109 3960  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:10:16.0109 3960  winmgmt - ok
09:10:16.0156 3960  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
09:10:16.0156 3960  WmdmPmSN - ok
09:10:16.0203 3960  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
09:10:16.0203 3960  Wmi - ok
09:10:16.0234 3960  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:10:16.0234 3960  WmiApSrv - ok
09:10:16.0281 3960  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:10:16.0281 3960  wscsvc - ok
09:10:16.0296 3960  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:10:16.0296 3960  wuauserv - ok
09:10:16.0328 3960  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:10:16.0328 3960  WZCSVC - ok
09:10:16.0359 3960  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:10:16.0359 3960  xmlprov - ok
09:10:16.0375 3960  ================ Scan global ===============================
09:10:16.0406 3960  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:10:16.0437 3960  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
09:10:16.0453 3960  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
09:10:16.0468 3960  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:10:16.0484 3960  [Global] - ok
09:10:16.0484 3960  ================ Scan MBR ==================================
09:10:16.0500 3960  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:10:16.0703 3960  \Device\Harddisk0\DR0 - ok
09:10:16.0703 3960  ================ Scan VBR ==================================
09:10:16.0703 3960  [ 7D8005B11FC674FCF13E25AC09F699D8 ] \Device\Harddisk0\DR0\Partition1
09:10:16.0703 3960  \Device\Harddisk0\DR0\Partition1 - ok
09:10:16.0734 3960  [ 7B7FC8091EEBE9B7312428B96F9C5568 ] \Device\Harddisk0\DR0\Partition2
09:10:16.0734 3960  \Device\Harddisk0\DR0\Partition2 - ok
09:10:16.0765 3960  [ FBE1768993D2A920266FB1E1025ECE00 ] \Device\Harddisk0\DR0\Partition3
09:10:16.0765 3960  \Device\Harddisk0\DR0\Partition3 - ok
09:10:16.0781 3960  [ 91378F81B6E112CD1524AB1F78E67FE7 ] \Device\Harddisk0\DR0\Partition4
09:10:16.0781 3960  \Device\Harddisk0\DR0\Partition4 - ok
09:10:16.0781 3960  ============================================================
09:10:16.0781 3960  Scan finished
09:10:16.0781 3960  ============================================================
09:10:16.0812 1064  Detected object count: 0
09:10:16.0812 1064  Actual detected object count: 0
09:10:27.0906 1592  Deinitialize success
 

MBAR mbar-log.txt :

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.07.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GEETHA [administrator]

8/13/2013 9:14:00 AM
mbar-log-2013-08-13 (09-14-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 203821
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

MBAR system-log.txt :

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.999000 GHz
Memory total: 1005891584, free: 558526464

Initializing...
------------ Kernel report ------------
     08/13/2013 09:13:51
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
uagp35.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\sisgrp.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\drivers\Senfilt.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\srvkp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\SiSGRV.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR8
Upper Device Object: 0xffffffff85f19030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff85d10ea0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR7
Upper Device Object: 0xffffffff859ca030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006b\
Lower Device Object: 0xffffffff85eaf990
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR6
Upper Device Object: 0xffffffff859b1ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006a\
Lower Device Object: 0xffffffff85cc1d08
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR5
Upper Device Object: 0xffffffff85f971d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000069\
Lower Device Object: 0xffffffff85eb1ea0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff861caab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-10\
Lower Device Object: 0xffffffff861cfd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff861caab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8617de08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff861caab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8617e9e8, DeviceName: \Device\00000061\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff861cfd98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-10\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1A471A46

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 61432497
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 61432560  Numsec = 251128080

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff85f971d0, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85d3d848, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85f971d0, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85eb1ea0, DeviceName: \Device\00000069\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff859b1ab8, DeviceName: \Device\Harddisk2\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85eb33d8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff859b1ab8, DeviceName: \Device\Harddisk2\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85cc1d08, DeviceName: \Device\0000006a\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff859ca030, DeviceName: \Device\Harddisk3\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85d2f848, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff859ca030, DeviceName: \Device\Harddisk3\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85eaf990, DeviceName: \Device\0000006b\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff85f19030, DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85d37b60, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85f19030, DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85d10ea0, DeviceName: \Device\0000006c\, DriverName: \Driver\usbstor\
------------ End ----------
Read File:  File "c:\documents and settings\all users\application data\avg2013\chjw\7490ab5a90ab219a.dat:a21f692c-9f3b-416e-bf1d-800e0cb08c70" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Non-administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.999000 GHz
Memory total: 1005891584, free: 496484352

