Jump to content

DivyaKambhatla

Members
  • Content Count

    10
  • Joined

  • Last visited

Posts posted by DivyaKambhatla

  1. Hi,

    Sir, as suggested ,

    a. Uninstalled ComboFix using the ComboFix /Uninstall method. (got a pop up that combofix has been uninstalled).

    b. Changed the IE settings to as they have been asked to.

    c. Updated my AntiVirus Software

    d. Windows Firewall Enabled

    e. plugin M86 SecureBrowsing installed for chrome. Was unable to do it for Firefox 8.0.1 due to non compatibility. :(

    f. Changed my Passwords.

    I did not receive even a single notification from MBAM about any Malicious IP Blocks . Thank You so much..:)

    My heartfelt Thanks to You and your team for all the help and guidance that you'll provided.

    Will always keep in mind to follow the guidelines you have provided.

    Sincerely,

    Divya.

  2. Hi,

    I have uninstalled conduit engine,ask.com, UTorrent and its toolbars and even Skype (and its associated toolbars).

    There has been no notification from MBAM for the past 20minutes. However, Will continue to monitor for any more notifications from MBAM for any malicious IP access block.

    Thank You Sir.

  3. Hi,

    Just wanted to add: Now i am getting notifications from MBAM about incoming access from a site 222.189.238.115 being blocked. The process being shown as "svchost.exe".

    Am not sure if this is anything malicious and if so why is this happening.. :(

    Thanks and Regards.

  4. Hi Sir,

    As suggested, I downloaded and ran the Combofix. Please find below the log of the same.

    ComboFix 11-11-20.01 - divya 20-11-2011 21:18:45.1.4 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.2999.1975 [GMT 5.5:30]

    Running from: c:\users\divya\Desktop\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Created a new restore point

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\program files (x86)\MP3 Rocket Toolbar\mp3Rockettb.dll

    c:\windows\s.bat

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Service_COMSysApp

    .

    .

    ((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))

    .

    .

    2011-11-20 15:53 . 2011-11-20 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp

    2011-11-18 18:50 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{532F2320-30A3-4EF3-924F-C7FD9E516754}\mpengine.dll

    2011-11-18 18:32 . 2011-11-18 18:32 -------- d-----w- c:\windows\system32\Macromed

    2011-11-12 07:12 . 2011-11-12 07:12 -------- d-----w- c:\users\divya\AppData\Roaming\Malwarebytes

    2011-11-12 07:11 . 2011-11-12 07:11 -------- d-----w- c:\programdata\Malwarebytes

    2011-11-12 07:11 . 2011-08-31 11:30 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

    2011-11-12 07:11 . 2011-11-12 07:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2011-11-09 08:39 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2011-11-09 08:39 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys

    2011-11-09 08:17 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

    2011-11-09 08:17 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

    2011-10-23 15:38 . 2011-10-23 15:38 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-11-18 18:32 . 2011-05-29 05:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2011-10-15 16:40 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

    2011-10-15 16:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

    2011-09-06 20:45 . 2011-02-22 18:19 41184 ----a-w- c:\windows\avastSS.scr

    2011-09-06 20:45 . 2011-02-22 18:19 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

    2011-09-06 20:45 . 2011-02-22 18:19 254400 ----a-w- c:\windows\system32\aswBoot.exe

    2011-09-06 20:38 . 2011-05-11 16:48 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2011-09-06 20:38 . 2011-02-22 18:19 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2011-09-06 20:36 . 2011-02-22 18:19 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2011-09-06 20:36 . 2011-02-22 18:19 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2011-09-06 20:36 . 2011-02-22 18:19 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2011-09-06 20:36 . 2011-02-22 18:19 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2011-08-27 05:37 . 2011-10-12 16:26 861696 ----a-w- c:\windows\system32\oleaut32.dll

    2011-08-27 05:37 . 2011-10-12 16:26 331776 ----a-w- c:\windows\system32\oleacc.dll

    2011-08-27 04:26 . 2011-10-12 16:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

    2011-08-27 04:26 . 2011-10-12 16:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

    .

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    .

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

    2010-12-09 07:21 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

    .

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    2010-12-09 07:21 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll

    .

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

    2011-08-23 15:50 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]

    .

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    .

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    .

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-04 39408]

    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-21 6276408]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]

    "331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]

    "UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

    "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-07-15 273544]

    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176]

    R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]

    R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]

    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176]

    R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]

    R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

    R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]

    R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]

    R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

    R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

    S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]

    S1 aswSnx;aswSnx; [x]

    S1 aswSP;aswSP; [x]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

    S2 Change Modem Device Service;Change Modem Device Service;c:\windows\SysWOW64\ChgService.exe [2010-03-19 135168]

    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608]

    S2 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;c:\program files (x86)\MP3 Rocket Toolbar\MP3RocketSvc.exe [2011-03-10 221696]

    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

    S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]

    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]

    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

    S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [x]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

    S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 21:02]

    .

    2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 21:02]

    .

    .

    --------- x86-64 -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

    @="{771C7324-DA80-49D3-8017-753B0AF60951}"

    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

    2010-08-20 02:03 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-07 16416360]

    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]

    "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]

    "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]

    "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]

    "combofix"="c:\combofix\CF25405.3XE" [2010-11-20 345088]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "LoadAppInit_DLLs"=0x0

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

    IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

    FF - ProfilePath - c:\users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\

    FF - prefs.js: browser.search.selectedEngine - Secure Search

    FF - prefs.js: browser.startup.homepage - www.google.com

    FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=mcafee&p=

    FF - user.js: yahoo.homepage.dontask - true

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    Toolbar-Locked - (no file)

    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

    AddRemove-Jardinains! - c:\windows\system32\SpoonUninstall.exe

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-1411117413-128677964-1662928230-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="WindowsLiveMail.Email.1"

    .

    [HKEY_USERS\S-1-5-21-1411117413-128677964-1662928230-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="WindowsLiveMail.VCard.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files\Alwil Software\Avast5\AvastSvc.exe

    c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    c:\windows\SysWOW64\rundll32.exe

    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    .

    **************************************************************************

    .

    Completion time: 2011-11-20 21:30:34 - machine was rebooted

    ComboFix-quarantined-files.txt 2011-11-20 16:00

    .

    Pre-Run: 235,552,387,072 bytes free

    Post-Run: 236,076,097,536 bytes free

    .

    - - End Of File - - EB91127156988CF41841C6220D19E318

    Behavior of the system right now:

    No Problems have been encountered so far. The Notification from MBAM about blocking access to 208.87.149.250 continue to occur.

    Thanks and Regards.

  5. Hi Sir,

    Please find the requested details below:

    1. MBAM Scan Results as on Nov 19th 2011.

    Malwarebytes' Anti-Malware 1.51.2.1300

    www.malwarebytes.org

    Database version: 8189

    Windows 6.1.7601 Service Pack 1

    Internet Explorer 9.0.8112.16421

    19-11-2011 21:35:33

    mbam-log-2011-11-19 (21-35-33).txt

    Scan type: Quick scan

    Objects scanned: 167795

    Time elapsed: 3 minute(s), 40 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    2. how your computer behaves at the moment

    Computer behaving normally after installing MBAM except for pop ups from MBAM every 15 mins about blocking access to a potentially malicious site with IP address 208.87.149.250. Before installing MBAM, i was unable to connect to any site( including google and yahoo) and a DNS Look Up failed error message was being thrown (when i was very well being able to connect the previous day).

    Latest Protection Log from MBAM.

    00:01:16 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49389, Process: avastsvc.exe)

    00:01:16 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49390, Process: avastsvc.exe)

    00:02:12 divya MESSAGE Scheduled update executed successfully

    00:02:56 divya MESSAGE IP Protection stopped

    00:02:58 divya MESSAGE Database updated successfully

    00:02:59 divya MESSAGE IP Protection started successfully

    00:16:13 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49509, Process: avastsvc.exe)

    00:16:13 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49510, Process: avastsvc.exe)

    00:31:19 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50320, Process: avastsvc.exe)

    00:31:19 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50321, Process: avastsvc.exe)

    00:46:19 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51103, Process: avastsvc.exe)

    00:46:19 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51104, Process: avastsvc.exe)

    18:10:55 divya MESSAGE Protection started successfully

    18:10:59 divya MESSAGE IP Protection started successfully

    18:11:54 divya ERROR Scheduled update failed: No address found failed with error code 11004

    18:53:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49402, Process: avastsvc.exe)

    18:53:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 49403, Process: avastsvc.exe)

    19:23:17 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50457, Process: avastsvc.exe)

    19:23:17 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50458, Process: avastsvc.exe)

    19:38:15 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50529, Process: avastsvc.exe)

    19:38:15 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50530, Process: avastsvc.exe)

    19:53:14 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50594, Process: avastsvc.exe)

    19:53:14 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50595, Process: avastsvc.exe)

    20:08:12 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50680, Process: avastsvc.exe)

    20:08:12 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50681, Process: avastsvc.exe)

    20:23:17 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50739, Process: avastsvc.exe)

    20:23:17 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50740, Process: avastsvc.exe)

    20:38:16 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50805, Process: avastsvc.exe)

    20:38:16 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 50806, Process: avastsvc.exe)

    20:53:14 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51187, Process: avastsvc.exe)

    20:53:14 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51188, Process: avastsvc.exe)

    21:23:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51552, Process: avastsvc.exe)

    21:23:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51553, Process: avastsvc.exe)

    21:38:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51661, Process: avastsvc.exe)

    21:38:11 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 51662, Process: avastsvc.exe)

    3. The Logs from DDS Run - namely DDS.txt and Attach.txt

    DDS.txt

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

    Run by divya at 21:31:27 on 2011-11-13

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.2999.1832 [GMT 5.5:30]

    .

    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    .

    ============== Running Processes ===============

    .

    C:\windows\system32\wininit.exe

    C:\windows\system32\lsm.exe

    C:\windows\system32\svchost.exe -k DcomLaunch

    C:\windows\system32\nvvsvc.exe

    C:\windows\system32\svchost.exe -k RPCSS

    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\windows\system32\svchost.exe -k netsvcs

    C:\windows\system32\svchost.exe -k LocalService

    C:\windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    C:\windows\system32\nvvsvc.exe

    C:\windows\System32\spoolsv.exe

    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\windows\system32\svchost.exe -k bthsvcs

    C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

    C:\windows\SysWOW64\ChgService.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

    C:\Program Files (x86)\MP3 Rocket Toolbar\MP3RocketSvc.exe

    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\windows\system32\rundll32.exe

    C:\windows\SysWOW64\rundll32.exe

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    C:\windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

    C:\windows\system32\taskhost.exe

    C:\windows\system32\Dwm.exe

    C:\windows\Explorer.EXE

    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\windows\System32\rundll32.exe

    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

    C:\Program Files\Elantech\ETDCtrl.exe

    C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

    C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

    C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

    C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    C:\Program Files (x86)\USB Camera\VM331_STI.EXE

    C:\Program Files\Elantech\ETDCtrlHelper.exe

    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

    C:\Program Files\Alwil Software\Avast5\AvastUI.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

    C:\Program Files (x86)\Ask.com\Updater\Updater.exe

    C:\windows\system32\SearchIndexer.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

    C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe

    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\windows\System32\svchost.exe -k secsvcs

    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    C:\Program Files\Windows NT\Accessories\wordpad.exe

    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    C:\windows\SysWOW64\cmd.exe

    C:\windows\system32\conhost.exe

    C:\windows\SysWOW64\cscript.exe

    C:\windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/

    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    mWinlogon: Userinit=userinit.exe,

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110128004505.dll

    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

    BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    TB: Mp3Rocket Toolbar: {4c350b19-6ca1-4569-b14c-296d8d65300b} - "C:\Program Files (x86)\MP3 Rocket Toolbar\mp3rockettb.DLL"

