Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Explore on Windows XP extremely slow, hangs often [Solved]

Started by sumitk , Dec 16 2012 11:54 PM

  • This topic is locked This topic is locked

#1
sumitk
Posted 16 December 2012 - 11:54 PM

sumitk

    Member

  • Member
  • PipPip
  • 43 posts
Hi. I would really appreciate your help here. I have a laptop with Windows XP and I use IE as my browser. For a few months now the internex explorer has become extremely slow and it hangs very often. I am also noticing several processes running through the task manager that I do not recognize. I use MS Security Essentials as my anti-virus tool. Please see below for my OTL log.

Thank you very much for your help!!

OTL LOG:

OTL logfile created on: 12/17/2012 12:45:31 AM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Sumit\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.80% Memory free
3.84 Gb Paging File | 3.03 Gb Available in Paging File | 78.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 23.22 Gb Free Space | 15.58% Space Free | Partition Type: NTFS
Drive E: | 40.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SUMIT-LAPTOP | User Name: Sumit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/27 13:46:10 | 002,103,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/11/27 13:46:10 | 001,115,992 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/09/22 21:18:32 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/31 22:10:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sumit\Desktop\OTL.exe
PRC - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/04/25 01:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 01:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/11/09 11:40:20 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/11/09 11:40:10 | 000,273,664 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/09/03 08:57:04 | 001,877,328 | ---- | M] (EMC) -- C:\Program Files\Iomega StorCenter\sohoclient.exe
PRC - [2008/12/11 11:04:58 | 009,499,928 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.5\RetroExpress.exe
PRC - [2008/12/11 11:04:58 | 000,230,680 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.5\Retrospect.exe
PRC - [2008/12/11 11:04:58 | 000,111,896 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 17:06:18 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/10/25 12:31:20 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 15:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 13:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\stacsv.exe
PRC - [2007/05/10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/09/08 14:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2002/12/16 16:51:24 | 000,036,864 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
PRC - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/12 22:41:44 | 000,557,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/11/27 22:42:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/27 22:07:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/27 22:07:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/27 22:07:21 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/27 22:04:47 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/27 22:04:21 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2011/05/06 12:07:00 | 004,317,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2011/05/06 12:02:52 | 000,737,280 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2010/10/26 07:34:12 | 011,853,824 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
MOD - [2010/10/25 23:37:32 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\phonon4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2010/10/25 23:23:34 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/10/25 23:06:28 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 08:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2009/11/09 11:40:20 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/03 08:57:05 | 006,463,488 | ---- | M] () -- C:\Program Files\Iomega StorCenter\wxmsw28u_vc_custom.dll
MOD - [2007/12/10 16:51:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/10/09 18:17:44 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/10/09 18:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/10/13 11:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2001/07/31 11:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2001/05/06 11:14:24 | 000,765,952 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll
MOD - [2001/05/06 11:14:22 | 000,086,093 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll
MOD - [2001/05/06 11:14:22 | 000,053,326 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll
MOD - [2001/05/06 11:14:22 | 000,053,319 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll
MOD - [2001/05/06 11:14:22 | 000,032,841 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll
MOD - [2001/05/06 11:14:22 | 000,028,753 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll
MOD - [2001/05/06 11:14:22 | 000,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/12/13 00:12:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/27 13:46:10 | 001,115,992 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/09/22 21:18:32 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/22 21:06:02 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2009/11/09 11:40:20 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2008/12/11 11:05:00 | 000,128,280 | ---- | M] (EMC Corporation) [Auto | Stopped] -- C:\Program Files\Retrospect\Retrospect Express HD 2.5\rthlpsvc.exe -- (RetroExp Helper)
SRV - [2008/12/11 11:04:58 | 000,111,896 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe -- (RetroExpLauncher)
SRV - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\stacsv.exe -- (STacSV)
SRV - [2002/08/01 10:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/12 22:41:43 | 000,055,448 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2012/12/12 22:41:38 | 000,274,328 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_44365.sys -- (RapportCerberus_44365)
DRV - [2012/11/27 13:46:28 | 000,173,752 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/11/27 13:46:28 | 000,102,040 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/11/27 13:46:28 | 000,097,784 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/25 00:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2008/08/19 22:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 22:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/30 11:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/03/10 18:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 17:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/12/26 19:02:52 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/09 18:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/08/02 16:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 16:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 16:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/04 22:00:00 | 000,105,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {799F6C92-BAE1-43FC-91B5-F5B8FC39BA4B}
IE - HKCU\..\SearchScopes\{799F6C92-BAE1-43FC-91B5-F5B8FC39BA4B}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sumit\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sumit\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/22 21:06:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/22 21:16:57 | 000,000,000 | ---D | M]

[2011/04/02 09:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sumit\Application Data\Mozilla\Extensions
[2012/11/14 11:00:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sumit\Application Data\Mozilla\Firefox\Profiles\w0lw0lwr.default\extensions
[2012/07/31 21:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/22 21:06:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/25 00:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 01:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 00:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011/04/25 00:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/04/25 01:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2011/04/25 01:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/09/22 21:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/22 21:05:38 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sumit\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sumit\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sumit\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: EPAFactory Endpoint Analysis Plugin 4.5.4.1 For HF4 (Enabled) = C:\Documents and Settings\Sumit\Application Data\Mozilla\plugins\np648B633A-297B-44A4-ACA5-4B2891C39F55.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sumit\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Retrospect\Retrospect Express HD 2.5\RetroExpress.exe (EMC Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe (EMC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://newyork.acce...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {6416C78A-E810-445C-8712-1785809FA433} https://newyork.acce...t/EPAClient.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343790172500 (MUWebControl Class)
O16 - DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} https://mydesk-pi02....inalSvcsTCS.cab (TerminalSvcsTCSX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85769F7B-7B7B-49B4-82D2-58B084E6F60B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 10:55:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/08/26 08:21:36 | 000,000,056 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8a018854-7dd6-11dd-af30-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8a018854-7dd6-11dd-af30-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a018854-7dd6-11dd-af30-806d6172696f}\Shell\AutoRun\command - "" = E:\SessionViewer.exe -- [2008/09/26 10:03:40 | 006,733,186 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{dba54fd7-4966-11df-96ff-001fe13cc4c7}\Shell\AutoRun\command - "" = D:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/27 13:46:28 | 000,102,040 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/17 00:41:38 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1801674531-839522115-1003UA.job
[2012/12/17 00:41:34 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Sumit\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/17 00:41:33 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Sumit\Desktop\Google Chrome.lnk
[2012/12/17 00:11:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/17 00:06:02 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/12/16 23:56:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/16 23:55:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/13 00:09:11 | 000,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/12 23:51:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/06 22:37:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1801674531-839522115-1003Core.job
[2012/11/27 22:03:43 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/27 22:03:43 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/27 13:46:28 | 000,102,040 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/17 11:22:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/22 21:41:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/02 09:25:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/06 22:11:50 | 000,162,816 | ---- | C] () -- C:\Documents and Settings\Sumit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/09/22 20:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2012/08/15 19:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/01/17 11:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2012/12/17 00:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2012/09/15 18:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/05/30 21:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/09 23:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/14 20:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/03 22:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sumit\Application Data\Amazon
[2009/10/05 20:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sumit\Application Data\Citrix
[2011/01/26 23:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sumit\Application Data\Flip Video
[2009/07/02 23:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sumit\Application Data\ICAClient
[2011/08/17 23:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sumit\Application Data\Leadertech
[2009/10/05 20:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sumit\Application Data\Netscape
[2008/09/08 11:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sumit\Application Data\TMP

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Dakeyras
Posted 21 December 2012 - 08:49 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Custom Batch File:

  • Open Notepad.
  • Copy and Paste everything from the Quote-Box(do not copy the word quote) below into Notepad:

@echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

  • Go to File >> Save As
  • Save File name as Dakeyras.bat
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Posted Image
Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Note: You will temporally loose your internet connection and your machine should automatically reboot. If it does not reboot your machine manually.

Scan with DDS:

Please download DDS and save it to your Desktop from here.

Alternate downloads are here or here.

  • Disable any script blocker, and then double click on DDS to run the tool.
  • When done, DDS will open two logs:
  • DDS.txt
  • Attach.txt
  • Both reports will also be on your desktop.
  • Please post the contents of these two Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Both DDS logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
Dakeyras
Posted 24 December 2012 - 01:24 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Dakeyras
Posted 25 December 2012 - 06:57 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Re-opened at OP's request...
  • 0

#5
sumitk
Posted 25 December 2012 - 09:18 PM

sumitk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thank you Dakeyras for your help thus far and re-opening the topic.

As requested, I have performed the steps you mentioned in your post. Overall, I must see that it does seem that the IE explorer is now functioning better.

Please see below the DDS log # 1:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/8/2008 11:58:29 AM
System Uptime: 12/25/2012 12:23:02 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz | Microprocessor | 1321/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 23.335 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP458: 9/22/2012 9:46:37 PM - Software Distribution Service 3.0
RP459: 9/22/2012 9:50:44 PM - Removed Rapport
RP460: 9/22/2012 9:52:21 PM - Removed Motorola Phone Tools
RP461: 9/22/2012 10:17:41 PM - Removed Java™ 6 Update 31
RP462: 9/22/2012 10:18:24 PM - Installed Java 7 Update 7
RP463: 9/22/2012 10:20:24 PM - Software Distribution Service 3.0
RP464: 9/25/2012 9:36:23 PM - Software Distribution Service 3.0
RP465: 9/28/2012 8:16:22 PM - Software Distribution Service 3.0
RP466: 10/15/2012 9:33:05 AM - Software Distribution Service 3.0
RP467: 10/15/2012 12:36:51 PM - Software Distribution Service 3.0
RP468: 10/27/2012 8:13:06 AM - Installed Rapport
RP469: 10/27/2012 8:21:55 AM - Software Distribution Service 3.0
RP470: 10/29/2012 5:27:32 PM - Software Distribution Service 3.0
RP471: 10/30/2012 6:06:41 PM - Software Distribution Service 3.0
RP472: 10/31/2012 6:29:32 PM - Installed Rapport
RP473: 10/31/2012 7:30:21 PM - Software Distribution Service 3.0
RP474: 11/9/2012 9:26:18 AM - System Checkpoint
RP475: 11/11/2012 7:53:59 PM - Software Distribution Service 3.0
RP476: 11/14/2012 10:45:10 AM - Software Distribution Service 3.0
RP477: 11/22/2012 8:51:51 AM - Software Distribution Service 3.0
RP478: 11/27/2012 9:59:40 PM - Software Distribution Service 3.0
RP479: 11/27/2012 11:25:38 PM - Software Distribution Service 3.0
RP480: 11/30/2012 8:10:40 AM - Software Distribution Service 3.0
RP481: 12/3/2012 12:26:20 AM - Software Distribution Service 3.0
RP482: 12/6/2012 10:42:50 PM - Software Distribution Service 3.0
RP483: 12/12/2012 10:39:07 PM - Installed Rapport
RP484: 12/12/2012 10:48:05 PM - Software Distribution Service 3.0
RP485: 12/12/2012 11:47:14 PM - Software Distribution Service 3.0
RP486: 12/17/2012 12:06:59 AM - Software Distribution Service 3.0
RP487: 12/18/2012 1:34:31 PM - Software Distribution Service 3.0
RP488: 12/19/2012 11:00:10 PM - Software Distribution Service 3.0
RP489: 12/19/2012 11:02:57 PM - Installed Java 7 Update 10
RP490: 12/24/2012 10:56:39 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
Bonjour
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Citrix Presentation Server Web Client for Win32
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Touchpad
Dell Wireless WLAN Card
EPAFactory Endpoint Analysis Plugin 4.5.4.1 For HF4
FlipShare
Google Chrome
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet 1010 Series
Intel® Graphics Media Accelerator Driver
Iomega Product Registration
Iomega StorCenter
iTunes
Java 7 Update 10
Java Auto Updater
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Motorola Driver Installation 4.2.0
Motorola Software Update
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Picasa 3
QuickSet
QuickTime
Rapport
Retrospect Express HD 2.5
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sony Picture Utility
Sony USB Driver
Spelling Dictionaries Support For Adobe Reader 9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
12/19/2012 8:48:01 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001FE13CC4C7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/19/2012 10:47:44 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001FE13CC4C7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/18/2012 10:30:03 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer StorCenter-ix2 using any of the configured protocols.
12/18/2012 10:30:02 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer VOSTRO220 using any of the configured protocols.
.
==== End Of File ===========================
  • 0

#6
sumitk
Posted 25 December 2012 - 09:20 PM

sumitk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Please see below for log #2 from DDS....... Thank you!!:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
Run by Sumit at 0:26:33 on 2012-12-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1256 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\RetroExpress.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Iomega StorCenter\sohoclient.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrospect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sumit\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RetroExpress] c:\progra~1\retros~1\retros~1.5\RetroExpress.exe /h
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\iomega~1.lnk - c:\program files\iomega storcenter\sohoclient.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://newyork.access.credit-suisse.com/CitrixSessionInit/ICAWEB/icaweb.cab
DPF: {6416C78A-E810-445C-8712-1785809FA433} - hxxps://newyork.access.credit-suisse.com/CitrixLogonPoint/newyork/EPAClient/EPAClient.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343790172500
DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} - hxxps://mydesk-pi02.morganstanley.com/prx/000/http/rc.ms.com:8180/md/1.2/common/htdocs/SPX/2.0.3.17/TerminalSvcsTCS.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{85769F7B-7B7B-49B4-82D2-58B084E6F60B} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sumit\application data\mozilla\firefox\profiles\w0lw0lwr.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\documents and settings\sumit\application data\mozilla\plugins\np648B633A-297B-44A4-ACA5-4B2891C39F55.dll
FF - plugin: c:\documents and settings\sumit\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-11-27 102040]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
R1 RapportCerberus_44365;RapportCerberus_44365;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_44365.sys [2012-12-12 274328]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-11-27 97784]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-11-27 173752]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-1-30 91392]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-11-27 1115992]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-8 105984]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2012-10-27 55448]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-12-25 03:56:45 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{633f2489-a668-471e-986c-b87017df6001}\mpengine.dll
2012-12-20 04:03:38 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-20 04:00:15 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-27 18:46:28 102040 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-12-13 05:12:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 05:12:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 0:27:39.31 ===============
  • 0

#7
Dakeyras
Posted 26 December 2012 - 02:03 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thank you Dakeyras for your help thus far and re-opening the topic.

You're welcome!

Overall, I must see that it does seem that the IE explorer is now functioning better.

Good.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on erunt-setup.exe to install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Double click on adwcleaner.exe to launch the application.
  • Now click on the Delete tab >> reboot your machine if prompted.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like S1.

Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate downloads are here or here.

  • Quit all running programs .
  • Double-click on RogueKiller.exe to start the application.
  • Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
  • Now click on the Scan tab back in the RogueKiller main window.
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com
  • Please post the contents of the RKreport.txt in your next reply.

  • 0

#8
sumitk
Posted 26 December 2012 - 09:26 PM

sumitk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi Dakeyras. Please find below the log from ADWCleaner:

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 22:19:48
# Updated 25/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sumit - SUMIT-LAPTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sumit\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

File : C:\Documents and Settings\Sumit\Application Data\Mozilla\Firefox\Profiles\w0lw0lwr.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Sumit\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1140 octets] - [26/12/2012 22:17:16]
AdwCleaner[S2].txt - [1073 octets] - [26/12/2012 22:19:48]

########## EOF - C:\AdwCleaner[S2].txt - [1133 octets] ##########
  • 0

#9
sumitk
Posted 26 December 2012 - 09:44 PM

sumitk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi Dakeyras. Please see below the report log from RogueKiller. Thank You!!

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Sumit [Admin rights]
Mode : Scan -- Date : 12/26/2012 22:33:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FB1CE)
SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FBEC2)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_44365.sys @ 0x9D775E10)
SSDT[62] : NtDeleteFile @ 0x80576C4A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FC1CA)
SSDT[63] : NtDeleteKey @ 0x80624592 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FFC16)
SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FFC64)
SSDT[98] : NtLoadKey @ 0x8062631A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FFEAA)
SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FC072)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FB380)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FB60E)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FB7C8)
SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FFDB2)
SSDT[192] : NtRenameKey @ 0x80623B18 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FFCCE)
SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FFD22)
SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FFD6A)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FB13C)
SSDT[224] : NtSetInformationFile @ 0x8057B02E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FC2DE)
SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FFB3C)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FB078)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FAF08)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FAF7E)
S_SSDT[7] : NtGdiAlphaBlend -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D602A4E)
S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D602790)
S_SSDT[191] : NtGdiGetPixel -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D602810)
S_SSDT[227] : NtGdiMaskBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D6028EC)
S_SSDT[237] : NtGdiPlgBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D602972)
S_SSDT[292] : NtGdiStretchBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D60285C)
S_SSDT[298] : NtGdiTransparentBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D6029E0)
S_SSDT[378] : NtUserFindWindowEx -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FC85A)
S_SSDT[477] : NtUserPrintWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D602AC0)
S_SSDT[483] : NtUserQueryWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0x9D5FC7AC)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM160HI +++++
--- User ---
[MBR] 2a51f65abf93547c3942b14b5fdb557e
[BSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 152578 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12262012_02d2233.txt >>
RKreport[1]_S_12262012_02d2233.txt
  • 0

#10
Dakeyras
Posted 28 December 2012 - 08:46 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Not sure what you mean by "EVE may be created" but I tried to load at least 8-10 times, nothing happened.

My apologies for the delay, some family members have arrived earlier than I was expecting so their may be some delays I'm afraid but after the New Year not a problem with myself being able to respond in a more timely manner etc.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes Anti-Malware:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click on mbam-setup-1.70.0.1100.exe, then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:

  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Malwarebytes' Anti-Malware Log.
  • Check Hard Disk For Errors Log.

  • 0

Advertisements

#11
sumitk
Posted 28 December 2012 - 09:41 AM

sumitk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi Dakeyras. No issues at all with the delay. You are helping me and i sincerely appreciate it. FYI, the pc is running great and i have noticed almost no issues with IE hanging or being slow. Please see below the log from MBAM:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.28.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sumit :: SUMIT-LAPTOP [administrator]

12/28/2012 10:27:22 AM
mbam-log-2012-12-28 (10-27-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198677
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
sumitk
Posted 28 December 2012 - 09:58 AM

sumitk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Please also find attached the log from the HD Check:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry FSM_SE~2.DAT in index $I30 of file 64480.

Errors found. CHKDSK cannot continue in read-only mode.
  • 0

#13
Dakeyras
Posted 29 December 2012 - 08:58 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

No issues at all with the delay. You are helping me and i sincerely appreciate it. FYI, the pc is running great and i have noticed almost no issues with IE hanging or being slow

Acknowledged(thank you) and you're most welcome!

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Deragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please click here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#14
sumitk
Posted 29 December 2012 - 07:19 PM

sumitk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hi Dakeyras. Please see below the results of the Eset test. Thank you!!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=a9fe80b2e618dd449aeb5ba4ed43dc0e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-30 01:01:51
# local_time=2012-12-29 08:01:51 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 2 111644561 111644561 0 0
# compatibility_mode=5892 16777213 88 94 5588497 20324868 0 0
# scanned=61271
# found=0
# cleaned=0
# scan_time=3851
  • 0

#15
Dakeyras
Posted 30 December 2012 - 06:04 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Please see below the results of the Eset test

A favorable outcome/result indeed...

Thank you!!

You're welcome!

Next:

Let update(check) some software as follows shall we...

  • Download and install(during the installation process uncheck the option:- Run at Startup) FileHippo Update Checker from here.
  • Once installed >> Click on Start >> All Programs >> double-click on Update Checker >> a browser window will open after the scan is complete.
  • Download any updates detected to the desktop >> uninstall anything that requires updating via Add/Remove Programs in the Control Panel.
  • Re-install the updated software...then delete the installers and empty the Recycle Bin.
When completed the above let myself know and if any further issues remaining, thank you.

Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP