Jump to content

Audio ads / Google Redirect /Firewall Virus


Recommended Posts

Hi ,

Few days before my laptop was infected by some kind of virus which triggers audio ads in backend at regular intervals.It also trigerred popups using iexplorer.

I also had issues in google redirects.Recently one of the redirects brought in few more virus .

I have Mcafee Antivirus and have installed Malware bytes and scanned with both of them and could not get rid of the virus.

Please assist me in removing the virus .

Thanks

Senthil

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by SENTHIL at 10:06:28 on 2011-12-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2578 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\SENTHIL\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111110231419.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\SENTHIL\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Facebook Update] "C:\Users\SENTHIL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\SENTHIL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{24570A72-DC05-4718-9C5A-3E72567C880A} : DhcpNameServer = 13.36.0.1 13.36.0.2

TCP: Interfaces\{A5A30ED2-4B28-4498-A77B-F6CDE483938C} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A5A30ED2-4B28-4498-A77B-F6CDE483938C}\2375942554439393 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A5A30ED2-4B28-4498-A77B-F6CDE483938C}\34F4F4C4D23514D4944525F495 : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111110231419.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\SENTHIL\AppData\Roaming\Mozilla\Firefox\Profiles\0wombr7u.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\SENTHIL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\SENTHIL\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\SENTHIL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\SENTHIL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-10 98208]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-4-10 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-4-10 208536]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-1 366152]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-4-10 220528]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-29 249936]

.

=============== Created Last 30 ================

.

2011-11-24 16:54:41 -------- d-----w- C:\Program Files (x86)\uTorrent

2011-11-24 16:53:43 -------- d-----w- C:\Users\SENTHIL\AppData\Roaming\uTorrent

2011-11-24 16:53:43 -------- d-----w- C:\Users\SENTHIL\AppData\Local\uTorrent

.

==================== Find3M ====================

.

2011-12-01 12:55:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-29 22:15:31 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-10-29 22:15:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-10-22 00:30:52 631296 ----a-w- C:\Windows\SysWow64\sqlite3odbc.dll

2011-10-18 19:32:28 161168 ----a-w- C:\Windows\System32\mfevtps.exe

2011-10-15 18:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-10-15 18:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-10-15 18:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-10-15 18:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-10-15 18:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-10-15 18:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-10-15 18:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2011-10-15 18:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-10-15 18:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

.

============= FINISH: 10:15:20.68 ===============

Attach.txt

DDS.txt

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Thanks for taking up the issue LDTate !!! Will copy/paste the logs in future

Find below the logs from TDSSKiller . The scan results didnt detect any threats.

20:41:02.0909 3840 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

20:41:03.0377 3840 ============================================================

20:41:03.0377 3840 Current date / time: 2011/12/12 20:41:03.0377

20:41:03.0377 3840 SystemInfo:

20:41:03.0377 3840

20:41:03.0377 3840 OS Version: 6.1.7601 ServicePack: 1.0

20:41:03.0377 3840 Product type: Workstation

20:41:03.0377 3840 ComputerName: SENTHIL-PC

20:41:03.0377 3840 UserName: SENTHIL

20:41:03.0377 3840 Windows directory: C:\Windows

20:41:03.0377 3840 System windows directory: C:\Windows

20:41:03.0377 3840 Running under WOW64

20:41:03.0377 3840 Processor architecture: Intel x64

20:41:03.0377 3840 Number of processors: 4

20:41:03.0377 3840 Page size: 0x1000

20:41:03.0377 3840 Boot type: Normal boot

20:41:03.0377 3840 ============================================================

20:41:03.0892 3840 Initialize success

20:41:10.0881 4904 ============================================================

20:41:10.0881 4904 Scan started

20:41:10.0881 4904 Mode: Manual; SigCheck; TDLFS;

20:41:10.0881 4904 ============================================================

20:41:12.0004 4904 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:41:12.0082 4904 1394ohci - ok

20:41:12.0175 4904 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:41:12.0207 4904 ACPI - ok

20:41:12.0285 4904 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:41:12.0316 4904 AcpiPmi - ok

20:41:12.0441 4904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:41:12.0472 4904 adp94xx - ok

20:41:12.0550 4904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:41:12.0597 4904 adpahci - ok

20:41:12.0628 4904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:41:12.0659 4904 adpu320 - ok

20:41:12.0815 4904 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

20:41:12.0862 4904 AFD - ok

20:41:12.0924 4904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:41:12.0955 4904 agp440 - ok

20:41:13.0049 4904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:41:13.0065 4904 aliide - ok

20:41:13.0080 4904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:41:13.0096 4904 amdide - ok

20:41:13.0205 4904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:41:13.0236 4904 AmdK8 - ok

20:41:13.0314 4904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:41:13.0345 4904 AmdPPM - ok

20:41:13.0486 4904 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:41:13.0501 4904 amdsata - ok

20:41:13.0579 4904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:41:13.0611 4904 amdsbs - ok

20:41:13.0657 4904 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:41:13.0689 4904 amdxata - ok

20:41:13.0782 4904 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:41:13.0845 4904 AppID - ok

20:41:14.0016 4904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:41:14.0032 4904 arc - ok

20:41:14.0063 4904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:41:14.0063 4904 arcsas - ok

20:41:14.0094 4904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:41:14.0141 4904 AsyncMac - ok

20:41:14.0203 4904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:41:14.0219 4904 atapi - ok

20:41:14.0297 4904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:41:14.0328 4904 b06bdrv - ok

20:41:14.0375 4904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:41:14.0391 4904 b57nd60a - ok

20:41:14.0437 4904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:41:14.0469 4904 Beep - ok

20:41:14.0515 4904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:41:14.0547 4904 blbdrive - ok

20:41:14.0593 4904 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:41:14.0625 4904 bowser - ok

20:41:14.0671 4904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:41:14.0718 4904 BrFiltLo - ok

20:41:14.0718 4904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:41:14.0734 4904 BrFiltUp - ok

20:41:14.0749 4904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:41:14.0765 4904 Brserid - ok

20:41:14.0781 4904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:41:14.0796 4904 BrSerWdm - ok

20:41:14.0812 4904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:41:14.0827 4904 BrUsbMdm - ok

20:41:14.0859 4904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:41:14.0890 4904 BrUsbSer - ok

20:41:14.0968 4904 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

20:41:14.0999 4904 BthEnum - ok

20:41:15.0046 4904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:41:15.0077 4904 BTHMODEM - ok

20:41:15.0155 4904 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

20:41:15.0202 4904 BthPan - ok

20:41:15.0217 4904 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

20:41:15.0264 4904 BTHPORT - ok

20:41:15.0311 4904 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

20:41:15.0327 4904 BTHUSB - ok

20:41:15.0358 4904 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys

20:41:15.0405 4904 btusbflt - ok

20:41:15.0436 4904 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys

20:41:15.0467 4904 btwaudio - ok

20:41:15.0514 4904 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys

20:41:15.0529 4904 btwavdt - ok

20:41:15.0576 4904 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

20:41:15.0607 4904 btwl2cap - ok

20:41:15.0639 4904 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

20:41:15.0639 4904 btwrchid - ok

20:41:15.0685 4904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:41:15.0732 4904 cdfs - ok

20:41:15.0795 4904 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

20:41:15.0826 4904 cdrom - ok

20:41:15.0888 4904 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys

20:41:15.0904 4904 cfwids - ok

20:41:15.0966 4904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:41:15.0997 4904 circlass - ok

20:41:16.0044 4904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:41:16.0075 4904 CLFS - ok

20:41:16.0138 4904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:41:16.0169 4904 CmBatt - ok

20:41:16.0216 4904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:41:16.0231 4904 cmdide - ok

20:41:16.0294 4904 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

20:41:16.0341 4904 CNG - ok

20:41:16.0387 4904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:41:16.0403 4904 Compbatt - ok

20:41:16.0481 4904 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:41:16.0512 4904 CompositeBus - ok

20:41:16.0543 4904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:41:16.0559 4904 crcdisk - ok

20:41:16.0621 4904 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys

20:41:16.0653 4904 CtClsFlt - ok

20:41:16.0715 4904 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:41:16.0777 4904 DfsC - ok

20:41:16.0824 4904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:41:16.0871 4904 discache - ok

20:41:16.0918 4904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:41:16.0949 4904 Disk - ok

20:41:16.0996 4904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:41:17.0027 4904 drmkaud - ok

20:41:17.0089 4904 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:41:17.0121 4904 DXGKrnl - ok

20:41:17.0230 4904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:41:17.0308 4904 ebdrv - ok

20:41:17.0355 4904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:41:17.0401 4904 elxstor - ok

20:41:17.0448 4904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:41:17.0479 4904 ErrDev - ok

20:41:17.0589 4904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:41:17.0667 4904 exfat - ok

20:41:17.0713 4904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:41:17.0760 4904 fastfat - ok

20:41:17.0838 4904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:41:17.0854 4904 fdc - ok

20:41:17.0932 4904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:41:17.0963 4904 FileInfo - ok

20:41:18.0010 4904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:41:18.0072 4904 Filetrace - ok

20:41:18.0291 4904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:41:18.0306 4904 flpydisk - ok

20:41:18.0493 4904 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:41:18.0525 4904 FltMgr - ok

20:41:18.0618 4904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:41:18.0649 4904 FsDepends - ok

20:41:18.0681 4904 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

20:41:18.0696 4904 Fs_Rec - ok

20:41:18.0774 4904 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:41:18.0805 4904 fvevol - ok

20:41:18.0868 4904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:41:18.0883 4904 gagp30kx - ok

20:41:19.0102 4904 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:41:19.0117 4904 GEARAspiWDM - ok

20:41:19.0273 4904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:41:19.0289 4904 hcw85cir - ok

20:41:19.0429 4904 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:41:19.0461 4904 HDAudBus - ok

20:41:19.0507 4904 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

20:41:19.0539 4904 HECIx64 - ok

20:41:19.0585 4904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:41:19.0617 4904 HidBatt - ok

20:41:19.0632 4904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:41:19.0663 4904 HidBth - ok

20:41:19.0663 4904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:41:19.0695 4904 HidIr - ok

20:41:19.0788 4904 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

20:41:19.0819 4904 HidUsb - ok

20:41:19.0991 4904 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:41:20.0007 4904 HpSAMD - ok

20:41:20.0100 4904 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:41:20.0163 4904 HTTP - ok

20:41:20.0256 4904 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:41:20.0272 4904 hwpolicy - ok

20:41:20.0381 4904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:41:20.0428 4904 i8042prt - ok

20:41:20.0537 4904 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

20:41:20.0568 4904 iaStor - ok

20:41:20.0662 4904 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:41:20.0709 4904 iaStorV - ok

20:41:20.0927 4904 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys

20:41:21.0052 4904 igfx - ok

20:41:21.0083 4904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:41:21.0099 4904 iirsp - ok

20:41:21.0161 4904 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

20:41:21.0177 4904 Impcd - ok

20:41:21.0286 4904 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys

20:41:21.0348 4904 IntcAzAudAddService - ok

20:41:21.0364 4904 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys

20:41:21.0379 4904 IntcDAud - ok

20:41:21.0442 4904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:41:21.0457 4904 intelide - ok

20:41:21.0520 4904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:41:21.0567 4904 intelppm - ok

20:41:21.0613 4904 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:41:21.0691 4904 IpFilterDriver - ok

20:41:21.0754 4904 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:41:21.0785 4904 IPMIDRV - ok

20:41:21.0847 4904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:41:21.0910 4904 IPNAT - ok

20:41:21.0988 4904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:41:22.0019 4904 IRENUM - ok

20:41:22.0050 4904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:41:22.0066 4904 isapnp - ok

20:41:22.0128 4904 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:41:22.0159 4904 iScsiPrt - ok

20:41:22.0191 4904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

20:41:22.0222 4904 kbdclass - ok

20:41:22.0269 4904 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

20:41:22.0300 4904 kbdhid - ok

20:41:22.0347 4904 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

20:41:22.0362 4904 KSecDD - ok

20:41:22.0440 4904 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

20:41:22.0471 4904 KSecPkg - ok

20:41:22.0518 4904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:41:22.0565 4904 ksthunk - ok

20:41:22.0627 4904 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys

20:41:22.0643 4904 L1C - ok

20:41:22.0768 4904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:41:22.0830 4904 lltdio - ok

20:41:22.0877 4904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:41:22.0908 4904 LSI_FC - ok

20:41:22.0908 4904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:41:22.0924 4904 LSI_SAS - ok

20:41:22.0955 4904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:41:22.0955 4904 LSI_SAS2 - ok

20:41:22.0971 4904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:41:23.0002 4904 LSI_SCSI - ok

20:41:23.0049 4904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:41:23.0111 4904 luafv - ok

20:41:23.0142 4904 MBAMProtector - ok

20:41:23.0236 4904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:41:23.0251 4904 megasas - ok

20:41:23.0283 4904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:41:23.0314 4904 MegaSR - ok

20:41:23.0345 4904 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

20:41:23.0361 4904 mfeapfk - ok

20:41:23.0407 4904 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys

20:41:23.0439 4904 mfeavfk - ok

20:41:23.0485 4904 mfeavfk01 - ok

20:41:23.0517 4904 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys

20:41:23.0548 4904 mfefirek - ok

20:41:23.0595 4904 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

20:41:23.0626 4904 mfehidk - ok

20:41:23.0657 4904 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys

20:41:23.0673 4904 mfenlfk - ok

20:41:23.0704 4904 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys

20:41:23.0735 4904 mferkdet - ok

20:41:23.0766 4904 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys

20:41:23.0782 4904 mfewfpk - ok

20:41:23.0813 4904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:41:23.0860 4904 Modem - ok

20:41:23.0907 4904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:41:23.0938 4904 monitor - ok

20:41:23.0985 4904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

20:41:24.0016 4904 mouclass - ok

20:41:24.0047 4904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:41:24.0078 4904 mouhid - ok

20:41:24.0125 4904 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:41:24.0141 4904 mountmgr - ok

20:41:24.0187 4904 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:41:24.0219 4904 mpio - ok

20:41:24.0250 4904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:41:24.0312 4904 mpsdrv - ok

20:41:24.0359 4904 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:41:24.0390 4904 MRxDAV - ok

20:41:24.0437 4904 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:41:24.0468 4904 mrxsmb - ok

20:41:24.0515 4904 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:41:24.0562 4904 mrxsmb10 - ok

20:41:24.0609 4904 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:41:24.0640 4904 mrxsmb20 - ok

20:41:24.0687 4904 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:41:24.0702 4904 msahci - ok

20:41:24.0749 4904 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:41:24.0780 4904 msdsm - ok

20:41:24.0827 4904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:41:24.0874 4904 Msfs - ok

20:41:24.0905 4904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:41:24.0967 4904 mshidkmdf - ok

20:41:25.0030 4904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:41:25.0045 4904 msisadrv - ok

20:41:25.0108 4904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:41:25.0155 4904 MSKSSRV - ok

20:41:25.0170 4904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:41:25.0217 4904 MSPCLOCK - ok

20:41:25.0233 4904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:41:25.0295 4904 MSPQM - ok

20:41:25.0357 4904 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:41:25.0389 4904 MsRPC - ok

20:41:25.0451 4904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:41:25.0482 4904 mssmbios - ok

20:41:25.0513 4904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:41:25.0545 4904 MSTEE - ok

20:41:25.0591 4904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:41:25.0623 4904 MTConfig - ok

20:41:25.0669 4904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:41:25.0701 4904 Mup - ok

20:41:25.0779 4904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:41:25.0825 4904 NativeWifiP - ok

20:41:25.0935 4904 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:41:25.0981 4904 NDIS - ok

20:41:26.0044 4904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:41:26.0106 4904 NdisCap - ok

20:41:26.0184 4904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:41:26.0278 4904 NdisTapi - ok

20:41:26.0340 4904 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:41:26.0403 4904 Ndisuio - ok

20:41:26.0449 4904 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:41:26.0512 4904 NdisWan - ok

20:41:26.0559 4904 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:41:26.0621 4904 NDProxy - ok

20:41:26.0668 4904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:41:26.0746 4904 NetBIOS - ok

20:41:26.0793 4904 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:41:26.0855 4904 NetBT - ok

20:41:27.0058 4904 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys

20:41:27.0151 4904 NETw5s64 - ok

20:41:27.0214 4904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:41:27.0229 4904 nfrd960 - ok

20:41:27.0276 4904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:41:27.0323 4904 Npfs - ok

20:41:27.0354 4904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:41:27.0385 4904 nsiproxy - ok

20:41:27.0463 4904 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:41:27.0510 4904 Ntfs - ok

20:41:27.0526 4904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:41:27.0573 4904 Null - ok

20:41:27.0619 4904 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:41:27.0651 4904 nvraid - ok

20:41:27.0760 4904 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:41:27.0791 4904 nvstor - ok

20:41:27.0822 4904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:41:27.0853 4904 nv_agp - ok

20:41:27.0900 4904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:41:27.0931 4904 ohci1394 - ok

20:41:28.0009 4904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:41:28.0041 4904 Parport - ok

20:41:28.0087 4904 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

20:41:28.0119 4904 partmgr - ok

20:41:28.0134 4904 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:41:28.0165 4904 pci - ok

20:41:28.0197 4904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:41:28.0212 4904 pciide - ok

20:41:28.0243 4904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:41:28.0259 4904 pcmcia - ok

20:41:28.0290 4904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:41:28.0306 4904 pcw - ok

20:41:28.0337 4904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:41:28.0415 4904 PEAUTH - ok

20:41:28.0493 4904 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:41:28.0540 4904 PptpMiniport - ok

20:41:28.0571 4904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:41:28.0602 4904 Processor - ok

20:41:28.0665 4904 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:41:28.0727 4904 Psched - ok

20:41:28.0774 4904 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

20:41:28.0789 4904 PxHlpa64 - ok

20:41:28.0867 4904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:41:28.0899 4904 ql2300 - ok

20:41:28.0930 4904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:41:28.0945 4904 ql40xx - ok

20:41:28.0977 4904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:41:29.0008 4904 QWAVEdrv - ok

20:41:29.0039 4904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:41:29.0086 4904 RasAcd - ok

20:41:29.0133 4904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:41:29.0211 4904 RasAgileVpn - ok

20:41:29.0257 4904 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:41:29.0320 4904 Rasl2tp - ok

20:41:29.0335 4904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:41:29.0382 4904 RasPppoe - ok

20:41:29.0413 4904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:41:29.0476 4904 RasSstp - ok

20:41:29.0507 4904 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:41:29.0585 4904 rdbss - ok

20:41:29.0601 4904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:41:29.0616 4904 rdpbus - ok

20:41:29.0647 4904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:41:29.0679 4904 RDPCDD - ok

20:41:29.0725 4904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:41:29.0772 4904 RDPENCDD - ok

20:41:29.0788 4904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:41:29.0835 4904 RDPREFMP - ok

20:41:29.0881 4904 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

20:41:29.0928 4904 RDPWD - ok

20:41:29.0991 4904 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:41:30.0022 4904 rdyboost - ok

20:41:30.0115 4904 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

20:41:30.0147 4904 RFCOMM - ok

20:41:30.0209 4904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:41:30.0256 4904 rspndr - ok

20:41:30.0303 4904 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

20:41:30.0334 4904 RSUSBSTOR - ok

20:41:30.0412 4904 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:41:30.0443 4904 sbp2port - ok

20:41:30.0490 4904 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:41:30.0552 4904 scfilter - ok

20:41:30.0583 4904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:41:30.0661 4904 secdrv - ok

20:41:30.0693 4904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:41:30.0708 4904 Serenum - ok

20:41:30.0724 4904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:41:30.0739 4904 Serial - ok

20:41:30.0771 4904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:41:30.0786 4904 sermouse - ok

20:41:30.0833 4904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:41:30.0864 4904 sffdisk - ok

20:41:30.0880 4904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:41:30.0895 4904 sffp_mmc - ok

20:41:30.0911 4904 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:41:30.0927 4904 sffp_sd - ok

20:41:30.0927 4904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:41:30.0942 4904 sfloppy - ok

20:41:31.0005 4904 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys

20:41:31.0020 4904 Sftfs - ok

20:41:31.0083 4904 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys

20:41:31.0098 4904 Sftplay - ok

20:41:31.0129 4904 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys

20:41:31.0129 4904 Sftredir - ok

20:41:31.0176 4904 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys

20:41:31.0192 4904 Sftvol - ok

20:41:31.0270 4904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:41:31.0301 4904 SiSRaid2 - ok

20:41:31.0317 4904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:41:31.0332 4904 SiSRaid4 - ok

20:41:31.0348 4904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:41:31.0395 4904 Smb - ok

20:41:31.0441 4904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:41:31.0457 4904 spldr - ok

20:41:31.0519 4904 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:41:31.0551 4904 srv - ok

20:41:31.0566 4904 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:41:31.0597 4904 srv2 - ok

20:41:31.0613 4904 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:41:31.0629 4904 srvnet - ok

20:41:31.0675 4904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:41:31.0707 4904 stexstor - ok

20:41:31.0753 4904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:41:31.0785 4904 swenum - ok

20:41:31.0831 4904 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys

20:41:31.0847 4904 SynTP - ok

20:41:31.0941 4904 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

20:41:32.0003 4904 Tcpip - ok

20:41:32.0065 4904 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

20:41:32.0112 4904 TCPIP6 - ok

20:41:32.0159 4904 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:41:32.0237 4904 tcpipreg - ok

20:41:32.0268 4904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:41:32.0346 4904 TDPIPE - ok

20:41:32.0362 4904 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

20:41:32.0409 4904 TDTCP - ok

20:41:32.0440 4904 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:41:32.0502 4904 tdx - ok

20:41:32.0549 4904 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:41:32.0580 4904 TermDD - ok

20:41:32.0658 4904 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:41:32.0705 4904 tssecsrv - ok

20:41:32.0814 4904 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:41:32.0845 4904 TsUsbFlt - ok

20:41:32.0892 4904 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:41:32.0955 4904 tunnel - ok

20:41:33.0001 4904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:41:33.0017 4904 uagp35 - ok

20:41:33.0064 4904 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:41:33.0126 4904 udfs - ok

20:41:33.0189 4904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:41:33.0220 4904 uliagpkx - ok

20:41:33.0282 4904 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:41:33.0313 4904 umbus - ok

20:41:33.0360 4904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:41:33.0391 4904 UmPass - ok

20:41:33.0438 4904 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

20:41:33.0469 4904 USBAAPL64 - ok

20:41:33.0516 4904 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

20:41:33.0563 4904 usbaudio - ok

20:41:33.0579 4904 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:41:33.0594 4904 usbccgp - ok

20:41:33.0641 4904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:41:33.0688 4904 usbcir - ok

20:41:33.0703 4904 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

20:41:33.0735 4904 usbehci - ok

20:41:33.0766 4904 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:41:33.0781 4904 usbhub - ok

20:41:33.0813 4904 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:41:33.0844 4904 usbohci - ok

20:41:33.0891 4904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:41:33.0922 4904 usbprint - ok

20:41:33.0953 4904 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:41:33.0984 4904 USBSTOR - ok

20:41:33.0984 4904 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:41:34.0000 4904 usbuhci - ok

20:41:34.0062 4904 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

20:41:34.0109 4904 usbvideo - ok

20:41:34.0140 4904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:41:34.0171 4904 vdrvroot - ok

20:41:34.0218 4904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:41:34.0249 4904 vga - ok

20:41:34.0281 4904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:41:34.0327 4904 VgaSave - ok

20:41:34.0359 4904 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:41:34.0359 4904 vhdmp - ok

20:41:34.0390 4904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:41:34.0405 4904 viaide - ok

20:41:34.0452 4904 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:41:34.0483 4904 volmgr - ok

20:41:34.0530 4904 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:41:34.0561 4904 volmgrx - ok

20:41:34.0577 4904 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:41:34.0593 4904 volsnap - ok

20:41:34.0655 4904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:41:34.0671 4904 vsmraid - ok

20:41:34.0702 4904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:41:34.0717 4904 vwifibus - ok

20:41:34.0733 4904 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:41:34.0764 4904 vwififlt - ok

20:41:34.0780 4904 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

20:41:34.0827 4904 vwifimp - ok

20:41:34.0858 4904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:41:34.0889 4904 WacomPen - ok

20:41:34.0951 4904 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:41:35.0014 4904 WANARP - ok

20:41:35.0029 4904 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:41:35.0061 4904 Wanarpv6 - ok

20:41:35.0092 4904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:41:35.0107 4904 Wd - ok

20:41:35.0139 4904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:41:35.0185 4904 Wdf01000 - ok

20:41:35.0232 4904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:41:35.0295 4904 WfpLwf - ok

20:41:35.0341 4904 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

20:41:35.0373 4904 WimFltr - ok

20:41:35.0388 4904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:41:35.0404 4904 WIMMount - ok

20:41:35.0497 4904 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

20:41:35.0544 4904 WinUsb - ok

20:41:35.0685 4904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:41:35.0716 4904 WmiAcpi - ok

20:41:35.0809 4904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:41:35.0887 4904 ws2ifsl - ok

20:41:35.0950 4904 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:41:36.0028 4904 WudfPf - ok

20:41:36.0075 4904 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:41:36.0153 4904 WUDFRd - ok

20:41:36.0199 4904 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

20:41:36.0340 4904 \Device\Harddisk0\DR0 - ok

20:41:36.0355 4904 Boot (0x1200) (a8faa9b4ee0b0debc0670ea95503b766) \Device\Harddisk0\DR0\Partition0

20:41:36.0355 4904 \Device\Harddisk0\DR0\Partition0 - ok

20:41:36.0387 4904 Boot (0x1200) (f2406f942b65592a3bebc0a8fe854ea6) \Device\Harddisk0\DR0\Partition1

20:41:36.0387 4904 \Device\Harddisk0\DR0\Partition1 - ok

20:41:36.0387 4904 ============================================================

20:41:36.0387 4904 Scan finished

20:41:36.0387 4904 ============================================================

20:41:36.0402 5056 Detected object count: 0

20:41:36.0402 5056 Actual detected object count: 0

20:41:41.0129 4996 Deinitialize success

Link to post
Share on other sites

That looks OK.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Disabled antivirus but still it some process running during combo fix execution which I killed manually through task manager.

Find below the logs for combo fix

ComboFix 11-12-13.03 - SENTHIL 12/13/2011 19:08:16.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2585 [GMT -5:00]

Running from: c:\users\SENTHIL\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\SENTHIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore

c:\windows\security\Database\tmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))

.

.

2011-12-14 00:40 . 2011-12-14 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-24 16:54 . 2011-11-24 16:54 -------- d-----w- c:\program files (x86)\uTorrent

2011-11-24 16:53 . 2011-11-24 20:29 -------- d-----w- c:\users\SENTHIL\AppData\Roaming\uTorrent

2011-11-24 16:53 . 2011-11-24 16:53 -------- d-----w- c:\users\SENTHIL\AppData\Local\uTorrent

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-01 12:55 . 2011-07-24 18:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 19:30 . 2011-11-05 19:30 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-11-05 19:30 . 2011-11-05 19:30 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-11-05 19:30 . 2011-11-05 19:30 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-11-05 19:30 . 2011-11-05 19:30 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-11-05 19:30 . 2011-11-05 19:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-11-05 19:30 . 2011-11-05 19:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-11-05 19:30 . 2011-11-05 19:30 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-11-05 19:30 . 2011-11-05 19:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-11-05 19:30 . 2011-11-05 19:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-11-05 19:30 . 2011-11-05 19:30 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-11-05 19:30 . 2011-11-05 19:30 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-11-05 19:30 . 2011-11-05 19:30 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-11-05 19:30 . 2011-11-05 19:30 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-11-05 19:30 . 2011-11-05 19:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-11-05 19:30 . 2011-11-05 19:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-11-05 19:30 . 2011-11-05 19:30 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-11-05 19:30 . 2011-11-05 19:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-11-05 19:30 . 2011-11-05 19:30 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 19:30 . 2011-11-05 19:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-11-05 19:30 . 2011-11-05 19:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-11-05 19:30 . 2011-11-05 19:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-11-05 19:30 . 2011-11-05 19:30 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-11-05 19:30 . 2011-11-05 19:30 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-11-05 19:30 . 2011-11-05 19:30 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-11-05 19:30 . 2011-11-05 19:30 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-11-05 19:30 . 2011-11-05 19:30 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-11-05 19:30 . 2011-11-05 19:30 448512 ----a-w- c:\windows\system32\html.iec

2011-11-05 19:30 . 2011-11-05 19:30 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-05 19:30 . 2011-11-05 19:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 19:30 . 2011-11-05 19:30 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-11-05 19:30 . 2011-11-05 19:30 222208 ----a-w- c:\windows\system32\msls31.dll

2011-11-05 19:30 . 2011-11-05 19:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-11-05 19:30 . 2011-11-05 19:30 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-11-05 19:30 . 2011-11-05 19:30 160256 ----a-w- c:\windows\system32\wextract.exe

2011-11-05 19:30 . 2011-11-05 19:30 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-05 19:30 . 2011-11-05 19:30 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 19:30 . 2011-11-05 19:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-11-05 19:30 . 2011-11-05 19:30 12288 ----a-w- c:\windows\system32\mshta.exe

2011-11-05 19:30 . 2011-11-05 19:30 114176 ----a-w- c:\windows\system32\admparse.dll

2011-11-05 19:30 . 2011-11-05 19:30 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-10-29 22:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-10-29 22:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-10-22 00:30 . 2011-11-06 22:20 631296 ----a-w- c:\windows\SysWow64\sqlite3odbc.dll

2011-10-18 19:32 . 2011-04-10 16:03 161168 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 18:16 . 2011-04-10 16:03 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 18:16 . 2010-10-14 03:28 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-15 18:16 . 2010-10-14 03:28 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 18:16 . 2010-10-14 03:28 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 18:16 . 2010-10-14 03:28 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 18:16 . 2010-10-14 03:28 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-15 18:16 . 2010-10-14 03:28 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 18:16 . 2010-10-14 03:28 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-15 18:16 . 2010-10-14 03:28 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Facebook Update"="c:\users\SENTHIL\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-03 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-18 560128]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\SENTHIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

2;2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1996165345-1417368443-2917752866-1001Core.job

- c:\users\SENTHIL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-03 16:17]

.

2011-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1996165345-1417368443-2917752866-1001UA.job

- c:\users\SENTHIL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-03 16:17]

.

2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996165345-1417368443-2917752866-1001Core.job

- c:\users\SENTHIL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 15:28]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996165345-1417368443-2917752866-1001UA.job

- c:\users\SENTHIL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 15:28]

.

2011-11-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-12-14 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\SENTHIL\AppData\Roaming\Mozilla\Firefox\Profiles\0wombr7u.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-12-13 20:03:12

ComboFix-quarantined-files.txt 2011-12-14 01:03

.

Pre-Run: 188,934,324,224 bytes free

Post-Run: 189,329,702,912 bytes free

.

- - End Of File - - EEEE284406832D94621E6B1C32B8C564

Still the google searches are redirecting to some other site :(

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
Trusted Zone: internet

FireFox::
FF - ProfilePath - c:\users\SENTHIL\AppData\Roaming\Mozilla\Firefox\Profiles\0wombr7u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-12-13.03 - SENTHIL 12/14/2011 19:13:31.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2604 [GMT -5:00]

Running from: c:\users\SENTHIL\Desktop\ComboFix.exe

Command switches used :: c:\users\SENTHIL\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

.

.

((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))

.

.

2011-12-15 00:51 . 2011-12-15 00:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-12-15 00:51 . 2011-12-15 00:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-24 16:54 . 2011-11-24 16:54 -------- d-----w- c:\program files (x86)\uTorrent

2011-11-24 16:53 . 2011-11-24 20:29 -------- d-----w- c:\users\SENTHIL\AppData\Roaming\uTorrent

2011-11-24 16:53 . 2011-11-24 16:53 -------- d-----w- c:\users\SENTHIL\AppData\Local\uTorrent

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-01 12:55 . 2011-07-24 18:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 19:30 . 2011-11-05 19:30 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-11-05 19:30 . 2011-11-05 19:30 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-11-05 19:30 . 2011-11-05 19:30 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-11-05 19:30 . 2011-11-05 19:30 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-11-05 19:30 . 2011-11-05 19:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-11-05 19:30 . 2011-11-05 19:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-11-05 19:30 . 2011-11-05 19:30 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-11-05 19:30 . 2011-11-05 19:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-11-05 19:30 . 2011-11-05 19:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-11-05 19:30 . 2011-11-05 19:30 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-11-05 19:30 . 2011-11-05 19:30 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-11-05 19:30 . 2011-11-05 19:30 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-11-05 19:30 . 2011-11-05 19:30 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-11-05 19:30 . 2011-11-05 19:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-11-05 19:30 . 2011-11-05 19:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-11-05 19:30 . 2011-11-05 19:30 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-11-05 19:30 . 2011-11-05 19:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-11-05 19:30 . 2011-11-05 19:30 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 19:30 . 2011-11-05 19:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-11-05 19:30 . 2011-11-05 19:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-11-05 19:30 . 2011-11-05 19:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-11-05 19:30 . 2011-11-05 19:30 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-11-05 19:30 . 2011-11-05 19:30 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-11-05 19:30 . 2011-11-05 19:30 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-11-05 19:30 . 2011-11-05 19:30 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-11-05 19:30 . 2011-11-05 19:30 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-11-05 19:30 . 2011-11-05 19:30 448512 ----a-w- c:\windows\system32\html.iec

2011-11-05 19:30 . 2011-11-05 19:30 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-05 19:30 . 2011-11-05 19:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 19:30 . 2011-11-05 19:30 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-11-05 19:30 . 2011-11-05 19:30 222208 ----a-w- c:\windows\system32\msls31.dll

2011-11-05 19:30 . 2011-11-05 19:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-11-05 19:30 . 2011-11-05 19:30 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-11-05 19:30 . 2011-11-05 19:30 160256 ----a-w- c:\windows\system32\wextract.exe

2011-11-05 19:30 . 2011-11-05 19:30 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-05 19:30 . 2011-11-05 19:30 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 19:30 . 2011-11-05 19:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-11-05 19:30 . 2011-11-05 19:30 12288 ----a-w- c:\windows\system32\mshta.exe

2011-11-05 19:30 . 2011-11-05 19:30 114176 ----a-w- c:\windows\system32\admparse.dll

2011-11-05 19:30 . 2011-11-05 19:30 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-10-29 22:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-10-29 22:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-10-22 00:30 . 2011-11-06 22:20 631296 ----a-w- c:\windows\SysWow64\sqlite3odbc.dll

2011-10-18 19:32 . 2011-04-10 16:03 161168 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 18:16 . 2011-04-10 16:03 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 18:16 . 2010-10-14 03:28 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-15 18:16 . 2010-10-14 03:28 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 18:16 . 2010-10-14 03:28 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 18:16 . 2010-10-14 03:28 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 18:16 . 2010-10-14 03:28 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-15 18:16 . 2010-10-14 03:28 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 18:16 . 2010-10-14 03:28 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-15 18:16 . 2010-10-14 03:28 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-14_00.43.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-09 22:25 . 2011-12-15 00:09 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2011-05-09 22:25 . 2011-12-14 00:39 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2011-05-09 22:25 . 2011-12-14 00:39 16384 c:\windows\Temp\History\History.IE5\index.dat

+ 2011-05-09 22:25 . 2011-12-15 00:09 16384 c:\windows\Temp\History\History.IE5\index.dat

+ 2011-05-09 22:25 . 2011-12-15 00:09 32768 c:\windows\Temp\Cookies\index.dat

- 2011-05-09 22:25 . 2011-12-14 00:39 32768 c:\windows\Temp\Cookies\index.dat

+ 2011-04-10 15:37 . 2011-12-15 00:58 43774 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-12-15 00:57 30616 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-12-13 23:34 30616 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-04-29 12:03 . 2011-12-15 00:57 12768 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1996165345-1417368443-2917752866-1001_UserData.bin

+ 2011-12-15 00:54 . 2011-12-15 00:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-13 23:31 . 2011-12-13 23:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-13 23:31 . 2011-12-13 23:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-15 00:54 . 2011-12-15 00:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-04-29 21:18 . 2011-12-14 03:18 252838 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2011-12-14 03:20 624622 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-11 13:53 624622 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-12-14 03:20 106708 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-12-11 13:53 106708 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2011-12-13 04:10 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-12-15 00:53 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-05-03 04:04 . 2011-12-15 00:53 8791292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1996165345-1417368443-2917752866-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Facebook Update"="c:\users\SENTHIL\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-03 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-18 560128]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\SENTHIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

2;2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1996165345-1417368443-2917752866-1001Core.job

- c:\users\SENTHIL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-03 16:17]

.

2011-12-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1996165345-1417368443-2917752866-1001UA.job

- c:\users\SENTHIL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-03 16:17]

.

2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996165345-1417368443-2917752866-1001Core.job

- c:\users\SENTHIL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 15:28]

.

2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996165345-1417368443-2917752866-1001UA.job

- c:\users\SENTHIL\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 15:28]

.

2011-11-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-12-15 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\SENTHIL\AppData\Roaming\Mozilla\Firefox\Profiles\0wombr7u.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Mozilla Firefox\firefox.exe

c:\program files (x86)\Mozilla Firefox\plugin-container.exe

.

**************************************************************************

.

Completion time: 2011-12-14 22:54:33 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-15 03:54

ComboFix2.txt 2011-12-14 01:03

.

Pre-Run: 189,294,575,616 bytes free

Post-Run: 189,250,920,448 bytes free

.

- - End Of File - - 32D55483B9428C5BCD876EE68DD934A5

Still the google searches are redirecting ....Also firewall is inactive ..

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.