=======================================
 

ComboFix's report :

ComboFix 13-08-12.01 - Administrator 08/13/2013  10:08:09.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.959.389 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\g2mdlhlpx.exe
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\hr
c:\documents and settings\All Users\Application Data\AMMYY\hr3
c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\39ba3dad71dfa768.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7176d2af9b4d910c.fb
c:\windows\system32\Cache\a137c12cda373f2a.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b16f1d9d1a3aa6cd.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BROWSERDEFENDERT
-------\Service_BrowserDefendert
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-13 to 2013-08-13  )))))))))))))))))))))))))))))))
.
.
2013-08-13 04:25 . 2013-08-13 04:25    --------    d-----w-    c:\documents and settings\Administrator\Qtrax
2013-08-13 04:22 . 2013-08-13 04:22    --------    d-----w-    c:\documents and settings\Administrator\Application Data\0D0S1L2Z1P1B0T1P1B2Z
2013-08-13 04:22 . 2013-08-13 04:22    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo!
2013-08-13 04:22 . 2013-08-13 04:22    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo! Companion
2013-08-13 04:22 . 2013-08-13 04:22    --------    d-----w-    c:\program files\Yahoo!
2013-08-13 04:22 . 2013-08-13 04:22    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Yahoo!
2013-08-13 04:21 . 2013-08-13 04:21    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Tepfel
2013-08-13 04:21 . 2013-08-13 04:21    --------    d-----w-    c:\program files\Tepfel
2013-08-13 04:21 . 2013-08-13 04:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\BrowserDefender
2013-08-13 04:20 . 2013-08-13 04:20    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-08-13 04:20 . 2013-08-13 04:20    --------    d-----w-    c:\documents and settings\Administrator\Application Data\BabSolution
2013-08-13 04:17 . 2013-08-13 04:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\Tarma Installer
2013-08-13 04:17 . 2013-08-13 04:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\Babylon
2013-08-13 04:17 . 2013-08-13 04:17    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Babylon
2013-08-13 04:16 . 2013-08-13 04:16    --------    d-----w-    c:\documents and settings\Administrator\Application Data\DSite
2013-08-13 04:16 . 2013-08-13 04:16    --------    d-----w-    c:\program files\MiPony
2013-08-13 03:43 . 2013-08-13 03:55    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-25 00:58 . 2013-07-25 00:58    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Oracle
2013-07-25 00:41 . 2013-07-25 00:40    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-07-25 00:41 . 2013-07-25 00:40    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-23 16:31 . 2013-07-23 16:33    --------    d-----w-    c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-25 00:40 . 2012-06-07 12:28    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-25 00:40 . 2010-12-25 12:11    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-13 00:23 . 2012-04-13 23:24    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-13 00:23 . 2012-02-05 14:13    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-07 21:56 . 2004-08-04 07:56    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 07:56    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 07:56    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-06-07 18:25 . 2004-08-04 05:59    385024    ----a-w-    c:\windows\system32\html.iec
2013-06-04 07:23 . 2004-08-04 07:56    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 06:17    1876736    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"NTRedirect"="c:\documents and settings\Administrator\Application Data\BabSolution\Shared\NTRedirect.dll" [2013-08-04 127472]
"WebCake Desktop"="c:\documents and settings\Administrator\Application Data\Tepfel\WebCakeDesktop.exe" [2013-08-10 52504]
"QtraxNotification"="c:\documents and settings\Administrator\Qtrax\Player\Notification.exe" [2013-08-13 118568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"SiSPower"="SiSPower.dll" [2007-04-11 53248]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-10 3147384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 4.lnk - c:\program files\OLYMPUS\DeviceDetector\DeviceDetector4.exe [2010-6-10 401408]
Directrec Configuration Tool.lnk - c:\program files\OLYMPUS\DirectrecConfig\DirectrecConfigurationTool.exe /h [2010-6-10 2371584]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2010-12-25 262144]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"avast5"=c:\progra~1\ALWILS~1\Avast5\avastUI.exe /nogui
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OLYMPUS\\DSSPlayerStandard\\DictationModule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 164832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]
R2 WebCakeUpdater;WebCakeUpdater;c:\program files\Tepfel\WebCakeDesktop.Updater.exe [8/13/2013 9:51 AM 51992]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/21/2013 9:53 AM 162408]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 Olympus DVR Service;Olympus DVR Service;c:\program files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [5/14/2010 1:28 PM 176128]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 00:23]
.
2013-08-13 c:\windows\Tasks\BrowserDefendert.job
- c:\windows\system32\sc.exe [2001-08-23 10:39]
.
2013-08-13 c:\windows\Tasks\EPUpdater.job
- c:\docume~1\ADMINI~1\APPLIC~1\BABSOL~1\Shared\BabMaint.exe [2013-08-13 14:04]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-413027322-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-23 15:30]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-413027322-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-23 15:30]
.
.
------- Supplementary Scan -------
.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cameoindia.com\tcsd
Trusted Zone: cameomedtrans.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search

FF - ExtSQL: 2013-06-20 21:24; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-08-13 09:51; plugin@getwebcake.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\extensions\plugin@getwebcake.com
FF - user.js: extentions.webcake.installId - f1a257c5-d0e8-4ca2-9545-749d819380c4
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Random House Webster's Unabridged Dictionary - c:\program files\Random House
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-13 10:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-500\Software\DataMngr_Toolbar]
@Denied: (2) (Administrator)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4020)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-08-13  10:17:31 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-13 04:47
.
Pre-Run: 14,511,951,872 bytes free
Post-Run: 14,462,337,024 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 499340CCF7C47BB4EA1535A290AD0B22
8F558EB6672622401DA993E1E865C861
 

 

Malware scan (found 20 threats) :

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.12.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GEETHA [administrator]

8/13/2013 2:13:17 PM
mbam-log-2013-08-13 (14-13-17).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Startup | P2P
Objects scanned: 249359
Time elapsed: 35 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Documents and Settings\Administrator\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Files Detected: 15
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP727\A0333200.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP745\A0338284.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP745\A0338287.exe (PUP.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP745\A0338297.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP747\A0338375.dll (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP747\A0338376.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP747\A0338377.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP747\A0338391.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP747\A0338392.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(end)
 

 

Malware scan (0 threats) :

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.12.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GEETHA [administrator]

8/13/2013 2:55:37 PM
mbam-log-2013-08-13 (14-55-37).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Startup | P2P
Objects scanned: 246280
Time elapsed: 24 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

Hello Ssekar111 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
• Do not use the computer during the scan
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

• TDSSKiller's logfile
• MBAR mbar-log.txt and system-log.txt
• ComboFix's report (C:\ComboFix.txt)
• Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)

-DFB

 

[D-FRED-BROWN]

Do you have the Security Check log as well?

[Ssekar111]

  Nope.  Mom wasn't able to open the page and download the file.  I can ask her to try it again.

 

  Sarat..

 

Do you have the Security Check log as well?

[D-FRED-BROWN]

The page is up and running. Let me know if she still can't get it.

[Ssekar111]

  Thanks.  She got the file and ran it.  The log is given below.  Everything seems to be running smoothly with no warnings.  She was wondering if it was safe to pay bills online now or should she run more checks.

 

  Sarat..

 

   Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java DB 10.5.3.0   
 Java 7 Update 25  
 Java SE Development Kit 6 Update 18
 Adobe Flash Player     11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 22.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

The page is up and running. Let me know if she still can't get it.

[D-FRED-BROWN]

We're making progress.

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  • Main Mirror
• Save it to your desktop.
• Double click on the OTL icon on your desktop.
• Click the "Scan All Users" checkbox.
• Change the "Extra Registry" option to "SafeList"
• Push the Run Scan button.
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

[Ssekar111]

  Steps 1, 2 and 4 were done.  Mom was not able to do Step 3.  She says that nothing happened after hitting the 'Run Scan' button and she could not even close the program.  She had to use Task Manager to kill it every time.

 

  Thanks,

 

  Sarat..

 

  Below are the logs :

 

  ADW Cleaner log :

# AdwCleaner v2.306 - Logfile created 08/15/2013 at 12:06:05
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - GEETHA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [search]


***** [services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\bProtector_extensions.rdf
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Administrator\Application Data\DSite
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKU\S-1-5-21-1644491937-413027322-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1644491937-413027322-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702




-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\prefs.js

Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.order.1", "Delta Search");

Found : user_pref("searchreset.backup.browser.search.defaultenginename", "Ask.com");

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6235 octets] - [15/08/2013 12:06:05]

########## EOF - C:\AdwCleaner[R1].txt - [6295 octets] ##########
 

  JRT Log :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Thu 08/15/2013 at 12:10:55.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\dsite"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\8cjezskd.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\8cjezskd.default\invalidprefs.js
Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\8cjezskd.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.order.1", "Delta Search");

user_pref("searchreset.backup.browser.search.defaultenginename", "Ask.com");
Emptied folder: C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\8cjezskd.default\minidumps [10 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/15/2013 at 12:14:10.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  ESET log :

C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP745\A0338286.dll    probably a variant of Win32/Adware.Yontoo.A application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{0596C04F-2C7E-4720-87A3-FE5ED17BB74A}\RP745\A0338294.dll    probably a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
 

 

We're making progress.

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  • Main Mirror
• Save it to your desktop.
• Double click on the OTL icon on your desktop.
• Click the "Scan All Users" checkbox.
• Change the "Extra Registry" option to "SafeList"
• Push the Run Scan button.
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

[D-FRED-BROWN]

 

Mom was not able to do Step 3.  She says that nothing happened after hitting the 'Run Scan' button and she could not even close the program.  She had to use Task Manager to kill it every time.

Try running it in Safe Mode: http://windows.microsoft.com/en-us/windows/start-computer-safe-mode

[Ssekar111]

  Sorry.. am out of town and trying to get Mom to follow instructions. 

 

Try running it in Safe Mode: http://windows.microsoft.com/en-us/windows/start-computer-safe-mode

[D-FRED-BROWN]

No problem. Take all the time you need.

[Ssekar111]

  Asked my mom to boot in safe mode.  She has never done it before and she uses the computer for her online work and doesn't want to boot it in safe mode in case something goes wrong and she can't come back online for her work.

 

  Is it possible to do this without safe mode or do something else?

 

  Sarat..

No problem. Take all the time you need.

[D-FRED-BROWN]

 

  Asked my mom to boot in safe mode.  She has never done it before and she uses the computer for her online work and doesn't want to boot it in safe mode in case something goes wrong and she can't come back online for her work.

Safe Mode will do absolutely nothing wrong to the computer.

[Ssekar111]

  Mom tried it in safe mode and ran the scan.  Again nothing happened and she had to kill the program using Task Manager.

 

  Sarat..

Safe Mode will do absolutely nothing wrong to the computer.

[D-FRED-BROWN]

Okay just move on to Step 4

[Ssekar111]

  Mom did.  No threats were found and there was no list.

 

  Did that do it?  My mom feels that everything is ok and there are no warnings coming up in AVG and in Anti-Malware and that all the infected files were either removed or quarantined.

 

  Sarat..

Okay just move on to Step 4

[D-FRED-BROWN]

See if you can successfully run OTL now. We still need to verify there isn't anything that we missed- the steps we're taking are helping us do that.

[Ssekar111]

  Mom ran the OTL successfully now.  Below are the logs.

 

  Thanks,

 

  Sarat..

 

  a)  OTL Log file

 

OTL logfile created on: 8/28/2013 12:18:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
959.29 Mb Total Physical Memory | 324.84 Mb Available Physical Memory | 33.86% Memory free
2.26 Gb Paging File | 1.82 Gb Available in Paging File | 80.58% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 13.21 Gb Free Space | 45.08% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 28.69 Gb Free Space | 73.46% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 6.92 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
Drive F: | 41.63 Gb Total Space | 13.76 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
 
Computer Name: GEETHA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/28 12:13:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/07/25 06:10:54 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2010/06/10 12:59:30 | 000,401,408 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe
PRC - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/11 03:05:42 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/08/22 07:45:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/17 06:33:53 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/25 06:10:54 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/05/14 13:28:44 | 000,176,128 | ---- | M] (OLYMPUS IMAGING CORP.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe -- (Olympus DVR Service)
SRV - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2007/04/11 11:30:16 | 000,018,304 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/04/11 11:09:08 | 000,321,024 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/08/15 05:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/03/18 01:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1644491937-413027322-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.smartdoc.com/
IE - HKU\S-1-5-21-1644491937-413027322-682003330-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1644491937-413027322-682003330-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1644491937-413027322-682003330-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1644491937-413027322-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: admin%40indiarailinfo.com:4.98
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2010/12/25 10:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/08/15 11:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\extensions
[2012/05/14 18:53:37 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/04/10 18:41:37 | 000,049,681 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\extensions\admin@indiarailinfo.com.xpi
[2013/08/15 11:47:21 | 000,534,203 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/08/04 16:46:02 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/17 06:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/17 06:33:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 06:33:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/08/17 06:33:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/08/17 06:33:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/17 06:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 06:33:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 06:33:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/01/24 19:20:01 | 000,003,591 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.co.in/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: LukasHudec = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifdgcflnbjihdfafceknjpidanddhnjb\3_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/13 10:14:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 4.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk = C:\Program Files\OLYMPUS\DirectrecConfig\DirectrecConfigurationTool.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-413027322-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-413027322-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-413027322-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-413027322-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1644491937-413027322-682003330-500\..Trusted Domains: cameoindia.com ([tcsd] https in Trusted sites)
O15 - HKU\S-1-5-21-1644491937-413027322-682003330-500\..Trusted Domains: cameomedtrans.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D89EADF-A8E5-49D7-B6EB-983B11D48EF7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 09:26:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/28 12:13:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/08/28 06:17:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/08/25 06:27:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/08/21 15:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Varalakshmi Amman Photos
[2013/08/21 08:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\varalakshmi nonbu pictures
[2013/08/20 14:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Attachments_2013820
[2013/08/17 06:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/15 14:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/08/15 12:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/15 12:10:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/15 11:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Malware removal
[2013/08/13 10:18:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/13 10:07:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/13 10:01:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/13 10:01:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/13 10:01:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/13 10:01:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/13 10:00:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/08/13 10:00:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/13 10:00:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/13 09:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/08/13 09:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2013/08/13 09:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2013/08/13 09:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/08/13 09:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/08/13 09:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/28 12:13:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/08/28 11:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/28 11:22:05 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-413027322-682003330-500UA.job
[2013/08/28 08:10:31 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IScriptor.lnk
[2013/08/28 06:11:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/26 09:07:08 | 000,000,462 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aug 26-Sep 25.lnk
[2013/08/26 09:01:21 | 000,001,048 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
[2013/08/26 08:56:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/23 12:17:31 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/08/22 21:14:59 | 000,000,010 | ---- | M] () -- C:\WINDOWS\SEMD.bkm
[2013/08/22 07:45:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/22 07:45:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/22 07:45:51 | 017,737,608 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/08/21 08:39:54 | 003,167,931 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Varalakshmi Amman Photos.zip
[2013/08/21 08:15:26 | 003,451,167 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\varalakshmi nonbu pictures.zip
[2013/08/21 07:31:18 | 000,002,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/20 20:11:27 | 000,000,010 | ---- | M] () -- C:\WINDOWS\RHUD.bkm
[2013/08/20 14:29:17 | 009,497,414 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Attachments_2013820.zip
[2013/08/20 08:21:38 | 000,000,010 | ---- | M] () -- C:\WINDOWS\SAAS.bkm
[2013/08/17 09:25:48 | 000,000,010 | ---- | M] () -- C:\WINDOWS\SNNW.bkm
[2013/08/16 05:22:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-413027322-682003330-500Core.job
[2013/08/15 09:04:44 | 000,442,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 09:04:44 | 000,072,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/13 10:14:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/13 10:07:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/07 11:21:25 | 000,000,010 | ---- | M] () -- C:\WINDOWS\SGIG.bkm
[2013/08/03 07:11:56 | 000,000,010 | ---- | M] () -- C:\WINDOWS\SRAD.bkm
[2013/08/01 09:08:29 | 000,000,010 | ---- | M] () -- C:\WINDOWS\SEQU.bkm
[2013/07/31 15:11:22 | 000,810,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmod.dll
[2013/07/31 15:11:22 | 000,810,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmod.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/26 09:07:08 | 000,000,462 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Aug 26-Sep 25.lnk
[2013/08/23 12:17:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/08/21 08:39:04 | 003,167,931 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Varalakshmi Amman Photos.zip
[2013/08/21 08:14:31 | 003,451,167 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\varalakshmi nonbu pictures.zip
[2013/08/20 14:22:21 | 009,497,414 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Attachments_2013820.zip
[2013/08/13 10:07:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/13 10:07:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/13 10:01:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/13 10:01:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/13 10:01:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/13 10:01:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/13 10:01:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/12 15:46:38 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
[2012/02/15 10:01:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/25 20:18:32 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/25 17:48:59 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2010/12/25 17:38:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 17:40:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 

  b)  OTL Extras Log :

OTL Extras logfile created on: 8/28/2013 12:18:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
959.29 Mb Total Physical Memory | 324.84 Mb Available Physical Memory | 33.86% Memory free
2.26 Gb Paging File | 1.82 Gb Available in Paging File | 80.58% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 13.21 Gb Free Space | 45.08% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 28.69 Gb Free Space | 73.46% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 6.92 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
Drive F: | 41.63 Gb Total Space | 13.76 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
 
Computer Name: GEETHA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\OLYMPUS\DSSPlayerStandard\DictationModule.exe" = C:\Program Files\OLYMPUS\DSSPlayerStandard\DictationModule.exe:*:Enabled:DSS Player Pro - DM -- (OLYMPUS IMAGING CORP.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{15CC861C-C69E-3758-8961-CE304C2595B6}" = Google Talk Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java SE Development Kit 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBB226E-2289-4D29-8E5C-1331E7D71ED9}" = AVG 2013
"{CD3F7CC6-A9C8-4A4A-AD0D-2B6926701F9B}" = IScriptor
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E06D2E1B-2AC2-4963-8BA6-76DCEBAF2B36}" = Olympus DSS Player Standard
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"Examine32_is1" = Examine32 v4.13 (evaluation version)
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Picasa 3" = Picasa 3
"Scribe" = Express Scribe Uninstall
"SiS VGA Driver" = SiS VGA Utilities
"Sony Player Plug-in for Windows Media Player" = Sony Player Plug-in for Windows Media Player
"Stedman's Abbreviations" = Stedman's Abbreviations, Acronyms & Symbols 1.0
"Stedman's Cardiovascular & Pulmonary Words" = Stedman's Cardiovascular & Pulmonary Words 1.0
"Stedman's Electronic Medical Dictionary 5.0" = Stedman's Electronic Medical Dictionary 6.0
"Stedman's Emergency Medicine Words" = Stedman's Emergency Medicine Words 1.0
"Stedman's Equipment Words" = Stedman's Equipment Words 1.0
"Stedman's GI & GU Words" = Stedman's GI & GU Words 1.0
"Stedman's Neurology & Neurosurgery Words 3E" = Stedman's Neurology & Neurosurgery Words 3E 1.0
"Stedman's Ophthalmology Words 3E" = Stedman's Ophthalmology Words 3E 1.0
"Stedman's Organism's & Infectious Disease Words" = Stedman's Organism's & Infectious Disease Words 1.0
"Stedman's Orthopaedic & Rehab Words" = Stedman's Orthopaedic & Rehab Words 1.0
"Stedman's Pathology & Lab Medicine Words" = Stedman's Pathology & Lab Medicine Words 1.0
"Stedman's Radiology & Oncology Words" = Stedman's Radiology & Oncology Words 1.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1644491937-413027322-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"magicJack" = magicJack
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/24/2013 7:11:17 AM | Computer Name = GEETHA | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 7/27/2013 4:53:53 AM | Computer Name = GEETHA | Source = Application Hang | ID = 1002
Description = Hanging application IScriptorLoader.exe, version 1.0.2433.21761, hang
 module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 8/15/2013 2:50:42 AM | Computer Name = GEETHA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 8/15/2013 2:52:39 AM | Computer Name = GEETHA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 8/15/2013 2:58:20 AM | Computer Name = GEETHA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 8/15/2013 3:00:47 AM | Computer Name = GEETHA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 8/15/2013 4:17:28 AM | Computer Name = GEETHA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 8/15/2013 9:48:15 PM | Computer Name = GEETHA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 8/27/2013 8:44:20 PM | Computer Name = GEETHA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 8/28/2013 2:47:45 AM | Computer Name = GEETHA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 8/25/2013 11:27:04 PM | Computer Name = GEETHA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 8/26/2013 8:30:40 AM | Computer Name = GEETHA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
 address 001A4DDEE1E8 has been  denied by the DHCP server 0.0.0.0 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 8/26/2013 8:31:03 AM | Computer Name = GEETHA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 8/26/2013 7:58:18 PM | Computer Name = GEETHA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
 address 001A4DDEE1E8 has been  denied by the DHCP server 0.0.0.0 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 8/26/2013 7:58:39 PM | Computer Name = GEETHA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 8/27/2013 9:15:19 AM | Computer Name = GEETHA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
 address 001A4DDEE1E8 has been  denied by the DHCP server 0.0.0.0 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 8/27/2013 9:15:37 AM | Computer Name = GEETHA | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 8/27/2013 9:15:38 AM | Computer Name = GEETHA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 8/27/2013 8:41:21 PM | Computer Name = GEETHA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
 address 001A4DDEE1E8 has been  denied by the DHCP server 0.0.0.0 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 8/27/2013 8:41:45 PM | Computer Name = GEETHA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
 
< End of report >
 

 

See if you can successfully run OTL now. We still need to verify there isn't anything that we missed- the steps we're taking are helping us do that.

[D-FRED-BROWN]

Still have a little more to do, but we're nearly there.

----------Step 1----------------
We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :OTL
  [2010/12/25 17:38:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
   
  [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
   
  [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
   
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Apartment
   
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 17:40:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Free
   
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Both
  
  [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

   

  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------
Instructions for DELETE:

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

[Ssekar111]

  Sorry, mom has a question.  Does she have to copy-paste the entire thing in the quoted portion?

 

  Thanks,

 

  Sarat..

 

Still have a little more to do, but we're nearly there.

----------Step 1----------------
We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
   
• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------
Instructions for DELETE:

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

[D-FRED-BROWN]

Yes, please do.

[Ssekar111]

  Here are the log files :

 

  Thanks,

 

  Sarat..

 

  a)  08312013_044717.log

All processes killed
========== OTL ==========
C:\WINDOWS\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 22170680 bytes
->Temporary Internet Files folder emptied: 1628441 bytes
->Java cache emptied: 892586 bytes
->FireFox cache emptied: 79965689 bytes
->Google Chrome cache emptied: 114122409 bytes
->Flash cache emptied: 2872707 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33084 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2832101 bytes
 
Total Files Cleaned = 214.00 mb
 
 
[EMPTYJAVA]
 
User: Administrator
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08312013_044717

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

  b)  AdwCleaner[s1].txt

 

# AdwCleaner v2.306 - Logfile created 08/31/2013 at 04:55:20
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - GEETHA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\Malware removal\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\bProtector_extensions.rdf
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0.1 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8cjezskd.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v29.0.1547.62

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6364 octets] - [15/08/2013 12:06:05]
AdwCleaner[s1].txt - [2981 octets] - [31/08/2013 04:55:20]

########## EOF - C:\AdwCleaner[s1].txt - [3041 octets] ##########
 

 

Yes, please do.

[D-FRED-BROWN]

I'd say you're clean.

Now that your system is clean, please take the time to install the following updates. Using outdated applications leaves you vulnerable to getting infected again.

-----

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.
Once old versions are gone, please install the newest version.

 

-----

 

Firefox is out of date.  Using an outdated version of a web browser leaves you extremely vulnerable to malware!
Please visit Mozilla site  and update it to the latest version.

 

-----

Let me know how the updates go, as failed updates may indicate additional malware.

[Ssekar111]

  Thank you.  I'll let you know how the updates went.

 

  Sarat..

 

I'd say you're clean.

Now that your system is clean, please take the time to install the following updates. Using outdated applications leaves you vulnerable to getting infected again.

-----

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.
Once old versions are gone, please install the newest version.

 

-----

 

Firefox is out of date.  Using an outdated version of a web browser leaves you extremely vulnerable to malware!
Please visit Mozilla site  and update it to the latest version.

 

-----

Let me know how the updates go, as failed updates may indicate additional malware.