    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

    mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE

    mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

    mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

    mRun: [<NO NAME>]

    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

    IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

    BHO-X64: 0x1 - No File

    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO-X64: AcroIEHelperStub - No File

    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

    BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    BHO-X64: Search Helper - No File

    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110128004505.dll

    BHO-X64: scriptproxy - No File

    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    BHO-X64: SkypeIEPluginBHO - No File

    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

    BHO-X64: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

    BHO-X64: Ask Toolbar BHO - No File

    BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    TB-X64: Mp3Rocket Toolbar: {4C350B19-6CA1-4569-B14C-296D8D65300B} - "C:\Program Files (x86)\MP3 Rocket Toolbar\mp3rockettb.DLL"

    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    TB-X64: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    mRun-x64: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE

    mRun-x64: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

    mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

    mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

    mRun-x64: [(Default)]

    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\

    FF - prefs.js: browser.search.selectedEngine - Secure Search

    FF - prefs.js: browser.startup.homepage - www.google.com

    FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=mcafee&p=

    FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll

    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

    FF - component: C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

    FF - component: C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    FF - plugin: C:\Users\divya\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    .

    ---- FIREFOX POLICIES ----

    FF - user.js: yahoo.homepage.dontask - true

    ============= SERVICES / DRIVERS ===============

    .

    R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]

    R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

    R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]

    R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]

    R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]

    R1 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

    R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]

    R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]

    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-9 44768]

    R2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2010-11-3 135168]

    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-20 13336]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-12 366152]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440]

    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440]

    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440]

    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440]

    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-15 200056]

    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-15 245352]

    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-1-15 149032]

    R2 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;C:\Program Files (x86)\MP3 Rocket Toolbar\Mp3RocketSvc.exe [2011-3-10 221696]

    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

    R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-20 2320920]

    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]

    R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]

    R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

    R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]

    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

    R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

    R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

    R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

    R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

    R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]

    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]

    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

    R3 vm331avs;Digital Camera 1;C:\windows\system32\Drivers\vm331avs.sys --> C:\windows\system32\Drivers\vm331avs.sys [?]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

    R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-5 136176]

    S2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440]

    S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

    S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]

    S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\windows\system32\DRIVERS\cmnsusbser.sys --> C:\windows\system32\DRIVERS\cmnsusbser.sys [?]

    S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]

    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-5 136176]

    S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]

    S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]

    S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-8-20 509192]

    S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-8-20 579400]

    S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

    S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

    S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]

    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    .

    =============== Created Last 30 ================

    .

    2011-11-12 07:12:05 -------- d-----w- C:\Users\divya\AppData\Roaming\Malwarebytes

    2011-11-12 07:11:56 -------- d-----w- C:\ProgramData\Malwarebytes

    2011-11-12 07:11:53 25416 ----a-w- C:\windows\System32\drivers\mbam.sys

    2011-11-12 07:11:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2011-11-11 16:06:50 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D2E3387-8C5B-4613-8343-EE9A9C81AE56}\offreg.dll

    2011-11-11 16:06:47 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D2E3387-8C5B-4613-8343-EE9A9C81AE56}\mpengine.dll

    2011-11-09 08:39:41 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys

    2011-11-09 08:39:37 3144704 ----a-w- C:\windows\System32\win32k.sys

    2011-11-09 08:17:33 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

    2011-11-09 08:17:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

    2011-10-23 15:38:37 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

    2011-10-16 13:25:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

    2011-10-15 16:28:00 -------- d-----w- C:\windows\System32\SPReview

    2011-10-15 16:26:24 -------- d-----w- C:\windows\System32\EventProviders

    .

    ==================== Find3M ====================

    .

    2011-10-19 13:41:45 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2011-10-15 16:40:34 152576 ----a-w- C:\windows\SysWow64\msclmd.dll

    2011-10-15 16:40:33 175616 ----a-w- C:\windows\System32\msclmd.dll

    2011-09-06 20:45:29 41184 ----a-w- C:\windows\avastSS.scr

    2011-09-06 20:38:18 601944 ----a-w- C:\windows\System32\drivers\aswSnx.sys

    2011-09-06 20:36:30 65368 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

    2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll

    2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll

    2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb

    2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll

    2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll

    2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

    2011-08-27 05:37:49 861696 ----a-w- C:\windows\System32\oleaut32.dll

    2011-08-27 05:37:48 331776 ----a-w- C:\windows\System32\oleacc.dll

    2011-08-27 04:26:27 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll

    2011-08-27 04:26:27 233472 ----a-w- C:\windows\SysWow64\oleacc.dll

    2011-08-17 05:26:46 613888 ----a-w- C:\windows\System32\psisdecd.dll

    2011-08-17 05:25:08 108032 ----a-w- C:\windows\System32\psisrndr.ax

    2011-08-17 04:24:12 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll

    2011-08-17 04:19:27 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax

    .

    ============= FINISH: 21:33:02.90 ===============

    Attach.txt

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 26-09-2010 13:05:53

    System Uptime: 13-11-2011 20:06:00 (1 hours ago)

    .

    Motherboard: LENOVO | | Base Board Product Name

    Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU | 1190/1066mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 422 GiB total, 219.757 GiB free.

    D: is FIXED (NTFS) - 29 GiB total, 22.019 GiB free.

    F: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID:

    Description: Bluetooth Peripheral Device

    Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C109\8&38492200&0&0024EFCD7CA0_C00000000

    Manufacturer:

    Name: Bluetooth Peripheral Device

    PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C109\8&38492200&0&0024EFCD7CA0_C00000000

    Service:

    .

    Class GUID:

    Description: Bluetooth Peripheral Device

    Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C109\8&38492200&0&0024EFCD7CA0_C00000000

    Manufacturer:

    Name: Bluetooth Peripheral Device

    PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C109\8&38492200&0&0024EFCD7CA0_C00000000

    Service:

    .

    ==== System Restore Points ===================

    .

    RP134: 21-10-2011 20:53:22 - Windows Update

    RP135: 23-10-2011 21:04:00 - Windows Update

    RP136: 23-10-2011 21:06:00 - Windows Update

    RP137: 23-10-2011 22:43:01 - Windows Update

    RP138: 27-10-2011 01:04:54 - Windows Update

    RP139: 01-11-2011 22:11:55 - Windows Update

    RP140: 05-11-2011 12:45:59 - Windows Update

    RP141: 09-11-2011 14:14:49 - Windows Update

    RP142: 09-11-2011 15:21:12 - Windows Update

    RP143: 10-11-2011 01:01:22 - Windows Update

    RP144: 12-11-2011 01:01:16 - Windows Update

    RP145: 12-11-2011 22:59:50 - Windows Update

    .

    ==== Installed Programs ======================

    .

    µTorrent

    Acrobat.com

    Adobe AIR

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader 9.2

    Ask Toolbar

    avast! Free Antivirus

    Bing Bar

    Bing Bar Platform

    Capitel Connect 2.2.8.3.2.102.2

    Conduit Engine

    CyberLink YouCam

    D3DX10

    Energy Management

    GeoVid Flash Player

    Google Chrome

    Google Talk (remove only)

    Google Toolbar for Internet Explorer

    Google Update Helper

    Intel® Control Center

    Intel® Management Engine Components

    Intel® Rapid Storage Technology

    Intel® Turbo Boost Technology Driver

    Jardinains!

