Fault write system error removal after effects

adityascad · September 18, 2012

Hi,

with the moderator's help i was able to remove the fault write error.But few problems still persist.

1. random audio adds keep playing in the background with no browsers or files opened.Random music keeps playing in the background too which is very annoying.

2. the browsers(both firefox and chrome) have become very slow and take a lot of time to navigate within pages(not a network problem because my roommates have no issues).Google takes a lot of time(0.53 secs approx) to return search results .

3.Also after the removal of the malware i connected my external hard disk but it doesnt show the files.They are hidden for some reason.

Please guide me through this.

Aditya

Maniac · September 18, 2012

Hello Aditya! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and post the log files in your next reply here:

http://forums.malwarebytes.org/index.php?showtopic=116045

adityascad · September 19, 2012

Hi,

this is DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Alokraj at 20:49:46 on 2012-09-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.3828.1166 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\UnsignedThemesSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\Alokraj\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Users\Alokraj\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Alokraj\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe

C:\Windows\SysWOW64\RunDll32.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Users\Alokraj\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Users\Alokraj\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

E:\EASetup.exe

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\system32\msiexec.exe

C:\Windows\syswow64\MsiExec.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\syswow64\MsiExec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [googletalk] C:\Users\Alokraj\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [Facebook Update] "C:\Users\Alokraj\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

StartupFolder: C:\Users\Alokraj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alokraj\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Alokraj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

StartupFolder: C:\Users\Alokraj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{00E0742C-8083-49F7-99F8-E6D9CDA556F5} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{00E0742C-8083-49F7-99F8-E6D9CDA556F5}\13934393 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{00E0742C-8083-49F7-99F8-E6D9CDA556F5}\2437E6C6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{00E0742C-8083-49F7-99F8-E6D9CDA556F5}\2456C6B696E6F5730323835323 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{00E0742C-8083-49F7-99F8-E6D9CDA556F5}\3474442343745314 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{00E0742C-8083-49F7-99F8-E6D9CDA556F5}\6596475636D2455636860225F6F6D6 : DhcpNameServer = 192.168.10.5 192.168.30.5

TCP: Interfaces\{00E0742C-8083-49F7-99F8-E6D9CDA556F5}\74944514D4 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{130CA25B-C8A0-4897-87E8-DB6807E770AE} : NameServer = 0.0.0.0

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

LSA: Notification Packages = scecli FAPassSync

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO-X64: SSOIEAddonBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Alokraj\AppData\Roaming\Mozilla\Firefox\Profiles\5e1vri8j.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Alokraj\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Alokraj\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Alokraj\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Alokraj\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-18 138912]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S3 acsock;acsock;C:\Windows\system32\DRIVERS\acsock64.sys --> C:\Windows\system32\DRIVERS\acsock64.sys [?]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2012-09-19 00:48:03 520544 ----a-w- C:\Windows\System32\d3dx10_41.dll

2012-09-19 00:48:03 2430312 ----a-w- C:\Windows\System32\D3DCompiler_41.dll

2012-09-19 00:48:00 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll

2012-09-19 00:48:00 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2012-09-18 06:15:47 -------- d-----w- C:\Users\Alokraj\AppData\Local\Symantec

2012-09-18 06:15:44 225328 ----a-w- C:\Windows\System32\drivers\wpshelper.sys

2012-09-18 06:14:16 173616 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-09-18 06:14:16 -------- d-----w- C:\Program Files\Symantec

2012-09-18 06:13:48 1060864 ----a-w- C:\Windows\SysWow64\MFC71.DLL

2012-09-18 06:13:15 -------- d-----w- C:\ProgramData\Symantec

2012-09-18 06:13:15 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-09-18 06:13:15 -------- d-----w- C:\Program Files (x86)\Symantec

2012-09-18 06:13:15 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-09-18 02:54:04 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-09-18 02:54:00 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2012-09-18 02:04:59 -------- d-sh--w- C:\$RECYCLE.BIN

2012-09-18 01:38:57 -------- d-s---w- C:\ComboFix

2012-09-17 11:01:46 -------- d-----w- C:\Users\Alokraj\AppData\Roaming\Malwarebytes

2012-09-17 11:01:30 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-17 06:30:28 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-09-17 06:30:25 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-09-17 05:31:34 -------- d-----w- C:\Windows\pss

2012-09-12 17:09:54 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-12 17:09:54 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-12 17:09:53 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 17:09:52 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-12 17:09:51 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 17:09:51 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-12 17:09:51 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-10 09:12:19 107432 ----a-r- C:\Windows\System32\drivers\acsock64.sys

2012-09-10 04:27:39 -------- d-----w- C:\ProgramData\Minitab

2012-09-10 04:24:54 -------- d-----w- C:\Program Files (x86)\Minitab

2012-09-10 04:24:49 -------- d-----w- C:\Program Files (x86)\Common Files\Minitab Shared

2012-09-09 19:37:25 -------- d-----w- C:\ProgramData\Graboid Inc

2012-09-09 19:37:24 -------- d-----w- C:\Users\Alokraj\AppData\Local\Geckofx

2012-09-09 19:36:55 -------- d-----w- C:\Program Files (x86)\Graboid

2012-09-09 03:26:45 -------- d-----w- C:\Friday Night Lights[2004]DvDrip[Eng]-Grimmo

2012-09-07 16:33:57 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll

2012-09-07 16:33:57 266720 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\components\browsercomps.dll

2012-09-07 16:33:57 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll

2012-09-02 01:03:52 -------- d-----w- C:\Extremely Loud & Incredibly Close[2011]BRRip XviD-ETRG

2012-08-31 17:01:08 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-30 20:40:44 -------- d-----w- C:\Program Files (x86)\MSECache

2012-08-28 05:49:01 -------- d-----w- C:\Russell Peters - Green Card Tour 2011 with Bonus Footage [DVDRIP]

2012-08-28 05:48:10 -------- d-----w- C:\Russell Peters

2012-08-24 19:54:15 -------- d-----w- C:\Ek Tha Tiger (2012) - DvDScr - [HP]

2012-08-22 07:36:50 -------- d-----w- C:\Users\Alokraj\AppData\Roaming\ExportTool

2012-08-22 07:35:04 -------- d-----w- C:\Program Files (x86)\Samurize

2012-08-22 07:07:35 -------- d-----w- C:\Program Files (x86)\Winamp Detect

2012-08-22 05:50:01 -------- d-----w- C:\Users\Alokraj\AppData\Local\ODUI

2012-08-22 05:49:49 -------- d-----w- C:\Users\Alokraj\AppData\Roaming\Stardock

2012-08-22 05:49:43 -------- d-----w- C:\Users\Alokraj\AppData\Local\Stardock

2012-08-22 05:25:17 -------- d-----w- C:\Users\Alokraj\AppData\Roaming\Rainmeter

2012-08-22 05:23:53 -------- d-----w- C:\Program Files\Rainmeter

2012-08-22 02:43:03 -------- d-----w- C:\ProgramData\Common Files

2012-08-22 02:01:12 -------- d-----w- C:\Users\Alokraj\AppData\Local\Apps

2012-08-20 21:56:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-20 21:36:32 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2012-08-20 21:19:22 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-20 21:19:22 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-20 21:19:05 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-20 21:19:05 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-20 21:19:05 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-20 21:19:04 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-20 21:18:36 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-20 21:18:36 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-20 21:18:35 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-20 21:18:31 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-20 21:18:10 956928 ----a-w- C:\Windows\System32\localspl.dll

.

==================== Find3M ====================

.

2012-08-21 02:32:40 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-27 02:14:52 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr

.

============= FINISH: 20:59:38.15 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 18-06-2011 15:04:40

System Uptime: 18-09-2012 16:15:46 (4 hours ago)

.

Motherboard: Dell Inc. | | 00CKNG

Processor: Intel® Core i5 CPU M 480 @ 2.67GHz | U2E1 | 2667/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 332.059 GiB free.

D: is CDROM ()

E: is CDROM (UDF)

F: is FIXED (NTFS) - 466 GiB total, 64.845 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: facap, FastAccess Video Capture

Device ID: ROOT\IMAGE\0000

Manufacturer: Sensible Vision

Name: facap, FastAccess Video Capture

PNP Device ID: ROOT\IMAGE\0000

Service: FACAP

.

==== System Restore Points ===================

.

RP119: 17-09-2012 21:40:09 - ComboFix created restore point

RP120: 17-09-2012 22:54:06 - Device Driver Package Install: DT Soft Ltd System devices

RP121: 18-09-2012 02:12:31 - Installed Symantec Endpoint Protection.

RP122: 18-09-2012 20:44:49 - Installed ProductName from default.wxl

.

==== Installed Programs ======================

.

µTorrent

AccelerometerP11

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

BlackBerry Desktop Software 6.1

Bootstrapper

Coupon Printer for Windows

D3DX10

DAEMON Tools Lite

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Getting Started Guide

Dell MusicStage

Dell PhotoStage

Dell Product Registration

Dell Stage

Dell VideoStage

Dell Webcam Central

DirectX 9 Runtime

Dropbox

Facebook Video Calling 1.2.0.159

FIFA 11

Google Chrome

Google Talk (remove only)

Google Talk Plugin

GoToAssist Corporate

HP Deskjet 1050 J410 series Help

HP Photo Creations

HP Update

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 26

JMicron Flash Media Controller Driver

Junk Mail filter update

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.65.0.1400

Mesh Runtime

Messenger Companion

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Minitab 16

Minitab Software Update Manager

Minitab16

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Stereoscopic 3D Driver

NVIDIA Updatus

ObjectDock Free

OpenAL

PhotoShowExpress

Picasa 3

PunkBuster Services

Rainmeter

Rapture3D 2.4.9 Game

Realtek High Definition Audio Driver

Reliance Netconnect - Broadband+

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Serious Samurize

Skype Toolbars

Skype™ 5.10

SoftwareManager

Sonic CinePlayer Decoder Pack

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 2.0.2

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

18-09-2012 16:19:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

18-09-2012 16:17:22, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

18-09-2012 16:17:08, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

18-09-2012 02:14:31, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

17-09-2012 21:37:04, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

17-09-2012 21:22:19, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.

17-09-2012 19:51:00, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

17-09-2012 19:49:34, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

17-09-2012 19:40:47, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

17-09-2012 18:56:17, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

17-09-2012 18:34:54, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

17-09-2012 18:34:54, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

17-09-2012 18:34:51, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

17-09-2012 18:34:50, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

17-09-2012 06:07:12, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

14-09-2012 09:00:57, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

13-09-2012 17:29:08, Error: NetBT [4321] - The name "A :0" could not be registered on the interface with IP address 67.20.211.204. The computer with the IP address 128.205.242.234 did not allow the name to be claimed by this computer.

.

==== End Of File ===========================

I am sorry for the late reply i forgot to check on enable immediate notifications and have been waiting for an email ...

Aditya

Maniac · September 19, 2012

Step 1

Please uninstall this application: µTorrent

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
aswMBR log
a new fresh DDS log

adityascad · September 20, 2012

Hi

As suggested by you i ran the malwarebytes' anti malware. it did not detect any virus.

But not able to run the aswMBR . I double click to run but its not responding at all.

What should i do now ?

Maniac · September 20, 2012

Manually delete it, download it again and try to run it on this way:

http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token

adityascad · September 20, 2012

Hi

I tried the same thing previously. Did it again now even run as administrator not working.Am not even getting the UAC message. Its like the application is not running at all.The cursor processes for sometime and then nothing happens

Maniac · September 20, 2012

Note: Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

adityascad · September 20, 2012

Hi ,

this is the ComboFix log

ComboFix 12-09-18.07 - Alokraj 20-09-2012 6:49.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.3828.2273 [GMT -4:00]

Running from: c:\users\Alokraj\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))))

.

2012-09-20 11:26 . 2012-09-20 11:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-09-20 11:26 . 2012-09-20 11:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-20 11:26 . 2012-09-20 11:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-19 23:52 . 2012-09-19 23:52 -------- d-----w- c:\users\Alokraj\AppData\Roaming\uTorrent

2012-09-19 07:08 . 2012-09-19 07:08 -------- d-----w- c:\program files (x86)\Sega

2012-09-19 00:48 . 2009-03-09 19:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll

2012-09-19 00:48 . 2009-03-09 19:27 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll

2012-09-19 00:48 . 2009-03-09 19:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll

2012-09-19 00:48 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2012-09-18 06:15 . 2012-09-18 06:15 -------- d-----w- c:\users\Alokraj\AppData\Local\Symantec

2012-09-18 06:15 . 2012-09-06 13:20 225328 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2012-09-18 06:14 . 2012-09-18 06:14 -------- d-----w- c:\program files\Symantec

2012-09-18 06:14 . 2012-09-18 06:14 173616 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-09-18 06:13 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL

2012-09-18 06:13 . 2012-09-18 06:15 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-09-18 06:13 . 2012-09-18 06:14 -------- d-----w- c:\programdata\Symantec

2012-09-18 06:13 . 2012-09-18 06:14 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-09-18 06:13 . 2012-09-18 06:13 -------- d-----w- c:\program files (x86)\Symantec

2012-09-18 02:54 . 2012-09-18 02:54 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-09-18 02:54 . 2012-09-18 02:55 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2012-09-17 11:01 . 2012-09-17 11:01 -------- d-----w- c:\users\Alokraj\AppData\Roaming\Malwarebytes

2012-09-17 11:01 . 2012-09-17 11:01 -------- d-----w- c:\programdata\Malwarebytes

2012-09-17 06:30 . 2012-09-17 10:24 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-09-17 06:30 . 2012-09-17 10:23 -------- d-----w- c:\program files\Microsoft Security Client

2012-09-17 06:03 . 2012-09-17 10:23 -------- d-----w- c:\users\Admin

2012-09-12 17:09 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 17:09 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 17:09 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 17:09 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 17:09 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 17:09 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 17:09 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-10 09:12 . 2012-06-07 13:24 107432 ----a-r- c:\windows\system32\drivers\acsock64.sys

2012-09-10 04:27 . 2012-09-17 10:25 -------- d-----w- c:\programdata\Minitab

2012-09-10 04:25 . 2012-09-17 10:25 -------- d-----w- c:\programdata\FLEXnet

2012-09-10 04:24 . 2012-09-17 10:11 -------- d-----w- c:\program files (x86)\Minitab

2012-09-10 04:24 . 2012-09-17 10:24 -------- d-----w- c:\program files (x86)\Common Files\Minitab Shared

2012-09-09 19:37 . 2012-09-09 19:37 -------- d-----w- c:\programdata\Graboid Inc

2012-09-09 19:37 . 2012-09-17 10:15 -------- d-----w- c:\users\Alokraj\AppData\Local\Geckofx

2012-09-09 19:36 . 2012-09-09 19:48 -------- d-----w- c:\program files (x86)\Graboid

2012-09-09 03:26 . 2012-09-17 10:24 -------- d-----w- C:\Friday Night Lights[2004]DvDrip[Eng]-Grimmo

2012-09-07 16:33 . 2012-08-31 17:01 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll

2012-09-07 16:33 . 2012-08-31 17:01 266720 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\components\browsercomps.dll

2012-09-07 16:33 . 2012-08-31 17:01 18912 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll

2012-09-02 01:03 . 2012-09-17 10:24 -------- d-----w- C:\Extremely Loud & Incredibly Close[2011]BRRip XviD-ETRG

2012-08-30 20:40 . 2012-09-17 10:11 -------- d-----w- c:\program files (x86)\MSECache

2012-08-28 05:49 . 2012-08-28 05:49 -------- d-----w- C:\Russell Peters - Green Card Tour 2011 with Bonus Footage [DVDRIP]

2012-08-28 05:48 . 2012-08-28 05:49 -------- d-----w- C:\Russell Peters

2012-08-24 19:54 . 2012-08-24 20:07 -------- d-----w- C:\Ek Tha Tiger (2012) - DvDScr - [HP]

2012-08-22 07:36 . 2012-08-22 07:36 -------- d-----w- c:\users\Alokraj\AppData\Roaming\ExportTool

2012-08-22 07:35 . 2012-09-17 10:25 -------- d-----w- c:\program files (x86)\Samurize

2012-08-22 07:07 . 2012-09-17 10:25 -------- d-----w- c:\program files (x86)\Winamp Detect

2012-08-22 07:06 . 2012-09-18 02:19 -------- d-----w- c:\users\Alokraj\AppData\Roaming\Winamp

2012-08-22 07:06 . 2012-09-17 10:25 -------- d-----w- c:\program files (x86)\Winamp

2012-08-22 05:50 . 2012-09-17 10:25 -------- d-----w- c:\users\Alokraj\AppData\Local\ODUI

2012-08-22 05:49 . 2012-09-17 10:16 -------- d-----w- c:\users\Alokraj\AppData\Roaming\Stardock

2012-08-22 05:49 . 2012-09-17 10:25 -------- d-----w- c:\users\Alokraj\AppData\Local\Stardock

2012-08-22 05:25 . 2012-09-17 10:25 -------- d-----w- c:\users\Alokraj\AppData\Roaming\Rainmeter

2012-08-22 05:23 . 2012-09-17 10:25 -------- d-----w- c:\program files\Rainmeter

2012-08-22 02:43 . 2012-08-22 02:43 -------- d-----w- c:\programdata\Common Files

2012-08-22 02:01 . 2012-08-22 02:01 -------- d-----w- c:\users\Alokraj\AppData\Local\Apps

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-13 07:00 . 2011-10-21 12:21 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-08-21 02:32 . 2012-08-20 21:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-21 02:32 . 2011-10-10 15:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-18 18:15 . 2012-08-20 21:18 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 20:07 . 2012-08-20 21:36 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-07-04 22:16 . 2012-08-20 21:18 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-20 21:18 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-20 21:18 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-20 21:18 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-06-29 04:55 . 2012-08-20 21:35 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-06-29 04:09 . 2012-08-20 21:35 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-06-29 03:56 . 2012-08-20 21:35 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 03:49 . 2012-08-20 21:35 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-29 03:49 . 2012-08-20 21:35 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 03:48 . 2012-08-20 21:35 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 03:47 . 2012-08-20 21:35 237056 ----a-w- c:\windows\system32\url.dll

2012-06-29 03:45 . 2012-08-20 21:35 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-29 03:44 . 2012-08-20 21:35 816640 ----a-w- c:\windows\system32\jscript.dll

2012-06-29 03:43 . 2012-08-20 21:35 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 03:42 . 2012-08-20 21:35 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-29 03:40 . 2012-08-20 21:35 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-29 03:39 . 2012-08-20 21:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-29 03:35 . 2012-08-20 21:35 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-29 00:16 . 2012-08-20 21:35 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-29 00:09 . 2012-08-20 21:35 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-29 00:08 . 2012-08-20 21:35 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-29 00:04 . 2012-08-20 21:35 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-29 00:00 . 2012-08-20 21:35 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Alokraj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Alokraj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Alokraj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Alokraj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\users\Alokraj\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Facebook Update"="c:\users\Alokraj\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-08-24 115560]

.

c:\users\Alokraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Alokraj\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-2 26868192]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 41160]

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-11-8 3768688]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-11-02 03:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMScheduler;MBAMScheduler;c:\users\Alokraj\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

R2 MBAMService;MBAMService;c:\users\Alokraj\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 250056]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-10 172632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-12 114656]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736]

R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]

R4 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]

R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-08-25 24680]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-18 270912]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-25 1620584]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-25 235624]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-06-30 2533400]

S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]

S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 30568]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-19 27760]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-13 344616]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-17 138912]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-16 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-20 287232]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]

S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-12 29288]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 02:32]

.

2012-09-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3078787318-3964686307-1466894240-1002Core.job

- c:\users\Alokraj\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-25 21:13]

.

2012-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3078787318-3964686307-1466894240-1002UA.job

- c:\users\Alokraj\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-25 21:13]

.

2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078787318-3964686307-1466894240-1002Core.job

- c:\users\Alokraj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-15 07:13]

.

2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078787318-3964686307-1466894240-1002UA.job

- c:\users\Alokraj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-15 07:13]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Alokraj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Alokraj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Alokraj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Alokraj\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-11-09 6539880]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-03 2181224]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-25 283240]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{130CA25B-C8A0-4897-87E8-DB6807E770AE}: NameServer = 0.0.0.0

FF - ProfilePath - c:\users\Alokraj\AppData\Roaming\Mozilla\Firefox\Profiles\gnboysp3.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-Symantec Antvirus

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3078787318-3964686307-1466894240-1002_Classes\Wow6432Node\CLSID\{2cc7ff18-0ecc-4b65-998e-b659163cb802}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000b2

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,b1,2b,4e,04,06,fc,9d,2e,3d,14,ad,3e,68,5b,6d,d8,92,1f,01,41,68,15,\

.

[HKEY_USERS\S-1-5-21-3078787318-3964686307-1466894240-1002_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):89,8c,f9,57,9f,de,9c,eb,ae,a2,cd,b3,b3,42,7e,dd,a7,45,65,ef,3e,

74,84,4b,6e,68,e4,cf,3d,4e,4e,25,c3,59,34,f5,f5,e7,8c,26,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-09-20 07:49:39

ComboFix-quarantined-files.txt 2012-09-20 11:49

ComboFix2.txt 2012-09-18 00:20

.

Pre-Run: 352,178,339,840 bytes free

Post-Run: 352,048,435,200 bytes free

.

- - End Of File - - B73421DEF7CB8F2998097518E58F5938

Maniac · September 20, 2012

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\users\Alokraj\AppData\Roaming\uTorrent

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

adityascad · September 20, 2012

Heres the combofix.txt

ComboFix 12-09-20.02 - Alokraj 20-09-2012 16:03:21.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.3828.1534 [GMT -4:00]

Running from: c:\users\Alokraj\Desktop\ComboFix.exe

Command switches used :: c:\users\Alokraj\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))))

.

2012-09-20 20:39 . 2012-09-20 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-09-20 20:39 . 2012-09-20 20:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-20 20:39 . 2012-09-20 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp