TechSpot

[A] Help to remove Sirefef.Y virus

Inactive
By aman_badyal
Jun 19, 2012
  1. I've got the Sirefef.Y virus on my Win 7 x64 laptop like others have reported recently and would appreciate your help in getting rid of it. The FRST log is below. The Search Log is in a new post.

    FRST Scan Log:

    Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
    Ran by SYSTEM at 19-06-2012 20:33:05
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-01-09] (IDT, Inc.)
    HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-10-31] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-05] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [169528 2011-06-30] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-13] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1104440 2012-06-12] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
    HKU\Navi\...\Run: [Google Update] "C:\Users\Navi\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-08] (Google Inc.)
    HKU\Navi\...\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon [772096 2009-06-18] (Sony Ericsson Mobile Communications AB)
    HKU\Navi\...\Run: [wecrer] rundll32.exe "C:\Users\Navi\AppData\Roaming\wecrer.dll",HrIndexOfMonth [115200 2012-06-16] (Duplex Secure Ltd.)
    HKU\Navi\...\Run: [PSFactoryBuffer] "C:\Users\Navi\AppData\Local\PSFactoryBuffer\PSFactoryBuffer.exe" /y [x]
    HKU\Navi\...\Run: [mgxtis] "C:\Windows\System32\rundll32.exe" "C:\Users\Navi\AppData\Roaming\mgxtis.dll",CountEntries [334848 2012-06-19] (M-Audio)
    Tcpip\Parameters: [DhcpNameServer] 192.168.101.2 192.168.101.1 192.168.101.11

    ==================== Services (Whitelisted) ======

    2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2391832 2011-11-22] (AVG Technologies CZ, s.r.o.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-11] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-01] (AVG Technologies CZ, s.r.o.)
    2 ezSharedSvc; C:\Windows\SysWow64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS)
    2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
    2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [35200 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
    2 vToolbarUpdater11.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-12] ()

    ========================== Drivers (Whitelisted) =============

    1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
    3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-10] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-10] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-06] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-07] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-12] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-10] (AVG Technologies CZ, s.r.o.)
    3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2010-07-28] (CyberLink Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
    3 RTL8192Ce; C:\Windows\System32\Drivers\RTL8192Ce.sys [878184 2012-06-04] (Realtek Semiconductor Corporation )
    3 s1018bus; C:\Windows\System32\Drivers\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
    3 s1018mdfl; C:\Windows\System32\Drivers\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
    3 s1018mdm; C:\Windows\System32\Drivers\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
    3 s1018mgmt; C:\Windows\System32\Drivers\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
    3 s1018nd5; C:\Windows\System32\Drivers\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
    3 s1018obex; C:\Windows\System32\Drivers\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
    3 s1018unic; C:\Windows\System32\Drivers\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-19 09:32 - 2012-06-19 09:32 - 00000151 ____A C:\Users\Navi\Documents\am.txt
    2012-06-19 09:27 - 2012-06-19 10:29 - 00684402 ____A C:\Windows\ntbtlog.txt
    2012-06-19 09:09 - 2012-06-19 09:09 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-19 09:08 - 2012-06-19 09:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-19 09:08 - 2012-06-19 09:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-19 09:07 - 2012-06-19 09:08 - 12621696 ____A (Microsoft Corporation) C:\Users\Navi\Downloads\mseinstall.exe
    2012-06-19 08:27 - 2012-06-19 08:27 - 00000000 ____D C:\Users\Navi\AppData\Roaming\Malwarebytes
    2012-06-19 08:27 - 2012-06-19 08:27 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-19 08:27 - 2012-06-19 08:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-19 08:27 - 2012-06-19 06:47 - 10063000 ____A (Malwarebytes Corporation ) C:\mbam-setup-1.61.0.1400.exe
    2012-06-19 08:27 - 2012-04-04 06:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-19 07:00 - 2012-06-19 08:53 - 00000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
    2012-06-19 07:00 - 2012-06-19 07:00 - 26853544 ____A (GridinSoft LLC) C:\Users\Navi\Downloads\gtk2121-setup.exe
    2012-06-19 06:54 - 2012-06-19 06:54 - 00334848 ____A (M-Audio) C:\Users\Navi\AppData\Roaming\mgxtis.dll
    2012-06-19 06:54 - 2012-06-19 06:54 - 00000000 ____D C:\Users\Navi\AppData\Local\{A3744D09-BA1E-11E1-8270-B8AC6F996F26}
    2012-06-16 07:37 - 2012-06-16 07:37 - 00000355 ____A C:\Users\Navi\Desktop\Computer - Shortcut.lnk
    2012-06-16 06:28 - 2012-06-16 06:28 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-16 06:24 - 2012-06-16 06:24 - 00115200 __ASH (Duplex Secure Ltd.) C:\Users\Navi\AppData\Roaming\wecrer.dll
    2012-06-14 12:52 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 12:52 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 12:52 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 12:52 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 12:52 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 12:52 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 12:52 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 12:52 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 12:52 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 12:52 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 12:52 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 12:52 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 12:52 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 12:52 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 12:52 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 12:52 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 12:52 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 12:52 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 12:52 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 12:52 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 12:52 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 12:52 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 12:52 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 12:52 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 12:52 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 12:52 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 12:52 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 12:52 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 01:54 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 01:54 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 01:54 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 01:54 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 01:54 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 01:54 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 01:54 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 01:54 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 01:54 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 01:54 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 01:54 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 01:54 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 01:54 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 01:54 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 01:54 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 01:54 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 01:54 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-12 01:15 - 2012-06-12 01:15 - 11954826 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_543 (1).mp3
    2012-06-12 01:06 - 2012-06-12 01:06 - 11954826 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_543.mp3
    2012-06-09 04:38 - 2012-06-09 04:38 - 00206066 ____A C:\Users\Navi\Downloads\Tirabad___Year_8_Course_21___28_September_2012.pdf
    2012-06-09 00:36 - 2012-06-09 00:36 - 03121674 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_497.mp3
    2012-06-08 02:40 - 2012-06-08 02:40 - 13854328 ____A C:\Users\Navi\Downloads\VWWSetup.exe
    2012-06-08 02:40 - 2012-06-08 02:40 - 00000000 ____D C:\Program Files (x86)\Utherverse Digital Inc
    2012-06-06 23:46 - 2012-06-06 23:53 - 07708257 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_678.mp3
    2012-06-06 23:42 - 2012-06-06 23:49 - 01309928 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_678.mp3
    2012-06-06 03:15 - 2012-06-06 03:16 - 11988472 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_670_ (1).mp3
    2012-06-06 03:10 - 2012-06-06 03:10 - 11988472 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_670_.mp3
    2012-06-03 23:01 - 2012-06-03 23:01 - 19703057 ____A C:\Users\Navi\Downloads\joined (7).mp3
    2012-06-03 14:40 - 2012-06-03 14:40 - 05675824 ____A C:\Users\Navi\Downloads\Navdeep Kaur An Application.pdf
    2012-06-03 10:58 - 2012-06-03 10:58 - 00000000 ____D C:\Users\Navi\AppData\Local\Wild Tangent
    2012-06-01 22:52 - 2012-06-01 22:52 - 11840201 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_634 (2).mp3
    2012-06-01 22:50 - 2012-06-01 22:51 - 11840201 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_634 (1).mp3
    2012-06-01 22:50 - 2012-06-01 22:50 - 11840201 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_634.mp3
    2012-06-01 15:16 - 2012-06-01 15:16 - 00000000 ____D C:\Users\Navi\AppData\Local\{CC6D368C-4B8A-4CEF-969E-1E2486F4E6C5}
    2012-06-01 15:15 - 2012-06-01 15:16 - 00000000 ____D C:\Users\Navi\AppData\Local\{8CB7DBB6-FC66-4478-8A75-4979FFC04B4C}
    2012-05-27 00:45 - 2012-05-27 00:45 - 02164446 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_517 (3).mp3
    2012-05-27 00:44 - 2012-05-27 00:44 - 02164446 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_517.mp3
    2012-05-27 00:44 - 2012-05-27 00:44 - 02164446 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_517 (2).mp3
    2012-05-27 00:44 - 2012-05-27 00:44 - 02164446 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_517 (1).mp3
    2012-05-27 00:29 - 2012-05-27 00:30 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (6).mp3
    2012-05-27 00:29 - 2012-05-27 00:29 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (5).mp3
    2012-05-27 00:29 - 2012-05-27 00:29 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (4).mp3
    2012-05-27 00:29 - 2012-05-27 00:29 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (3).mp3
    2012-05-27 00:26 - 2012-05-27 00:27 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (2).mp3
    2012-05-27 00:26 - 2012-05-27 00:26 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489.mp3
    2012-05-27 00:26 - 2012-05-27 00:26 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (1).mp3


    ============ 3 Months Modified Files and Folders =============

    2012-06-19 20:33 - 2012-06-19 20:32 - 00000000 ____D C:\FRST
    2012-06-19 10:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-19 10:43 - 2009-07-13 20:51 - 00064833 ____A C:\Windows\setupact.log
    2012-06-19 10:42 - 2012-01-08 10:19 - 3735977984 __ASH C:\pagefile.sys
    2012-06-19 10:42 - 2011-11-25 01:12 - 2801983488 __ASH C:\hiberfil.sys
    2012-06-19 10:41 - 2012-01-11 03:57 - 00000000 __SHD C:\Users\Navi\AppData\Local\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}
    2012-06-19 10:29 - 2012-06-19 09:27 - 00684402 ____A C:\Windows\ntbtlog.txt
    2012-06-19 10:20 - 2012-01-14 15:12 - 00000000 ____D C:\Users\Navi\AppData\Local\CrashDumps
    2012-06-19 09:58 - 2012-01-08 06:04 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-956735876-591256918-681856697-1001UA.job
    2012-06-19 09:32 - 2012-06-19 09:32 - 00000151 ____A C:\Users\Navi\Documents\am.txt
    2012-06-19 09:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
    2012-06-19 09:17 - 2011-11-25 01:01 - 00000000 ____D C:\Users\All Users\Norton
    2012-06-19 09:17 - 2011-07-15 21:08 - 00000000 __SHD C:\System Volume Information
    2012-06-19 09:17 - 2010-11-20 19:47 - 00403952 ____A C:\Windows\PFRO.log
    2012-06-19 09:17 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
    2012-06-19 09:15 - 2011-11-25 00:41 - 02044746 ____A C:\Windows\WindowsUpdate.log
    2012-06-19 09:13 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-19 09:13 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-19 09:09 - 2012-06-19 09:09 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-19 09:09 - 2012-04-29 05:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-19 09:08 - 2012-06-19 09:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-19 09:08 - 2012-06-19 09:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-19 09:08 - 2012-06-19 09:07 - 12621696 ____A (Microsoft Corporation) C:\Users\Navi\Downloads\mseinstall.exe
    2012-06-19 09:08 - 2011-11-25 00:48 - 00789006 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-19 09:08 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files
    2012-06-19 09:00 - 2012-05-08 11:11 - 00000000 ____D C:\Program Files (x86)\I Want This
    2012-06-19 09:00 - 2012-04-01 10:17 - 00000000 ____D C:\Users\All Users\TheBflix
    2012-06-19 09:00 - 2012-04-01 04:56 - 00000000 ____D C:\Users\All Users\Codecv
    2012-06-19 08:53 - 2012-06-19 07:00 - 00000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
    2012-06-19 08:27 - 2012-06-19 08:27 - 00000000 ____D C:\Users\Navi\AppData\Roaming\Malwarebytes
    2012-06-19 08:27 - 2012-06-19 08:27 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-19 08:27 - 2012-06-19 08:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-19 08:27 - 2009-07-13 19:20 - 00000000 ___HD C:\ProgramData
    2012-06-19 07:00 - 2012-06-19 07:00 - 26853544 ____A (GridinSoft LLC) C:\Users\Navi\Downloads\gtk2121-setup.exe
    2012-06-19 06:58 - 2012-01-08 06:04 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-956735876-591256918-681856697-1001Core.job
    2012-06-19 06:54 - 2012-06-19 06:54 - 00334848 ____A (M-Audio) C:\Users\Navi\AppData\Roaming\mgxtis.dll
    2012-06-19 06:54 - 2012-06-19 06:54 - 00000000 ____D C:\Users\Navi\AppData\Local\{A3744D09-BA1E-11E1-8270-B8AC6F996F26}
    2012-06-19 06:54 - 2009-07-13 21:13 - 00779724 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-19 06:47 - 2012-06-19 08:27 - 10063000 ____A (Malwarebytes Corporation ) C:\mbam-setup-1.61.0.1400.exe
    2012-06-16 07:37 - 2012-06-16 07:37 - 00000355 ____A C:\Users\Navi\Desktop\Computer - Shortcut.lnk
    2012-06-16 07:36 - 2012-01-10 07:21 - 00000000 ____D C:\Users\Navi\Documents\Youcam
    2012-06-16 06:28 - 2012-06-16 06:28 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-16 06:26 - 2012-01-09 13:58 - 00000000 ____D C:\Users\Navi\AppData\Roaming\Skype
    2012-06-16 06:24 - 2012-06-16 06:24 - 00115200 __ASH (Duplex Secure Ltd.) C:\Users\Navi\AppData\Roaming\wecrer.dll
    2012-06-16 06:24 - 2012-01-08 02:23 - 00000000 ____D C:\Users\Navi\AppData\Local\VirtualStore
    2012-06-14 15:07 - 2009-07-13 20:45 - 00292680 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-12 23:49 - 2012-03-09 15:01 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2012-06-12 23:49 - 2012-03-09 15:01 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-06-12 01:15 - 2012-06-12 01:15 - 11954826 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_543 (1).mp3
    2012-06-12 01:06 - 2012-06-12 01:06 - 11954826 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_543.mp3
    2012-06-11 23:09 - 2012-01-08 06:04 - 00002350 ____A C:\Users\Navi\Desktop\Google Chrome.lnk
    2012-06-09 04:38 - 2012-06-09 04:38 - 00206066 ____A C:\Users\Navi\Downloads\Tirabad___Year_8_Course_21___28_September_2012.pdf
    2012-06-09 00:36 - 2012-06-09 00:36 - 03121674 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_497.mp3
    2012-06-08 02:40 - 2012-06-08 02:40 - 13854328 ____A C:\Users\Navi\Downloads\VWWSetup.exe
    2012-06-08 02:40 - 2012-06-08 02:40 - 00000000 ____D C:\Program Files (x86)\Utherverse Digital Inc
    2012-06-06 23:53 - 2012-06-06 23:46 - 07708257 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_678.mp3
    2012-06-06 23:49 - 2012-06-06 23:42 - 01309928 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_678.mp3
    2012-06-06 03:16 - 2012-06-06 03:15 - 11988472 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_670_ (1).mp3
    2012-06-06 03:10 - 2012-06-06 03:10 - 11988472 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_670_.mp3
    2012-06-05 07:22 - 2012-01-30 04:33 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForNavi.job
    2012-06-04 15:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-06-04 07:56 - 2012-01-08 02:22 - 00000000 ____D C:\users\Navi
    2012-06-04 07:55 - 2012-01-09 07:43 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-06-04 07:54 - 2011-07-15 21:16 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2012-06-04 07:54 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup
    2012-06-04 07:53 - 2011-11-25 00:53 - 00878184 ____A (Realtek Semiconductor Corporation ) C:\Windows\System32\Drivers\rtl8192ce.sys
    2012-06-04 07:53 - 2011-11-25 00:51 - 00000000 ____D C:\Program Files (x86)\Realtek
    2012-06-04 07:52 - 2011-07-15 21:27 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
    2012-06-04 02:16 - 2012-01-16 04:24 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-06-03 23:01 - 2012-06-03 23:01 - 19703057 ____A C:\Users\Navi\Downloads\joined (7).mp3
    2012-06-03 14:40 - 2012-06-03 14:40 - 05675824 ____A C:\Users\Navi\Downloads\Navdeep Kaur An Application.pdf
    2012-06-03 10:58 - 2012-06-03 10:58 - 00000000 ____D C:\Users\Navi\AppData\Local\Wild Tangent
    2012-06-03 10:57 - 2011-07-15 21:22 - 00002590 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
    2012-06-03 08:00 - 2011-11-25 01:31 - 00000000 ___RD C:\Users\Public\Recorded TV
    2012-06-01 22:52 - 2012-06-01 22:52 - 11840201 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_634 (2).mp3
    2012-06-01 22:51 - 2012-06-01 22:50 - 11840201 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_634 (1).mp3
    2012-06-01 22:50 - 2012-06-01 22:50 - 11840201 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_634.mp3
    2012-06-01 15:16 - 2012-06-01 15:16 - 00000000 ____D C:\Users\Navi\AppData\Local\{CC6D368C-4B8A-4CEF-969E-1E2486F4E6C5}
    2012-06-01 15:16 - 2012-06-01 15:15 - 00000000 ____D C:\Users\Navi\AppData\Local\{8CB7DBB6-FC66-4478-8A75-4979FFC04B4C}
    2012-06-01 15:15 - 2012-02-08 01:22 - 00000000 ____D C:\Users\Navi\AppData\Local\Windows Live
    2012-05-27 00:45 - 2012-05-27 00:45 - 02164446 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_517 (3).mp3
    2012-05-27 00:44 - 2012-05-27 00:44 - 02164446 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_517.mp3
    2012-05-27 00:44 - 2012-05-27 00:44 - 02164446 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_517 (2).mp3
    2012-05-27 00:44 - 2012-05-27 00:44 - 02164446 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_517 (1).mp3
    2012-05-27 00:30 - 2012-05-27 00:29 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (6).mp3
    2012-05-27 00:29 - 2012-05-27 00:29 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (5).mp3
    2012-05-27 00:29 - 2012-05-27 00:29 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (4).mp3
    2012-05-27 00:29 - 2012-05-27 00:29 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (3).mp3
    2012-05-27 00:27 - 2012-05-27 00:26 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (2).mp3
    2012-05-27 00:26 - 2012-05-27 00:26 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489.mp3
    2012-05-27 00:26 - 2012-05-27 00:26 - 19083354 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_489 (1).mp3
    2012-05-18 22:26 - 2012-05-18 22:26 - 11328097 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_547.mp3
    2012-05-17 18:47 - 2012-06-14 12:52 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-14 12:52 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-14 12:52 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-14 12:52 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-14 12:52 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-14 12:52 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-14 12:52 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-14 12:52 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-14 12:52 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-14 12:52 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-14 12:52 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-14 12:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-14 12:52 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-14 12:52 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-14 12:52 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-14 12:52 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-14 12:52 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-14 12:52 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-14 12:52 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-14 12:52 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-14 12:52 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-14 12:52 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-14 12:52 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-14 12:52 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-14 12:52 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-14 12:52 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-14 12:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-14 12:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-15 23:37 - 2012-05-15 23:37 - 02016697 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_578 (1).mp3
    2012-05-15 23:06 - 2012-05-15 23:06 - 02016697 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_578.mp3
    2012-05-14 17:32 - 2012-06-13 01:54 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-12 13:49 - 2011-07-15 21:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-12 12:27 - 2011-11-25 00:50 - 00163892 ____A C:\Windows\DPINST.LOG
    2012-05-12 12:26 - 2012-05-12 12:26 - 00148736 ____A (Avanquest Software) C:\Users\All Users\hpe1C76.dll
    2012-05-12 12:26 - 2012-05-12 12:26 - 00002210 ____A C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
    2012-05-12 12:26 - 2012-05-12 12:17 - 00000000 ____D C:\Users\All Users\Sony Ericsson
    2012-05-12 12:26 - 2012-05-12 12:17 - 00000000 ____D C:\Program Files (x86)\Sony Ericsson
    2012-05-12 12:26 - 2011-07-15 21:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-05-12 12:20 - 2012-05-12 12:20 - 00000000 ____D C:\Users\Navi\AppData\Roaming\Sony Setup
    2012-05-12 12:20 - 2012-05-12 12:20 - 00000000 ____D C:\Users\Navi\AppData\Roaming\Sony
    2012-05-12 12:19 - 2012-05-12 12:19 - 00000000 ____D C:\Users\Navi\AppData\Local\Sony Ericsson
    2012-05-12 12:17 - 2012-05-12 12:17 - 00002260 ____A C:\Users\Public\Desktop\Sony Ericsson PC Companion 1.5.lnk
    2012-05-10 12:55 - 2012-04-08 12:11 - 00000000 ____D C:\Users\Navi\AppData\Roaming\SoftGrid Client
    2012-05-10 12:53 - 2012-05-10 12:53 - 00495104 ____A C:\Users\Navi\Downloads\20111221_ICAS1_Assessment_book_Cookridge_Carpets (2).doc
    2012-05-10 12:53 - 2012-05-10 12:53 - 00495104 ____A C:\Users\Navi\Downloads\20111221_ICAS1_Assessment_book_Cookridge_Carpets (2) (1).doc
    2012-05-10 12:52 - 2012-05-10 12:52 - 00495104 ____A C:\Users\Navi\Downloads\20111221_ICAS1_Assessment_book_Cookridge_Carpets (1).doc
    2012-05-09 09:10 - 2012-05-09 09:10 - 00015381 ____A C:\Users\Navi\Downloads\Icarus and Daedalus (3).docx
    2012-05-09 07:05 - 2012-01-08 05:47 - 00063696 ____A C:\Users\Navi\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-08 11:35 - 2012-05-08 11:35 - 00000000 ____D C:\Users\Navi\AppData\Roaming\OfficeSuiteX
    2012-05-08 11:34 - 2012-05-08 11:26 - 00000000 ____D C:\Users\Navi\Desktop\OfSX
    2012-05-08 11:32 - 2012-05-08 11:32 - 00001120 ____A C:\Users\Public\Desktop\Office Suite X 3.3.lnk
    2012-05-08 11:32 - 2012-05-08 11:32 - 00000000 ____D C:\Program Files (x86)\Office Suite X 3
    2012-05-08 11:31 - 2012-05-08 11:31 - 00000000 ____D C:\Users\All Users\Sun
    2012-05-08 11:27 - 2012-05-08 11:27 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-08 11:27 - 2012-05-08 11:27 - 00153376 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-05-08 11:27 - 2012-05-08 11:27 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-05-08 11:27 - 2012-05-08 11:27 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-05-08 11:27 - 2012-05-08 11:27 - 00000000 ____D C:\Program Files (x86)\Java
    2012-05-08 11:11 - 2012-04-01 10:17 - 00000498 ____A C:\user.js
    2012-05-08 11:10 - 2012-05-08 11:10 - 00521688 ____A C:\Users\Navi\Downloads\WordInstaller.exe
    2012-05-08 11:08 - 2012-05-08 11:08 - 00000000 ____A C:\Users\Navi\Documents\New Microsoft Word Document.docx
    2012-05-08 10:55 - 2012-05-08 10:55 - 00014726 ____A C:\Users\Navi\Downloads\Icarus and Daedalus (2).docx
    2012-05-08 10:55 - 2012-05-08 10:55 - 00014726 ____A C:\Users\Navi\Downloads\Icarus and Daedalus (1).docx
    2012-05-08 10:50 - 2012-05-08 10:50 - 00014726 ____A C:\Users\Navi\Downloads\Icarus and Daedalus.docx
    2012-05-08 10:50 - 2012-05-08 10:50 - 00000000 ____D C:\Users\Navi\AppData\Local\{EF2F6AF9-D213-4195-83AD-613C35B8A5AC}
    2012-05-04 03:06 - 2012-06-13 01:54 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 01:54 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 01:54 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-03 23:53 - 2012-05-03 23:53 - 19494417 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_668.mp3
    2012-05-02 01:27 - 2012-05-02 01:27 - 19805640 ____A C:\Users\Navi\Downloads\joined (6).mp3
    2012-05-02 00:47 - 2012-05-02 00:47 - 19805640 ____A C:\Users\Navi\Downloads\joined (5).mp3
    2012-05-02 00:32 - 2012-05-02 00:32 - 19805640 ____A C:\Users\Navi\Downloads\joined (4).mp3
    2012-04-30 21:40 - 2012-06-13 01:54 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 01:28 - 2012-04-30 01:28 - 11246908 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_639 (4).mp3
    2012-04-30 01:25 - 2012-04-30 01:25 - 00000000 ____D C:\Users\Navi\AppData\Local\AVG Secure Search
    2012-04-29 07:02 - 2012-04-29 07:02 - 00000000 ____D C:\Users\Navi\AppData\Local\{51A93D46-84E2-4D5E-934C-C6B6A6132B8A}
    2012-04-29 05:30 - 2012-04-29 05:30 - 00418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-04-29 05:30 - 2012-04-29 05:30 - 00000000 ____D C:\Windows\System32\Macromed
    2012-04-29 05:30 - 2011-07-15 21:20 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-04-29 05:30 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
    2012-04-27 19:55 - 2012-06-13 01:54 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 00:21 - 2012-04-27 00:21 - 02786578 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_760.mp3
    2012-04-26 08:31 - 2012-04-26 08:31 - 00000000 ____D C:\Users\Navi\Documents\suk
    2012-04-26 08:18 - 2012-04-26 08:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-04-25 21:41 - 2012-06-13 01:54 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 01:54 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 01:54 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 01:32 - 2012-04-24 01:32 - 19703057 ____A C:\Users\Navi\Downloads\joined (3).mp3
    2012-04-23 21:37 - 2012-06-13 01:54 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 01:54 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 01:54 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 01:54 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 01:54 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 01:54 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-21 01:43 - 2012-04-21 01:43 - 05704501 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_896 (1).mp3
    2012-04-21 01:36 - 2012-04-21 01:36 - 05704501 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_896.mp3
    2012-04-20 00:04 - 2012-04-20 00:04 - 01071378 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_793.mp3
    2012-04-19 00:26 - 2012-04-19 00:26 - 18867948 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_537.mp3
    2012-04-19 00:19 - 2012-04-19 00:19 - 01808554 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_537 (1).mp3
    2012-04-18 02:37 - 2012-04-18 02:37 - 01795806 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_500 (1).mp3
    2012-04-18 02:37 - 2012-04-18 02:36 - 01795806 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_500.mp3
    2012-04-17 00:24 - 2012-04-17 00:24 - 13402637 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_466.mp3
    2012-04-17 00:13 - 2012-04-17 00:13 - 02581778 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_446.mp3
    2012-04-15 12:50 - 2012-04-15 12:50 - 00000000 __RHD C:\MSOCache
    2012-04-15 11:18 - 2012-04-15 11:18 - 00000162 ___AH C:\Users\Navi\Documents\~$111221_ICAS1_Assessment_book_Cookridge_Carpets.doc
    2012-04-15 00:23 - 2012-04-15 00:23 - 20013000 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_761_.mp3
    2012-04-13 06:49 - 2011-07-15 21:22 - 00000000 ____D C:\Users\All Users\WildTangent
    2012-04-13 06:41 - 2012-03-31 04:47 - 00000000 ____D C:\Users\Navi\AppData\Local\Microsoft Games
    2012-04-12 14:42 - 2012-04-12 14:42 - 00495104 ____A C:\Users\Navi\Documents\20111221_ICAS1_Assessment_book_Cookridge_Carpets.doc
    2012-04-12 14:38 - 2012-04-12 14:38 - 00495104 ____A C:\Users\Navi\Downloads\20111221_ICAS1_Assessment_book_Cookridge_Carpets.doc
    2012-04-12 08:21 - 2012-04-12 08:20 - 11682820 ____A C:\Users\Navi\Downloads\amanPic.png
    2012-04-11 23:08 - 2012-04-11 23:08 - 10761240 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_515 (4).mp3
    2012-04-11 23:07 - 2012-04-11 23:07 - 10761240 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_515 (3).mp3
    2012-04-11 23:06 - 2012-04-11 23:06 - 10761240 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_515 (2).mp3
    2012-04-11 22:45 - 2012-04-11 22:45 - 10761240 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_515 (1).mp3
    2012-04-11 22:32 - 2012-04-11 22:32 - 10761240 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_515.mp3
    2012-04-10 22:19 - 2012-04-10 22:19 - 11286928 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_506 (9).mp3
    2012-04-10 22:07 - 2012-04-10 22:07 - 04119032 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_506 (3).mp3
    2012-04-10 22:06 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-04-09 23:53 - 2012-04-09 06:41 - 00000000 ____D C:\Users\All Users\VirtualizedApplications
    2012-04-09 12:32 - 2012-04-08 12:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
    2012-04-09 07:25 - 2012-03-09 15:00 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-04-08 12:37 - 2012-04-08 12:37 - 03869480 ____A (AVG Technologies) C:\Users\Navi\Downloads\avg_free_stb_all_2012_2125_cnet.exe
    2012-04-08 12:37 - 2012-03-09 14:52 - 00000000 ____D C:\Users\All Users\MFAData
    2012-04-08 12:12 - 2012-04-08 12:10 - 00000000 ____D C:\Users\Navi\AppData\Roaming\TP
    2012-04-08 12:11 - 2012-04-08 12:11 - 00000000 ____D C:\Users\Navi\AppData\Local\SoftGrid Client
    2012-04-08 12:10 - 2012-04-08 12:10 - 00000000 ____D C:\Program Files\Microsoft Office
    2012-04-08 12:10 - 2011-07-15 21:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2012-04-08 12:10 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-04-08 12:09 - 2012-04-08 12:09 - 00126464 ____A C:\Users\Navi\Downloads\DanR_ICAS_PCS_22_Apr_2010.doc
    2012-04-08 00:38 - 2012-04-08 00:38 - 11286928 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_506 (8).mp3
    2012-04-08 00:38 - 2012-04-08 00:38 - 11286928 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_506 (7).mp3
    2012-04-08 00:37 - 2012-04-08 00:37 - 11286928 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_506 (6).mp3
    2012-04-08 00:37 - 2012-04-08 00:37 - 11286928 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_506 (5).mp3
    2012-04-08 00:37 - 2012-04-08 00:37 - 11286928 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_506 (4).mp3
    2012-04-08 00:37 - 2012-04-08 00:37 - 11286928 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_506 (3).mp3
    2012-04-08 00:37 - 2012-04-08 00:37 - 04119032 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_506 (2).mp3
    2012-04-08 00:37 - 2012-04-08 00:37 - 04119032 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_506 (1).mp3
    2012-04-08 00:37 - 2012-04-08 00:36 - 11286928 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_506 (2).mp3
    2012-04-08 00:36 - 2012-04-08 00:36 - 11286928 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_506 (1).mp3
    2012-04-08 00:23 - 2012-04-08 00:23 - 11286928 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_506.mp3
    2012-04-08 00:21 - 2012-04-08 00:21 - 04119032 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_506.mp3
    2012-04-08 00:06 - 2012-04-08 00:06 - 01224176 ____A (Google Inc.) C:\Users\Navi\Downloads\chrome (1).exe
    2012-04-07 04:31 - 2012-06-13 01:54 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-13 01:54 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-06 23:34 - 2012-04-06 23:34 - 20268634 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_542 (1).mp3
    2012-04-06 23:29 - 2012-04-06 23:29 - 02235813 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_542.mp3
    2012-04-06 23:28 - 2012-04-06 23:27 - 20268634 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_542.mp3
    2012-04-06 05:52 - 2012-04-06 05:52 - 13817434 ____A C:\Users\Navi\Downloads\joined (2).mp3
    2012-04-06 01:23 - 2012-04-06 01:23 - 13817434 ____A C:\Users\Navi\Downloads\joined (1).mp3
    2012-04-06 01:23 - 2012-04-06 01:23 - 01413138 ____A C:\Users\Navi\Downloads\recorded_audio_06-jan-2011_08-02-46_am (1).mp3
    2012-04-06 01:22 - 2012-04-06 01:22 - 01413138 ____A C:\Users\Navi\Downloads\recorded_audio_06-jan-2011_08-02-46_am.mp3
    2012-04-05 12:13 - 2012-04-05 12:13 - 00000000 ___HD C:\$AVG
    2012-04-05 00:40 - 2012-04-05 00:40 - 22031194 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_637 (1).mp3
    2012-04-05 00:40 - 2012-04-05 00:39 - 22031194 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_637.mp3
    2012-04-04 06:56 - 2012-06-19 08:27 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-01 10:17 - 2012-04-01 10:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-04-01 10:17 - 2012-04-01 10:17 - 00000000 ____D C:\Program Files (x86)\Incredibar.com
    2012-04-01 04:57 - 2012-04-01 04:57 - 00000000 ____D C:\Users\All Users\Premium
    2012-04-01 04:56 - 2012-04-01 04:56 - 00000000 ____D C:\codec-info
    2012-03-30 03:35 - 2012-05-10 22:46 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-29 00:09 - 2012-03-29 00:09 - 01808554 ____A C:\Users\Navi\Downloads\harmandir_sahib_hukam-ang_537.mp3
    2012-03-28 12:12 - 2012-03-28 12:12 - 01201468 ____A C:\Users\Navi\Downloads\sgpcnetjan10.ang535.mp3
    2012-03-27 11:32 - 2012-03-27 11:31 - 07405608 ____A C:\Users\Navi\Downloads\pic.pdf
    2012-03-27 08:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-03-24 12:53 - 2012-03-24 12:53 - 17088748 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_569.mp3
    2012-03-22 06:36 - 2012-03-22 06:34 - 18871423 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_666 (1).mp3
    2012-03-22 06:34 - 2012-03-22 06:33 - 18871423 ____A C:\Users\Navi\Downloads\punjabi_hukam_katha-ang_666.mp3

    ZeroAccess:
    C:\Windows\Installer\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}
    C:\Windows\Installer\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\@
    C:\Windows\Installer\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\L
    C:\Windows\Installer\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\n
    C:\Windows\Installer\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\U

    ZeroAccess:
    C:\Users\Navi\AppData\Local\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}
    C:\Users\Navi\AppData\Local\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\@
    C:\Users\Navi\AppData\Local\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\L
    C:\Users\Navi\AppData\Local\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\n
    C:\Users\Navi\AppData\Local\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\U
    C:\Users\Navi\AppData\Local\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\U\00000001.@
    C:\Users\Navi\AppData\Local\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\U\80000000.@
    C:\Users\Navi\AppData\Local\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\U\800000cb.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 18%
    Total physical RAM: 3562.91 MB
    Available physical RAM: 2887.34 MB
    Total Pagefile: 3561.05 MB
    Available Pagefile: 2876.32 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:446.91 GB) (Free:403.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (Recovery) (Fixed) (Total:14.69 GB) (Free:1.63 GB) NTFS
    3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.1 GB) FAT32
    5 Drive h: (UDISK) (Removable) (Total:0.95 GB) (Free:0.27 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 970 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 446 GB 200 MB
    Partition 3 Primary 14 GB 447 GB
    Partition 4 Primary 4063 MB 461 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 446 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 14 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 969 MB 16 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H UDISK FAT Removable 969 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-09 00:12

    ======================= End Of Log ==========================
     
  2. aman_badyal

    aman_badyal TS Rookie Topic Starter

    Search Log:

    Farbar Recovery Scan Tool Version: 17-06-2012 04
    Ran by SYSTEM at 2012-06-19 20:35:20
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  3. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  4. aman_badyal

    aman_badyal TS Rookie Topic Starter

    Hi, thanks for your help so far. Am I OK to start Windows normally now? See below for fix log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 17-06-2012 04
    Ran by SYSTEM at 2012-06-20 08:01:17 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a} moved successfully.
    C:\Users\Navi\AppData\Local\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  5. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Yes, see if you can start normally.

    If so....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. aman_badyal

    aman_badyal TS Rookie Topic Starter

    ComboFix 12-06-20.02 - Navi 20/06/2012 21:13:33.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3563.2265 [GMT 1:00]
    Running from: G:\ComboFix.exe
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\hpe1C76.dll
    c:\programdata\TheBflix
    c:\programdata\TheBflix\background.html
    c:\programdata\TheBflix\content.js
    c:\programdata\TheBflix\data\content.js
    c:\programdata\TheBflix\data\jsondb.js
    c:\programdata\TheBflix\ekdjfcdinekpfcedakhpngcnaamhiihn.crx
    c:\programdata\TheBflix\settings.ini
    c:\programdata\TheBflix\uninstall.exe
    c:\users\Navi\AppData\Roaming\mgxtis.dll
    c:\users\Navi\AppData\Roaming\wecrer.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-20 20:26 . 2012-06-20 20:2669000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14DE4A62-BC2C-458F-94EA-EEECF92E3D53}\offreg.dll
    2012-06-20 20:24 . 2012-06-20 20:24--------d-----w-c:\users\Default\AppData\Local\temp
    2012-06-20 04:32 . 2012-06-20 04:34--------d-----w-C:\FRST
    2012-06-19 17:10 . 2012-06-19 17:10927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAFAFADA-0E36-43BD-97F0-ED7BBE74EF50}\gapaengine.dll
    2012-06-19 17:10 . 2012-05-30 20:049013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14DE4A62-BC2C-458F-94EA-EEECF92E3D53}\mpengine.dll
    2012-06-19 17:08 . 2012-06-19 17:08--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-06-19 17:08 . 2012-06-19 17:08--------d-----w-c:\program files\Microsoft Security Client
    2012-06-19 16:27 . 2012-06-19 16:27--------d-----w-c:\users\Navi\AppData\Roaming\Malwarebytes
    2012-06-19 16:27 . 2012-06-19 16:27--------d-----w-c:\programdata\Malwarebytes
    2012-06-19 16:27 . 2012-06-19 14:4710063000----a-w-C:\mbam-setup-1.61.0.1400.exe
    2012-06-19 14:54 . 2012-06-19 14:54--------d-----w-c:\users\Navi\AppData\Local\{A3744D09-BA1E-11E1-8270-B8AC6F996F26}
    2012-06-16 14:28 . 2012-06-16 14:28--------d-sh--w-c:\windows\system32\%APPDATA%
    2012-06-13 09:54 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-08 10:40 . 2012-06-08 10:40--------d-----w-c:\program files (x86)\Utherverse Digital Inc
    2012-06-03 18:58 . 2012-06-03 18:58--------d-----w-c:\users\Navi\AppData\Local\Wild Tangent
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-04 15:53 . 2011-11-25 08:53878184----a-w-c:\windows\system32\drivers\rtl8192ce.sys
    2012-05-08 19:27 . 2012-05-08 19:27472808----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-04-29 13:30 . 2012-04-29 13:30418464----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-29 13:30 . 2011-07-16 05:2070304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-30 11:35 . 2012-05-11 06:461918320----a-w-c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-06-18 772096]
    "mgxtis"="c:\windows\System32\rundll32.exe" [2009-07-14 44544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-05 336384]
    "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-07-01 169528]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 253088]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
    R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
    R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
    R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
    R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
    R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
    R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-09 2413056]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 13:30]
    .
    2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-956735876-591256918-681856697-1001Core.job
    - c:\users\Navi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 14:04]
    .
    2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-956735876-591256918-681856697-1001UA.job
    - c:\users\Navi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 14:04]
    .
    2012-06-05 c:\windows\Tasks\HPCeeScheduleForNavi.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-09 1128448]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-10-31 43320]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-wecrer - c:\users\Navi\AppData\Roaming\wecrer.dll
    Wow6432Node-HKCU-Run-PSFactoryBuffer - c:\users\Navi\AppData\Local\PSFactoryBuffer\PSFactoryBuffer.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    AddRemove-funmoods - c:\program files (x86)\Funmoods\funmoods\1.5.12.2\uninstall.exe
    AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4} - c:\programdata\TheBflix\uninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{F9639E4A-801B-4843-AEE3-03D9DA199E77}"=hex:51,66,7a,6c,4c,1d,38,12,24,9d,70,
    fd,29,ce,2d,0d,d1,f5,40,99,df,47,da,63
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}"=hex:51,66,7a,6c,4c,1d,38,12,8f,de,00,
    6a,5c,65,a0,03,f4,70,9f,cb,f6,31,2f,8d
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{BBC95637-AC5D-4C51-965E-82D984447F2E}"=hex:51,66,7a,6c,4c,1d,38,12,59,55,da,
    bf,6f,e2,3f,09,e9,48,c1,99,81,1a,3b,3a
    "{CA44B26D-167D-4747-8EAE-508E2ED2980F}"=hex:51,66,7a,6c,4c,1d,38,12,03,b1,57,
    ce,4f,58,29,02,f1,b8,13,ce,2b,8c,dc,1b
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:fc,41,47,87,50,26,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-20 21:41:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-20 20:41
    .
    Pre-Run: 435,597,934,592 bytes free
    Post-Run: 435,514,658,816 bytes free
    .
    - - End Of File - - B0B8EE38593A030C69127A3E19F2A1A8
     
  7. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    You're running two AV programs, AVG and Norton.
    You must uninstall one of them.
    If you uninstalled AVG prior to running Combofix keep it off of your computer.
    If not use AVG Remover: http://www.avg.com/us-en/utilities
    If Norton is the one to go use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
    Let me know which way you went.

    Combofix looks good.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. aman_badyal

    aman_badyal TS Rookie Topic Starter

    I had uninstalled AVG prior to running combofix. I have since uninstalled Norton as well using the tool you suggested and kept MSE and Malwarebytes.
    All seems fine except that I get an annoying run dll error message when logging in. It is in relation to the mgtxis.dll which has been deleted/quarantined as combofix/malwarebytes consider it to be a threat. Any ideas on what it relates to and whether it is actually a threat or not? In the previous log I sent, it would suggest it is audio related as it has '(M-Audio)' appear next to it but sound is currently working fine on the laptop at the moment.

    See below for the extras logs from OTL. I will post the OTL log in a separate post shortly. Thanks for all your help so far, much appreciated.

    Extras log:


    OTL Extras logfile created on: 6/21/2012 1:10:23 AM - Run 1
    OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Navi\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.48 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 61.85% Memory free
    6.96 Gb Paging File | 5.36 Gb Available in Paging File | 77.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.91 Gb Total Space | 405.12 Gb Free Space | 90.65% Space Free | Partition Type: NTFS
    Drive D: | 14.69 Gb Total Space | 1.63 Gb Free Space | 11.10% Space Free | Partition Type: NTFS
    Drive E: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.79% Space Free | Partition Type: FAT32

    Computer Name: NAVI-HP | User Name: Navi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9ED876FF-D107-4B27-8F83-E3D703D4DEEB}" = protocol=6 | dir=in | app=c:\users\navi\appdata\local\temp\7zsfc38.tmp\symnrt.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{BFF498CD-CE01-4CA3-A411-9A97AA6EA33C}" = protocol=17 | dir=in | app=c:\users\navi\appdata\local\temp\7zsfc38.tmp\symnrt.exe |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{48C46F0E-7B86-AC31-ACFC-2B40F1C90ACE}" = ccc-utility64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{AADE02D5-DCBF-04C3-CD05-ABA83D28BC4A}" = AMD Fuel
    "{C4EACDFC-4BD3-4553-8445-A55B55818835}" = HP Launch Box
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F56A6C9-81CA-4B5F-B471-8CCB13CF85DA}" = Office Suite X 3.3
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2070F457-B044-FCEE-B6DA-CB2C12CD76A5}" = CCC Help German
    "{224CA902-F494-FD2A-4211-771454ED464B}" = CCC Help English
    "{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
    "{3BE2E4AA-C164-FEB5-6C82-BBBC90C88915}" = CCC Help Hungarian
    "{4144F415-7434-4501-97DE-CED4FAF64E7D}" = AMD System Monitor
    "{44D822AA-DA6D-1915-4B64-60D06AE613CE}" = CCC Help Danish
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A917E5E-2567-C01E-7F41-AF09DAE523A1}" = AMD VISION Engine Control Center
    "{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5377D0E6-0B77-5C94-A3F8-2A7C0E5791A1}" = CCC Help French
    "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean
    "{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
    "{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese
    "{999164B6-5B78-4DD3-BACE-7292640AD0DD}" = HP QuickWeb
    "{9B3CC933-5EF7-A868-7B74-1A227394566E}" = CCC Help Finnish
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1ACD45F-0D8E-0566-0EC0-530CDCD7E8F4}" = Catalyst Control Center Graphics Previews Common
    "{A3D1D38D-9C85-7BEB-5AC8-EC2D90E2882A}" = CCC Help Czech
    "{A440179F-D169-B9DA-B478-6CE97FDB3D4C}" = CCC Help Greek
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard
    "{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All
    "{B976E52C-93A3-5CD1-FF67-658877850EDD}" = CCC Help Italian
    "{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display
    "{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE15C5EC-7C30-44BF-ACEB-03960FC5601D}" = HP Documentation
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E74E7F63-E70F-43f2-873F-35FB66F263B2}" = MusicStation
    "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
    "{EA8CC2F2-BC30-141C-92B6-CC870B4B2977}" = CCC Help Spanish
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.50.52
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
    "{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "EasyBits Magic Desktop" = Magic Desktop
    "funmoods" = Funmoods on IE and Chrome
    "incredibar" = Incredibar Toolbar on IE
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-0969e418-f9b8-4dd6-b680-b34eefe03522" = Virtual Villagers 5 - New Believers
    "WTA-0f0e008f-2283-490e-8e33-8ab1ce3dc865" = Slingo Supreme
    "WTA-1d46c435-8031-470b-9b1f-8e83388541e9" = Blackhawk Striker 2
    "WTA-2d02adb9-908b-4bcf-af0e-332df395e1f3" = Mystery of Mortlake Mansion
    "WTA-2d4de57c-d8ff-456d-b8ca-6d4765e90502" = Chronicles of Albian
    "WTA-35e57371-02f6-446a-8cef-dad22b824575" = Zuma Deluxe
    "WTA-529d8c91-939b-446f-9858-6bb5685d9962" = Bounce Symphony
    "WTA-60aa5f04-baee-48de-aef8-50a801d52c97" = Cradle of Rome 2
    "WTA-7b414cb8-61cd-4ec1-b443-b5f08fde9f81" = Final Drive: Nitro
    "WTA-949c3be0-84c8-4511-92f7-67edccfb79bd" = Agatha Christie - Peril at End House
    "WTA-94bf109a-4263-4a60-b767-c67fc719bd5e" = Poker Superstars III
    "WTA-96e616ba-e6a5-4a3c-ba66-d12390f9940e" = Plants vs. Zombies - Game of the Year
    "WTA-a58686ca-f56d-4939-aa2a-b407856fe118" = Jewel Quest: The Sleepless Star - Collector's Edition
    "WTA-a9fc14a0-a4ce-4399-9770-d93c754f74c9" = Governor of Poker 2 Premium Edition
    "WTA-aa824d63-6e1c-4e0f-9ad9-66bb7f6690e2" = Namco All-Stars: PAC-MAN
    "WTA-adedb234-9cd3-4225-ad76-f828b99dc237" = Polar Bowler
    "WTA-d1649b1c-8967-4ce1-a23d-9c7f81683034" = Mah Jong Medley
    "WTA-d2664f88-532a-43d5-8c3e-300b54e67ff9" = Penguins!
    "WTA-d5af1d88-2fb3-448f-9ca2-79a4f154c8cd" = Farm Frenzy
    "WTA-d8f155ee-e3df-4460-af63-690026100d90" = Cake Mania
    "WTA-dbd4d603-73ef-464b-8d81-d8c574f4a088" = Polar Golfer
    "WTA-e265dad7-cd95-4bfd-9322-de9ec20439c3" = FATE
    "WTA-e657f924-36a1-40c7-8a7f-b66e3cf1b798" = Vacation Quest - The Hawaiian Islands
    "WTA-f04b1599-e1f6-485a-ba57-d308723d4ed5" = Bejeweled 3
    "WTA-f204b6b0-11b0-4fe0-a713-71b6e11f17c5" = Blasterball 3
    "WTA-fd94d207-601d-4225-8542-e1a0859037f0" = Chuzzle Deluxe

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-956735876-591256918-681856697-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/8/2012 4:14:32 AM | Computer Name = Navi-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 6/8/2012 12:59:01 PM | Computer Name = Navi-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 6/9/2012 3:21:11 AM | Computer Name = Navi-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 6/9/2012 12:35:19 PM | Computer Name = Navi-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 6/9/2012 12:45:16 PM | Computer Name = Navi-HP | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    Error - 6/9/2012 5:32:16 PM | Computer Name = Navi-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 6/9/2012 6:55:20 PM | Computer Name = Navi-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 6/10/2012 5:44:14 PM | Computer Name = Navi-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 6/11/2012 9:40:35 AM | Computer Name = Navi-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 6/11/2012 9:40:36 AM | Computer Name = Navi-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: hpqwutils.exe, version: 3.1.0.9760, time
    stamp: 0x4e0d1733 Faulting module name: hpqwutils.exe, version: 3.1.0.9760, time
    stamp: 0x4e0d1733 Exception code: 0xc0000005 Fault offset: 0x0000b881 Faulting process
    id: 0xea0 Faulting application start time: 0x01cd47d7c7175b2f Faulting application
    path: C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe Faulting
    module path: C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe Report
    Id: 05f0b72f-b3cb-11e1-a9a1-ec9a744f0e8f

    [ Hewlett-Packard Events ]
    Error - 2/27/2012 5:42:33 PM | Computer Name = Navi-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 2/27/2012 5:48:44 PM | Computer Name = Navi-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/dfd4550c_4b21_4219_8af4_7f3b9dc2bebc/el0sl3blyp2wewrvtcbd03yt_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3562 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

    Error - 3/13/2012 2:33:32 PM | Computer Name = Navi-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/020d4ec5_4145_4ff3_bcf1_49088e8a9936/tz2g0caiymj8lwpg+mgndrty_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3562 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

    Error - 3/26/2012 5:46:27 AM | Computer Name = Navi-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/d5e1aa67_e5e9_4494_80a5_f4d4447bca95/jcphdxvq8ar0248y8tsjkgxd_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3562 Ram Utilization: TargetSite: Void UpdateDetail(System.String)

    Error - 4/17/2012 4:27:26 AM | Computer Name = Navi-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 4/17/2012 4:29:28 AM | Computer Name = Navi-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 4/17/2012 4:30:23 AM | Computer Name = Navi-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 4/23/2012 5:33:05 AM | Computer Name = Navi-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/4e2edf67_f96f_4187_8a39_e37ca97b539b/nvgqiur3vy9sgc8fpxcarcku_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3562 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

    Error - 4/28/2012 5:10:58 PM | Computer Name = Navi-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/7/2012 5:51:02 AM | Computer Name = Navi-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/5d32ae25_8ad6_49bf_b71a_4a3a334a363e/6xd4a70eg8i077wpwknhust8_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3562 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

    [ HP Software Framework Events ]
    Error - 4/23/2012 3:45:48 PM | Computer Name = Navi-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/23 20:45:48.188|00000EB4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 4/30/2012 5:37:00 AM | Computer Name = Navi-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/30 10:37:00.889|00001408|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 4/30/2012 5:37:02 AM | Computer Name = Navi-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/30 10:37:02.995|00000424|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/7/2012 5:51:08 AM | Computer Name = Navi-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/07 10:51:08.747|00001424|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/7/2012 5:51:11 AM | Computer Name = Navi-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/07 10:51:11.131|00001624|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/14/2012 1:22:52 PM | Computer Name = Navi-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/14 18:22:52.680|00000F78|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/21/2012 10:11:35 AM | Computer Name = Navi-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/21 15:11:35.161|00001594|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/21/2012 10:11:39 AM | Computer Name = Navi-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/21 15:11:39.176|00001438|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 6/4/2012 6:15:19 AM | Computer Name = Navi-HP | Source = CaslWmi | ID = 5
    Description = 2012/06/04 11:15:19.414|00000F94|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 6/4/2012 6:16:34 AM | Computer Name = Navi-HP | Source = CaslWmi | ID = 5
    Description = 2012/06/04 11:16:34.315|0000014C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    [ System Events ]
    Error - 6/20/2012 4:49:29 PM | Computer Name = Navi-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
    Error
    Code: 126

    Error - 6/20/2012 5:03:20 PM | Computer Name = Navi-HP | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.129.66.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 6/20/2012 5:39:30 PM | Computer Name = Navi-HP | Source = DCOM | ID = 10010
    Description =

    Error - 6/20/2012 5:40:16 PM | Computer Name = Navi-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
    Error
    Code: 126

    Error - 6/20/2012 6:12:08 PM | Computer Name = Navi-HP | Source = DCOM | ID = 10010
    Description =

    Error - 6/20/2012 6:13:00 PM | Computer Name = Navi-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
    Error
    Code: 126

    Error - 6/20/2012 6:32:38 PM | Computer Name = Navi-HP | Source = DCOM | ID = 10010
    Description =

    Error - 6/20/2012 6:37:07 PM | Computer Name = Navi-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
    Error
    Code: 126

    Error - 6/20/2012 7:04:32 PM | Computer Name = Navi-HP | Source = DCOM | ID = 10010
    Description =

    Error - 6/20/2012 8:03:23 PM | Computer Name = Navi-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
    Error
    Code: 126


    < End of report >
     
  9. aman_badyal

    aman_badyal TS Rookie Topic Starter

    OTL Logfile has been split into two posts:

    OTL logfile created on: 6/21/2012 1:10:23 AM - Run 1
    OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Navi\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.48 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 61.85% Memory free
    6.96 Gb Paging File | 5.36 Gb Available in Paging File | 77.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.91 Gb Total Space | 405.12 Gb Free Space | 90.65% Space Free | Partition Type: NTFS
    Drive D: | 14.69 Gb Total Space | 1.63 Gb Free Space | 11.10% Space Free | Partition Type: NTFS
    Drive E: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.79% Space Free | Partition Type: FAT32

    Computer Name: NAVI-HP | User Name: Navi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/21 01:07:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Navi\Downloads\OTL.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/07/01 04:41:26 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    PRC - [2011/06/16 02:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/06/14 00:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/02/25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
    PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
    PRC - [2009/06/18 10:04:36 | 000,772,096 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
    PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/07 09:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
    MOD - [2012/06/07 09:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    MOD - [2012/06/07 09:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
    MOD - [2012/06/07 09:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
    MOD - [2012/06/07 09:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
    MOD - [2012/06/07 09:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
    MOD - [2012/06/07 09:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
    MOD - [2012/06/07 08:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    MOD - [2012/05/13 09:40:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/13 09:40:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/04/30 10:36:43 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/01/09 21:14:48 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/07/06 08:08:26 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/07/05 20:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/10/11 10:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/04/29 14:30:04 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2012/01/09 21:11:59 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/03/02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/06/04 16:53:15 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/09 21:14:48 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2012/01/09 21:13:10 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2012/01/09 21:11:59 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/07/16 06:00:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/07/16 06:00:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/07/06 08:50:28 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/07/06 07:32:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/06/10 03:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/04/16 11:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2011/04/16 11:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/12/16 20:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/17 17:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/07/28 18:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/02/18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/25 16:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
    DRV:64bit: - [2009/03/25 16:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
    DRV:64bit: - [2009/03/25 16:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
    DRV:64bit: - [2009/03/25 16:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
    DRV:64bit: - [2009/03/25 16:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
    DRV:64bit: - [2009/03/25 16:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
    DRV:64bit: - [2009/03/25 16:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
    DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{768DB075-CB82-4986-A4B3-F1E55F369177}: "URL" = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{768DB075-CB82-4986-A4B3-F1E55F369177}: "URL" = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\SearchScopes,DefaultScope = {b7fca997-d0fb-4fe0-8afd-255e89cf9671}
    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\SearchScopes\{768DB075-CB82-4986-A4B3-F1E55F369177}: "URL" = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...7495ec75e22&lang=en&ds=AVG&pr=pr&d=2012-03-09 23:01:16&v=10.0.0.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6OyxzqxXX6&I=26
    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKU\S-1-5-21-956735876-591256918-681856697-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Navi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Navi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)


    [2012/04/01 19:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
     
  10. aman_badyal

    aman_badyal TS Rookie Topic Starter

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Navi\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Navi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Navi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Navi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Navi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Puk-Puk = C:\Users\Navi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cngkcldnnppckgbmndaccoffaikjbemc\3_0\
    CHR - Extension: Google Search = C:\Users\Navi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Navi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/20 21:26:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-956735876-591256918-681856697-1001..\Run: [mgxtis] "C:\Windows\System32\rundll32.exe" "C:\Users\Navi\AppData\Roaming\mgxtis.dll",CountEntries File not found
    O4 - HKU\S-1-5-21-956735876-591256918-681856697-1001..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-956735876-591256918-681856697-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-956735876-591256918-681856697-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC714A56-9415-4313-A907-5D20385840BD}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/20 23:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/06/20 23:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/06/20 23:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/06/20 21:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/20 21:52:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/20 21:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/20 21:49:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/20 21:42:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/20 21:12:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/20 21:12:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/20 21:12:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/20 21:11:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/20 21:10:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/20 05:32:58 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/19 18:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/19 18:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/19 17:27:52 | 000,000,000 | ---D | C] -- C:\Users\Navi\AppData\Roaming\Malwarebytes
    [2012/06/19 17:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/19 17:27:19 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.61.0.1400.exe
    [2012/06/19 16:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
    [2012/06/19 15:54:19 | 000,000,000 | ---D | C] -- C:\Users\Navi\AppData\Local\{A3744D09-BA1E-11E1-8270-B8AC6F996F26}
    [2012/06/16 15:28:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/06/08 11:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Utherverse Digital Inc
    [2012/06/03 19:58:40 | 000,000,000 | ---D | C] -- C:\Users\Navi\AppData\Local\Wild Tangent
    [2012/06/02 00:16:01 | 000,000,000 | ---D | C] -- C:\Users\Navi\AppData\Local\{CC6D368C-4B8A-4CEF-969E-1E2486F4E6C5}
    [2012/06/02 00:15:58 | 000,000,000 | ---D | C] -- C:\Users\Navi\AppData\Local\{8CB7DBB6-FC66-4478-8A75-4979FFC04B4C}

    ========== Files - Modified Within 30 Days ==========

    [2012/06/21 01:11:13 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/21 01:11:13 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/21 01:09:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/21 01:07:45 | 000,001,313 | ---- | M] () -- C:\Users\Navi\Desktop\OTL.exe - Shortcut.lnk
    [2012/06/21 01:03:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/21 01:03:04 | 2801,983,488 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/20 23:58:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-956735876-591256918-681856697-1001UA.job
    [2012/06/20 21:52:10 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/20 21:26:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/20 20:56:13 | 000,783,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/20 20:56:13 | 000,667,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/20 20:56:13 | 000,126,706 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/19 18:09:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/19 18:08:38 | 000,789,006 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/19 15:58:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-956735876-591256918-681856697-1001Core.job
    [2012/06/19 15:47:44 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.61.0.1400.exe
    [2012/06/16 16:37:44 | 000,000,355 | ---- | M] () -- C:\Users\Navi\Desktop\Computer - Shortcut.lnk
    [2012/06/15 00:07:16 | 000,292,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/12 08:09:57 | 000,002,350 | ---- | M] () -- C:\Users\Navi\Desktop\Google Chrome.lnk
    [2012/06/05 16:22:49 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNavi.job
    [2012/06/03 19:57:48 | 000,002,590 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk

    ========== Files Created - No Company Name ==========

    [2012/06/21 01:07:45 | 000,001,313 | ---- | C] () -- C:\Users\Navi\Desktop\OTL.exe - Shortcut.lnk
    [2012/06/20 21:52:10 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/20 21:12:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/20 21:12:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/20 21:12:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/20 21:12:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/20 21:12:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/19 18:09:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/06/19 18:08:43 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/16 16:37:44 | 000,000,355 | ---- | C] () -- C:\Users\Navi\Desktop\Computer - Shortcut.lnk
    [2012/03/21 20:31:56 | 000,000,243 | ---- | C] () -- C:\ProgramData\MusicStation.xml
    [2011/11/25 09:55:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/11/25 09:53:50 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2011/11/25 09:48:46 | 000,789,006 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/11/25 09:38:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/07/16 06:36:57 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
    [2011/07/05 20:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/06/10 03:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011/05/13 16:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/03/18 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== LOP Check ==========

    [2012/02/11 12:51:53 | 000,000,000 | ---D | M] -- C:\Users\Navi\AppData\Roaming\Namco
    [2012/05/08 20:35:43 | 000,000,000 | ---D | M] -- C:\Users\Navi\AppData\Roaming\OfficeSuiteX
    [2012/05/10 21:55:01 | 000,000,000 | ---D | M] -- C:\Users\Navi\AppData\Roaming\SoftGrid Client
    [2012/05/12 21:20:09 | 000,000,000 | ---D | M] -- C:\Users\Navi\AppData\Roaming\Sony
    [2012/05/12 21:20:56 | 000,000,000 | ---D | M] -- C:\Users\Navi\AppData\Roaming\Sony Setup
    [2012/01/08 14:50:01 | 000,000,000 | ---D | M] -- C:\Users\Navi\AppData\Roaming\Synaptics
    [2012/04/08 21:12:14 | 000,000,000 | ---D | M] -- C:\Users\Navi\AppData\Roaming\TP
    [2012/02/08 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\Navi\AppData\Roaming\Windows Live Writer
    [2012/06/20 23:37:08 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2010/11/21 04:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2012/06/20 21:42:01 | 000,019,665 | ---- | M] () -- C:\ComboFix.txt
    [2012/06/21 01:03:04 | 2801,983,488 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/19 15:47:44 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.61.0.1400.exe
    [2012/06/21 01:03:07 | 3735,977,984 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/15 16:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini
    [2012/05/08 20:11:10 | 000,000,498 | ---- | M] () -- C:\user.js

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 10:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/01/08 14:50:27 | 000,000,221 | -HS- | M] () -- C:\Users\Navi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/21 01:09:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/19 15:58:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-956735876-591256918-681856697-1001Core.job
    [2012/06/20 23:58:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-956735876-591256918-681856697-1001UA.job
    [2012/06/05 16:22:49 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNavi.job
    [2012/06/21 01:03:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/20 23:37:08 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/03/05 22:22:51 | 000,000,402 | -HS- | M] () -- C:\Users\Navi\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/03/21 20:32:27 | 000,000,003 | ---- | M] () -- C:\ProgramData\MusicStation.log
    [2012/03/21 20:31:56 | 000,000,243 | ---- | M] () -- C:\ProgramData\MusicStation.xml

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Let me know if the error is gone after running following OTL fix.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-21-956735876-591256918-681856697-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O4 - HKU\S-1-5-21-956735876-591256918-681856697-1001..\Run: [mgxtis] "C:\Windows\System32\rundll32.exe" "C:\Users\Navi\AppData\Roaming\mgxtis.dll",CountEntries File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    ======================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
     
  12. aman_badyal

    aman_badyal TS Rookie Topic Starter

    the OTL fix got rid of the error message - thanks again.

    OTL Fix log:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-956735876-591256918-681856697-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-956735876-591256918-681856697-1001\Software\Microsoft\Windows\CurrentVersion\Run\\mgxtis deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Navi
    ->Temp folder emptied: 20814035 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 1 bytes
    ->Google Chrome cache emptied: 53918353 bytes
    ->Flash cache emptied: 1042 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 24978 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32709545 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 103.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Navi
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Navi
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.50.0 log created on 06212012_074419

    Files\Folders moved on Reboot...
    C:\Users\Navi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  13. aman_badyal

    aman_badyal TS Rookie Topic Starter

    The security check, FSS and ESET Scan logs are below. Do you think the laptop can now be given the all-clear?

    security check log:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    JavaFX 2.1.1
    Java(TM) 6 Update 22
    Java(TM) 7 Update 5
    Out of date Java installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````

    FSS Log:
    Farbar Service Scanner Version: 19-06-2012 01
    Ran by Navi (administrator) on 21-06-2012 at 09:00:36
    Running from "G:\"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Google IP is accessible.
    Attempt to access Google.com returned error: Other errors
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Other errors
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ESET Scan Log:
    C:\FRST\Quarantine\services.exeWin64/Patched.B.Gen trojandeleted - quarantined
    C:\FRST\Quarantine\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\nWin64/Sirefef.W trojancleaned by deleting - quarantined
    C:\FRST\Quarantine\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\nWin64/Sirefef.W trojancleaned by deleting - quarantined
    C:\FRST\Quarantine\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\U\00000001.@Win64/Sirefef.AI trojancleaned by deleting - quarantined
    C:\FRST\Quarantine\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\U\80000000.@Win64/Sirefef.AE trojancleaned by deleting - quarantined
    C:\FRST\Quarantine\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\{243a9a4b-3c89-9ec1-8efa-bfcc52325f1a}\U\800000cb.@Win64/Sirefef.AH trojancleaned by deleting - quarantined
    C:\Users\Navi\Downloads\gtk2121-setup.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
     
  14. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Uninstall:
    JavaFX 2.1.1
    Java(TM) 6 Update 22

    FSS log is incomplete.
    Redo.
     
  15. aman_badyal

    aman_badyal TS Rookie Topic Starter

    JavaFX 2.1.1 and Java 6 Update 22 have been uninstalled. New FSS log is below:
    Farbar Service Scanner Version: 19-06-2012 01
    Ran by Navi (administrator) on 21-06-2012 at 23:46:22
    Running from "C:\Users\Navi\AppData\Local\Temp\Temp1_FSS.zip"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll
    [2012-06-21 18:20] - [2012-06-02 23:19] - 2428952 ____A (Microsoft Corporation) D9EF901DCA379CFE914E9FA13B73B4C4
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
     
  16. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  17. aman_badyal

    aman_badyal TS Rookie Topic Starter

    All processes killed
    Error: Unable to interpret <:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [CLEARALLRESTOREPOINTS] [Reboot]> in the current context!

    OTL by OldTimer - Version 3.2.50.0 log created on 06252012_214737
    Files\Folders moved on Reboot...
    Registry entries deleted on Reboot...
     
  18. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    OTL fix log is incorrect.
    It looks like you didn't copy my entire script.
    Redo.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Still with me?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.