    Java Auto Updater

    Java 6 Update 26

    Junk Mail filter update

    Lenovo DirectShare

    Lenovo EasyCamera

    Lenovo OneKey Recovery

    Lenovo ReadyComm 5

    Lenovo ReadyComm 5.0 Service

    Lenovo_Wireless_Driver

    Malwarebytes' Anti-Malware version 1.51.2.1300

    McAfee AntiVirus Plus

    Mesh Runtime

    Messenger Companion

    Microsoft Office 2010

    Microsoft Office Click-to-Run 2010

    Microsoft Office Starter 2010 - English

    Microsoft PowerPoint Viewer

    Microsoft Search Enhancement Pack

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable - KB2467175

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Mozilla Firefox 7.0.1 (x86 en-US)

    MP3 Rocket

    MP3 Rocket Toolbar

    MSVCRT

    MSVCRT_amd64

    Onekey Theater

    ooVoo

    Pocket Tanks 1.00b

    Power2Go

    RealNetworks - Microsoft Visual C++ 2008 Runtime

    RealPlayer

    Realtek Ethernet Controller Driver For Windows 7

    Realtek USB 2.0 Card Reader

    RealUpgrade 1.1

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Skype Toolbars

    Skype™ 5.1

    TextPad 5

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    uTorrentBar Toolbar

    VeriFace

    VLC media player 1.1.9

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Installer

    Windows Live Mail

    Windows Live Mesh

    Windows Live Mesh ActiveX Control for Remote Connections

    Windows Live Messenger

    Windows Live Messenger Companion Core

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live Sync

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources

    WinRAR archiver

    Yahoo! BrowserPlus 2.9.8

    Yahoo! Messenger

    Yahoo! Software Update

    Yahoo! Toolbar

    .

    ==== Event Viewer Messages From Past Week ========

    .

    13-11-2011 20:09:06, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified.

    13-11-2011 20:05:27, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.

    13-11-2011 20:05:27, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

    13-11-2011 20:05:27, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: A system shutdown is in progress.

    13-11-2011 20:05:27, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: A system shutdown is in progress.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    13-11-2011 20:04:27, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    .

    ==== End Of File ===========================

    Awaiting your suggestions.

    Thank You.

  6. Hi

    As suggested, i downloaded and run the DDS file. The run generated two logs , one being DDS.txt and the second Attach.txt, both of which have been attached.

    Please suggest how i could proceed in this regard.

    Thanks for all your help.DDS.txt

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

    Run by divya at 21:31:27 on 2011-11-13

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.2999.1832 [GMT 5.5:30]

    .

    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    .

    ============== Running Processes ===============

    .

    C:\windows\system32\wininit.exe

    C:\windows\system32\lsm.exe

    C:\windows\system32\svchost.exe -k DcomLaunch

    C:\windows\system32\nvvsvc.exe

    C:\windows\system32\svchost.exe -k RPCSS

    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\windows\system32\svchost.exe -k netsvcs

    C:\windows\system32\svchost.exe -k LocalService

    C:\windows\system32\svchost.exe -k NetworkService

    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    C:\windows\system32\nvvsvc.exe

    C:\windows\System32\spoolsv.exe

    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\windows\system32\svchost.exe -k bthsvcs

    C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

    C:\windows\SysWOW64\ChgService.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

    C:\Program Files (x86)\MP3 Rocket Toolbar\MP3RocketSvc.exe

    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\windows\system32\rundll32.exe

    C:\windows\SysWOW64\rundll32.exe

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    C:\windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

    C:\windows\system32\taskhost.exe

    C:\windows\system32\Dwm.exe

    C:\windows\Explorer.EXE

    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\windows\System32\rundll32.exe

    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

    C:\Program Files\Elantech\ETDCtrl.exe

    C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

    C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

    C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

    C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    C:\Program Files (x86)\USB Camera\VM331_STI.EXE

    C:\Program Files\Elantech\ETDCtrlHelper.exe

    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

    C:\Program Files\Alwil Software\Avast5\AvastUI.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

    C:\Program Files (x86)\Ask.com\Updater\Updater.exe

    C:\windows\system32\SearchIndexer.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

    C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe

    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\windows\System32\svchost.exe -k secsvcs

    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    C:\Program Files\Windows NT\Accessories\wordpad.exe

    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    C:\windows\SysWOW64\cmd.exe

    C:\windows\system32\conhost.exe

    C:\windows\SysWOW64\cscript.exe

    C:\windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/

    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    mWinlogon: Userinit=userinit.exe,

    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110128004505.dll

    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

    BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    TB: Mp3Rocket Toolbar: {4c350b19-6ca1-4569-b14c-296d8d65300b} - "C:\Program Files (x86)\MP3 Rocket Toolbar\mp3rockettb.DLL"

    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

    mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE

    mRun: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

    mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

    mRun: [<NO NAME>]

    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

    IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

    BHO-X64: 0x1 - No File

    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO-X64: AcroIEHelperStub - No File

    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

    BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    BHO-X64: Search Helper - No File

    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110128004505.dll

    BHO-X64: scriptproxy - No File

    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    BHO-X64: SkypeIEPluginBHO - No File

    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

    BHO-X64: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

    BHO-X64: Ask Toolbar BHO - No File

    BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

    TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

    TB-X64: Mp3Rocket Toolbar: {4C350B19-6CA1-4569-B14C-296D8D65300B} - "C:\Program Files (x86)\MP3 Rocket Toolbar\mp3rockettb.DLL"

    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    TB-X64: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    mRun-x64: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE

    mRun-x64: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

    mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

    mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

    mRun-x64: [(Default)]

    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\

    FF - prefs.js: browser.search.selectedEngine - Secure Search

    FF - prefs.js: browser.startup.homepage - www.google.com

    FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=mcafee&p=

    FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll

    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

    FF - component: C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

    FF - component: C:\Users\divya\AppData\Roaming\Mozilla\Firefox\Profiles\qyfsciar.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    FF - plugin: C:\Users\divya\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    .

    ---- FIREFOX POLICIES ----

    FF - user.js: yahoo.homepage.dontask - true

    ============= SERVICES / DRIVERS ===============

    .

    R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]

    R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

    R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]

    R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]

    R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]

    R1 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

    R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]

    R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]

    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-9 44768]

    R2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2010-11-3 135168]

    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-20 13336]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-12 366152]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440]

    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440]

    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440]

    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440]

    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-15 200056]

    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-15 245352]

    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-1-15 149032]

    R2 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;C:\Program Files (x86)\MP3 Rocket Toolbar\Mp3RocketSvc.exe [2011-3-10 221696]

    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

    R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-20 2320920]

    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]

    R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]

    R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

    R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]

    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

    R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

    R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

    R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

    R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

    R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]

    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]

    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

    R3 vm331avs;Digital Camera 1;C:\windows\system32\Drivers\vm331avs.sys --> C:\windows\system32\Drivers\vm331avs.sys [?]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

    R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-5 136176]

    S2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-28 355440]

    S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

    S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]

    S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\windows\system32\DRIVERS\cmnsusbser.sys --> C:\windows\system32\DRIVERS\cmnsusbser.sys [?]

    S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]

    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-5 136176]

    S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]

    S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]

    S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-8-20 509192]

    S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-8-20 579400]

    S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

    S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

    S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]

    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    .

    =============== Created Last 30 ================

    .

    2011-11-12 07:12:05 -------- d-----w- C:\Users\divya\AppData\Roaming\Malwarebytes

    2011-11-12 07:11:56 -------- d-----w- C:\ProgramData\Malwarebytes

    2011-11-12 07:11:53 25416 ----a-w- C:\windows\System32\drivers\mbam.sys

    2011-11-12 07:11:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2011-11-11 16:06:50 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D2E3387-8C5B-4613-8343-EE9A9C81AE56}\offreg.dll

    2011-11-11 16:06:47 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D2E3387-8C5B-4613-8343-EE9A9C81AE56}\mpengine.dll

    2011-11-09 08:39:41 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys

    2011-11-09 08:39:37 3144704 ----a-w- C:\windows\System32\win32k.sys

    2011-11-09 08:17:33 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

    2011-11-09 08:17:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

    2011-10-23 15:38:37 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

    2011-10-16 13:25:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

    2011-10-15 16:28:00 -------- d-----w- C:\windows\System32\SPReview

    2011-10-15 16:26:24 -------- d-----w- C:\windows\System32\EventProviders

    .

    ==================== Find3M ====================

    .

    2011-10-19 13:41:45 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2011-10-15 16:40:34 152576 ----a-w- C:\windows\SysWow64\msclmd.dll

    2011-10-15 16:40:33 175616 ----a-w- C:\windows\System32\msclmd.dll

    2011-09-06 20:45:29 41184 ----a-w- C:\windows\avastSS.scr

    2011-09-06 20:38:18 601944 ----a-w- C:\windows\System32\drivers\aswSnx.sys

    2011-09-06 20:36:30 65368 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

    2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll

    2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll

    2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb

    2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll

    2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll

    2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

    2011-08-27 05:37:49 861696 ----a-w- C:\windows\System32\oleaut32.dll

    2011-08-27 05:37:48 331776 ----a-w- C:\windows\System32\oleacc.dll

    2011-08-27 04:26:27 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll

    2011-08-27 04:26:27 233472 ----a-w- C:\windows\SysWow64\oleacc.dll

    2011-08-17 05:26:46 613888 ----a-w- C:\windows\System32\psisdecd.dll

    2011-08-17 05:25:08 108032 ----a-w- C:\windows\System32\psisrndr.ax

    2011-08-17 04:24:12 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll

    2011-08-17 04:19:27 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax

    .

    ============= FINISH: 21:33:02.90 ===============

    Attach.txt

  7. Hello,

    I am a new user of Malware Bytes Anti Malware and i came to know about MBAM from mozilla forums. I was experiencing problems in accessing sites like yahoo and google from both mozilla and chrome and the message "DNS lookup failed was being displayed". I went through different forums and i decided to try out MBAM to fish out any infections in my system. I have Avast antivirus installed in my system and a scan from both of these ( Avast and MBAM) revealed zero virus and infections in my system.

    However, i constantly keep getting a pop up from MBAM about access to one partiular IP address 208.87.149.250 being blocked by MBAM and the Process Initiator being Avastsvc.exe (used by Avast Antivirus Sofware). I have gone through the MBAM forums and understand that it is infact some other process that is trying to provide access to this particular IP but Windows portrays it as Avast . So, as sugggested (Section G of http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100), I installed the TCPView to know which is the process which is actually initiating the hit to this IP but i see that the TCPView does not show 208.87.149.250 anywhere or at anytime in the list of remote addresses (or maybe i am missing it.. :( )

    I did a google search for this IP and I see that this IP is regitered to a particular FreeLook Incorporation from NA and is BlackListed and is also said to be noted for DNS Infiltration and spamming.

    Please find below the log file of MBAM in my system.

    14:18:05 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 52322, Process: avastsvc.exe)

    14:18:06 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 52323, Process: avastsvc.exe)

    14:33:08 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 52960, Process: avastsvc.exe)

    14:33:08 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 52961, Process: avastsvc.exe)

    16:14:57 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 53616, Process: avastsvc.exe)

    16:14:57 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 53617, Process: avastsvc.exe)

    16:29:59 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54280, Process: avastsvc.exe)

    16:29:59 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54281, Process: avastsvc.exe)

    16:44:59 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54399, Process: avastsvc.exe)

    16:44:59 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54400, Process: avastsvc.exe)

    16:59:58 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54624, Process: avastsvc.exe)

    16:59:58 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54625, Process: avastsvc.exe)

    17:11:28 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54791, Process: avastsvc.exe)

    17:11:28 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54792, Process: avastsvc.exe)

    17:14:57 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54953, Process: avastsvc.exe)

    17:14:57 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 54954, Process: avastsvc.exe)

    17:29:55 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 55085, Process: avastsvc.exe)

    17:29:55 divya IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 55086, Process: avastsvc.exe)

    Could you please suggest what can i do to stop this IP from accessing my machine and how i could know which is the particular process which is supporting access to this IP from my system? Pleaseee Helpp.. :(

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.