Inactive W32.Crypt detected

Status
Not open for further replies.
G

giridhart

Hi,

Please help in fixing this problem.
I'm using win7 32 bit machine and my system got infected.
I followed the 8 step tutorial and generated logs.
My antivirus gives pop up message that w32.Crypt is quarantined (these messages did not stop)
I'm pasting my logs below.

Malwarebytes Anti-Malware log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6443

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

25/04/2011 19:13:03
mbam-log-2011-04-25 (19-13-03).txt

Scan type: Quick scan
Objects scanned: 159516
Time elapsed: 14 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-25 19:21:33
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3265GSX rev.GJ002F
Running: 4r91g79n.exe; Driver: C:\Users\giridhar\AppData\Local\Temp\kxldapod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B8720B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B8720CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B8720A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by giridhar at 19:37:30.36 on 25/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1605 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\giridhar\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeoh.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeoh.dll
BHO: FileServeManager: {00000001-ab3b-4334-9da2-ec6b2a02afc6} - c:\program files\fileserve manager\FileServeBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110325201413.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeoh.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.0.2237.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: @c:\program files\msn toolbar\platform\6.0.2237.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.0.2237.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeoh.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [uTorrent] "c:\users\giridhar\downloads\utorrent.exe"
uRun: [Google Update] "c:\users\giridhar\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\giridhar\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [FileServe Manager Task] "c:\program files\fileserve manager\FSStarter.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\giridhar\appdata\roaming\micros~1\windows\startm~1\programs\startup\foldin~1.lnk - c:\users\giridhar\appdata\roaming\microsoft\installer\{6a90c837-054e-44ae-b9bd-1b1f87986bbc}\_98830A63A82EB98D7BA198.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with FileServe Manager - c:\program files\fileserve manager\GetUrl.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\google\google~3\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\giridhar\appdata\roaming\mozilla\firefox\profiles\9dvu231c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\msn toolbar\platform\6.0.2237.0\npwinext.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\giridhar\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\giridhar\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\giridhar\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-25 386840]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-25 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-25 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-25 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-25 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-25 307288]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-4-25 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-4-25 31184]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-3-25 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-3-25 164840]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsldbbae6b5;MpKsldbbae6b5;c:\programdata\microsoft\microsoft antimalware\definition updates\{0cc8de26-fb67-4006-a5c6-58e90b6570fa}\MpKsldbbae6b5.sys [2011-4-25 28752]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-8-6 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-25 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-25 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-4-25 42184]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-3-25 22504]
R2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe [2011-4-25 756680]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-8-6 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-25 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-25 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-25 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-25 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-25 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-25 141792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-3-25 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-25 1150936]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-3-25 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-25 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-25 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-25 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-25 313288]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-8-6 30392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-25 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-3-25 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-25 84264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011.sp1a\RpcAgentSrv.exe [2011-3-25 93848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-3 52224]
.
=============== Created Last 30 ================
.
2011-04-25 18:23:48 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0cc8de26-fb67-4006-a5c6-58e90b6570fa}\MpKsldbbae6b5.sys
2011-04-25 18:23:34 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0cc8de26-fb67-4006-a5c6-58e90b6570fa}\mpengine.dll
2011-04-25 17:57:32 -------- d-----w- c:\users\giridhar\appdata\roaming\Malwarebytes
2011-04-25 17:57:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 17:57:19 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-25 17:57:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 17:57:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-25 15:03:53 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-25 14:23:37 -------- d-----w- c:\program files\common files\WebM Project
2011-04-25 14:20:46 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-25 14:19:59 40112 ----a-w- c:\windows\avastSS.scr
2011-04-25 14:19:33 -------- d-----w- c:\progra~2\Alwil Software
2011-04-25 14:16:05 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{c42ba154-4657-4351-8aac-b948978a8e84}\gapaengine.dll
2011-04-25 14:16:05 -------- d-----w- c:\users\giridhar\appdata\local\Immunet
2011-04-25 14:16:05 -------- d-----w- c:\progra~2\Immunet
2011-04-25 14:15:40 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-04-25 14:15:34 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-04-25 14:15:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-25 14:15:03 -------- d-----w- c:\program files\Immunet Protect
2011-04-25 14:09:13 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-25 11:47:41 -------- d-----w- c:\program files\Syser
2011-04-21 07:18:03 -------- d-----w- c:\users\giridhar\appdata\local\ElevatedDiagnostics
2011-04-20 23:17:24 -------- d-----w- c:\program files\common files\AMD
2011-04-20 23:16:41 -------- d-----w- c:\program files\AMD APP
2011-04-20 00:37:36 -------- d-----w- c:\users\giridhar\.vim-fuf-data
2011-04-19 23:41:08 -------- d-----w- c:\users\giridhar\appdata\roaming\Hummingbird
2011-04-19 23:41:08 -------- d-----w- c:\program files\Hummingbird
2011-04-16 14:04:28 -------- d-----w- c:\users\giridhar\cr3
2011-04-16 11:04:38 -------- d-----w- c:\users\giridhar\ChartNexus
2011-04-16 01:31:30 -------- d-----w- C:\ctags
2011-04-16 01:17:35 -------- d-----w- c:\program files\vim
2011-04-15 17:41:33 -------- d-----w- c:\users\giridhar\appdata\local\TSVNCache
2011-04-14 21:42:07 -------- d-----w- c:\users\giridhar\appdata\roaming\TortoiseSVN
2011-04-14 21:40:08 -------- d-----w- c:\users\giridhar\appdata\roaming\Subversion
2011-04-14 21:39:42 -------- d-----w- c:\program files\TortoiseSVN
2011-04-14 21:39:42 -------- d-----w- c:\program files\common files\TortoiseOverlays
2011-04-14 21:27:38 -------- d-----w- c:\users\giridhar\.idlerc
2011-04-13 21:25:49 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-13 21:25:49 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-13 21:25:49 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-13 21:25:02 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-10 22:30:05 -------- d-----w- c:\program files\SyncToy 2.1
2011-04-10 22:20:38 -------- d-----w- c:\users\giridhar\appdata\roaming\calibre
2011-04-10 22:17:46 -------- d-----w- c:\program files\Calibre2
2011-04-10 19:22:38 125328 ----a-w- c:\windows\system32\drivers\dne2000.sys
2011-04-10 19:22:38 106768 ----a-w- c:\windows\system32\dneinobj.dll
2011-04-10 19:21:45 -------- d-----w- c:\program files\common files\Deterministic Networks
2011-04-10 19:21:34 -------- d-----w- c:\program files\Cisco Systems
2011-04-10 15:50:32 -------- d-----w- C:\Downloads
2011-04-10 15:48:28 -------- d-----w- c:\users\giridhar\appdata\local\FileServe Manager
2011-04-10 15:47:46 -------- d-----w- c:\program files\FileServe Manager
2011-04-10 15:47:46 -------- d-----w- c:\progra~2\FileServe Limited
2011-04-04 23:19:46 -------- d-----w- c:\program files\common files\iSpirit
2011-04-04 23:11:22 -------- d-----w- c:\users\giridhar\appdata\roaming\Free Download Manager
2011-04-04 23:11:15 -------- d-----w- c:\progra~2\FreeDownloadManager.ORG
2011-04-04 23:11:14 -------- d-----w- c:\program files\Free Download Manager
2011-04-03 14:59:09 -------- d-----w- c:\program files\QuoteTracker
2011-04-03 12:31:54 57056 ----a-r- c:\users\giridhar\appdata\roaming\microsoft\installer\{748fbfc5-9d60-4058-9136-a862af552cc2}\pdfico.exe
2011-04-03 12:31:53 52960 ----a-r- c:\users\giridhar\appdata\roaming\microsoft\installer\{748fbfc5-9d60-4058-9136-a862af552cc2}\sysaxico.exe
2011-04-03 12:31:53 52960 ----a-r- c:\users\giridhar\appdata\roaming\microsoft\installer\{748fbfc5-9d60-4058-9136-a862af552cc2}\htmico.exe
2011-04-03 12:31:53 48864 ----a-r- c:\users\giridhar\appdata\roaming\microsoft\installer\{748fbfc5-9d60-4058-9136-a862af552cc2}\chmico.exe
2011-04-03 12:31:38 -------- d-----w- c:\program files\SysaxServer
2011-04-03 12:31:38 -------- d-----w- c:\progra~2\Codeorigin
2011-04-03 00:06:27 -------- d-----w- c:\windows\system32\SPReview
2011-04-03 00:05:10 -------- d-----w- c:\windows\system32\EventProviders
2011-04-02 23:53:59 508904 ----a-w- c:\windows\system32\winload.exe
2011-04-02 23:52:59 67584 ----a-w- c:\windows\system32\certprop.dll
2011-04-02 23:51:35 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-02 23:51:35 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-02 23:51:35 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-02 23:51:34 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-02 23:51:09 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-02 23:50:51 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-02 23:50:51 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-02 23:49:42 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-02 23:49:41 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-02 23:06:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-02 22:58:53 -------- d-----w- c:\windows\en
2011-04-02 22:58:13 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-04-02 22:52:41 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-02 22:52:41 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-02 22:52:41 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-02 20:13:03 15712 ----a-w- c:\program files\common files\windows live\.cache\5f2970321cbf17220\MeshBetaRemover.exe
2011-04-02 20:12:39 94040 ----a-w- c:\program files\common files\windows live\.cache\5022050c1cbf17218\DSETUP.dll
2011-04-02 20:12:39 525656 ----a-w- c:\program files\common files\windows live\.cache\5022050c1cbf17218\DXSETUP.exe
2011-04-02 20:12:39 1691480 ----a-w- c:\program files\common files\windows live\.cache\5022050c1cbf17218\dsetup32.dll
2011-04-02 20:12:37 525656 ----a-w- c:\program files\common files\windows live\.cache\4e05acd31cbf17217\DXSETUP.exe
2011-04-02 20:12:36 94040 ----a-w- c:\program files\common files\windows live\.cache\4e05acd31cbf17217\DSETUP.dll
2011-04-02 20:12:36 1691480 ----a-w- c:\program files\common files\windows live\.cache\4e05acd31cbf17217\dsetup32.dll
2011-04-02 20:11:33 -------- d-----w- c:\users\giridhar\appdata\local\Windows Live
2011-03-31 23:11:26 -------- d-----w- C:\Perl
2011-03-31 22:35:56 -------- d-----w- C:\Python27
2011-03-31 07:23:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-30 20:26:38 -------- d-----w- c:\program files\Veoh_Web_Player
2011-03-30 20:26:11 -------- d-----w- c:\program files\Veoh Networks
2011-03-29 18:52:12 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-29 18:52:12 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-29 18:52:11 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-28 19:48:07 -------- d-----w- c:\program files\Haali
2011-03-28 19:43:58 -------- d-----w- c:\program files\CoreCodec
2011-03-27 18:55:58 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-03-27 18:55:24 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-03-27 18:30:29 -------- d-----w- c:\users\giridhar\FAH
2011-03-27 13:07:53 -------- d-----w- c:\users\giridhar\appdata\roaming\Helios
2011-03-27 13:07:41 -------- d-----w- c:\program files\TextPad 5
2011-03-27 10:38:42 -------- d-----w- c:\users\giridhar\appdata\roaming\Folding@home-gpu
.
==================== Find3M ====================
.
2011-04-03 00:15:08 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-25 18:39:10 8114 ----a-w- c:\progra~2\xml982A.tmp
2011-03-25 18:39:10 2263 ----a-w- c:\progra~2\xml9DF6.tmp
2011-03-25 18:39:10 14007 ----a-w- c:\progra~2\xml9D4A.tmp
2011-03-15 05:01:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-12 05:35:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-02-07 10:48:26 353280 ----a-w- c:\windows\system32\pythoncom27.dll
2011-02-07 10:48:26 109568 ----a-w- c:\windows\system32\pywintypes27.dll
2011-02-07 10:48:22 1060864 ----a-w- c:\windows\system32\MFC71.dll
2011-02-07 10:47:56 2431488 ----a-w- c:\windows\system32\python27.dll
2011-01-26 23:00:44 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 22:59:46 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 22:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:55:54 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-26 22:53:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 22:53:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 22:53:34 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 22:49:44 4105728 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-26 22:32:12 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-26 22:28:52 4170752 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-26 22:27:50 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 22:27:40 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 22:25:50 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 22:24:18 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-26 22:20:44 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:14:06 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:13:52 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13:42 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-26 22:12:40 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 22:08:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll
.
============= FINISH: 19:42:20.98 ===============
Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/03/2011 14:09:58
System Uptime: 25/04/2011 18:44:16 (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R425/R525
Processor: AMD Athlon(tm) II Dual-Core M340 | Socket S1G3 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 65.4 GiB free.
D: is FIXED (NTFS) - 184 GiB total, 146.912 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP71: 25/04/2011 14:35:53 - Installed calibre
RP72: 25/04/2011 14:47:06 - Windows Update
RP73: 25/04/2011 14:49:39 - Restore Operation
RP74: 25/04/2011 15:11:18 - Installed calibre
RP75: 25/04/2011 15:14:48 - Windows Update
RP76: 25/04/2011 15:18:36 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
ActivePerl 5.12.3 Build 1204
ActiveState ActivePython 2.7.1.4 (32-bit)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Alice Greenfingers
AMD APP KernelAnalyzer 1.8
AMD APP Profiler 2.2
AMD APP SDK Developer
AMD APP SDK Runtime
AMD APP SDK Samples
AMD Fuel
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros Client Installation Program
ATI Catalyst Install Manager
µTorrent
avast! Free Antivirus
BatteryLifeExtender
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Bonbon Quest
Bonjour
Cake Mania
calibre
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help English
Cisco Systems VPN Client 5.0.04.0300
Compatibility Pack for the 2007 Office system
Conduit Engine
CoreAVC Professional Edition (remove only)
CPUID CPU-Z 1.57
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink YouCam
D3DX10
Daycare Nightmare
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
Exceed onDemand Client 6 (Web Deployed)
FileServe Manager 1.0.0.2428
Flip Words
Folding@home-gpu
Folding@home-x86
Fraps
Free Download Manager 3.0
Galapago
Game Pack
Gem Shop
Google Apps
Google Chrome
Google Desktop
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPU Caps Viewer 1.10.2
Haali Media Splitter
Hummingbird Component Deployment
Immunet Protect
Insaniquarium Deluxe
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Mahjong Escape Ancient China
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee Security Scan Plus
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 4.0 (x86 en-GB)
MSVCRT
NovaBench 3.0.2
Picasa 3
PuTTY version 0.60
QuickTime
QuoteTracker
Realtek High Definition Audio Driver
runtime
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
SamsungMovie
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SiSoftware Sandra Lite 2011.SP1a
Skype™ 5.1
Slingo
Spyware Doctor with AntiVirus 8.0
Synaptics Pointing Device Driver
SyncToy 2.1 (x86)
Sysax Multi Server 5
TextPad 5
The KMPlayer (remove only)
TortoiseSVN 1.6.15.21042 (32 bit)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User Guide
uTorrentBar Toolbar
Veoh Web Player
Veoh Web Player Toolbar
Vim 7.3 (self-installing)
VLC media player 1.1.9
WebM Media Foundation Components
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 (32-bit)
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
25/04/2011 18:46:43, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/04/2011 17:09:09, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
25/04/2011 16:15:05, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/04/2011 16:13:29, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
25/04/2011 16:11:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
25/04/2011 14:56:08, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
25/04/2011 14:54:25, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
25/04/2011 13:01:19, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x9f1d7e18, 0x00000001, 0x87040002, 0x00000002). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 042511-23337-01.
24/04/2011 18:45:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.
24/04/2011 06:38:09, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
22/04/2011 17:55:06, Error: bowser [8003] - The master browser has received a server announcement from the computer SRINISLAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7E684EA2-C0E4-436E-B396-FFF82. The master browser is stopping or an election is being forced.
21/04/2011 15:36:15, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
21/04/2011 08:28:32, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
21/04/2011 08:26:37, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
21/04/2011 08:25:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
20/04/2011 00:15:38, Error: Service Control Manager [7000] - The McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/04/2011 00:15:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McShield service to connect.
20/04/2011 00:12:13, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
20/04/2011 00:12:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
.
==== End Of File ===========================

Please help me.

Regards,
Giri
 
Welcome to TechSpot! I'll help with the malware. Give me a few minutes to check these logs and I will be back for the next step.

Are you having any other system problems that may be related to malware other than the AV alert?

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Thank you very much.
The system became unstable all of a sudden after trying to install one program (my antivirus did not detect at that time)
Taking long time to boot.
After that I installed avast, ms essentials, and immunet protect. Only immunet protect detected.

Regards,
Giri
 
Well, I got this far:
AV: avast! Antivirus
AV: Microsoft Security Essentials
AV: Spyware Doctor with AntiVirus
AV: Immunet Protect
SP: avast! Antivirus
SP: Microsoft Security Essentials
SP: Windows Defender *Disabled/Outdated*
SP: Spyware Doctor
FW: McAfee Firewall *
Click to expand...

You have 4 antivirus programs> that's 3 too many!
Your have2 Firewalls> That's 1 too many!

Microsoft Security Essentials> Antivirus, Firewall, Antimalware
Avast> Antivirus, Antimalware
Spyware Doctor> Antivirus, Antimalware
McAfee> Firewall (Security Suite is installed
Spyware Doctor> from PC Tools> Antivirus, Antimalware
Immunet Protect Free > Antivirus. Describes itself as "fast layer of protection that's compatible with existing antivirus." It appears that this runs in Real Time, with no updates. I will be recommending that you remove it.
Windows Defender> Antimalware> Outdated
Having too much security, especially for AV and FW, can make a system more vulnerable, not less.
------------------------------------------
Please get the security down to one antivirus, one firewall, 2 good antimalware progroms. Uninstall the others. Reboot the computer when through.

NOTE: Looking at the running processes indicates that you have the McAfee Security Suite, not just the FW. And if you look at the Error Events, ALL the antivirus programs are having a problem!

I would be interested to know which security program said it detected Win32Crypt?
========================
There are entries to be removed. When you get the security thinned out, please run the following:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
====================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Looks like we were posting at the same time. Please go ahead with uninstalling some of the security programs. They're not working right anyway as you have too many programs trying to do the same thing!

Please run Combofix and the Eset scan after you have finished with the security and rebooted.
 
Hi,

I downloaded and installed Norton 360. Now I have only Norton and Immunet.
I could not find windows defender, it still shows up logs.
Few things I missed to mention earlier.

I don't see option to boot into safemode, when the system got infected system crashed and I got blue screen and I might have allowed that to happen.

I use samsung laptop, it has recovery partition. And I have C and D drive.
Can I just do complete restore? would this solve problem? or would it still have some virus?

Below are logs from my scans.
ESET

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=0affd0f055517d41bb763fcb50f7b88a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-26 03:31:45
# local_time=2011-04-26 04:31:45 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 42879 42879 0 0
# compatibility_mode=3589 16777213 100 84 546 54442948 0 0
# compatibility_mode=5893 16776573 66 85 1986766 56250443 0 0
# compatibility_mode=8192 67108863 100 0 176 176 0 0
# scanned=194916
# found=0
# cleaned=0
# scan_time=4654
ESETSmartInstaller@High as downloader log:
all ok

Combofix

ComboFix 11-04-25.02 - giridhar 26/04/2011 11:08:31.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3070.1855 [GMT 1:00]
Running from: c:\users\giridhar\Downloads\ComboFix.exe
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Possible infected sites -----
.
hxxp://liveupdate.symantecliveupdate.com
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-26 10:18 . 2011-04-26 10:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-26 10:18 . 2011-04-26 10:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-26 08:39 . 2011-04-26 08:39 -------- d-----w- c:\users\giridhar\AppData\Local\CrashDumps
2011-04-26 02:23 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A380AF4-815A-400C-B4F9-1C7CF8799D02}\mpengine.dll
2011-04-26 02:11 . 2011-04-26 02:11 -------- d-----w- c:\program files\ESET
2011-04-26 01:23 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-26 01:22 . 2011-04-26 01:22 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-26 01:22 . 2011-04-26 02:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-04-26 01:22 . 2011-04-26 01:22 -------- d-----w- c:\program files\Symantec
2011-04-26 00:31 . 2011-04-26 00:31 -------- d-----w- c:\windows\system32\drivers\N360
2011-04-26 00:31 . 2011-04-26 00:31 -------- d-----w- c:\program files\Norton 360
2011-04-26 00:31 . 2011-04-26 10:02 -------- d-----w- c:\programdata\Norton
2011-04-26 00:29 . 2011-04-26 10:02 -------- d-----w- c:\program files\NortonInstaller
2011-04-26 00:17 . 2011-04-26 00:17 -------- d-----w- c:\program files\Sophos
2011-04-25 17:57 . 2011-04-25 17:57 -------- d-----w- c:\users\giridhar\AppData\Roaming\Malwarebytes
2011-04-25 17:57 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 17:57 . 2011-04-25 17:57 -------- d-----w- c:\programdata\Malwarebytes
2011-04-25 17:57 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 17:57 . 2011-04-25 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-25 14:23 . 2011-04-25 14:23 -------- d-----w- c:\program files\Common Files\WebM Project
2011-04-25 14:19 . 2011-04-25 14:19 -------- d-----w- c:\programdata\Alwil Software
2011-04-25 14:19 . 2011-04-25 14:19 -------- d-----w- c:\program files\Alwil Software
2011-04-25 14:16 . 2011-04-25 14:16 -------- d-----w- c:\programdata\Immunet
2011-04-25 14:16 . 2011-04-25 14:16 -------- d-----w- c:\users\giridhar\AppData\Local\Immunet
2011-04-25 14:15 . 2011-04-25 14:15 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-04-25 14:15 . 2011-04-25 14:15 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-04-25 14:15 . 2011-02-02 17:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-25 14:15 . 2011-04-26 08:38 -------- d-----w- c:\program files\Immunet Protect
2011-04-25 11:47 . 2011-04-25 20:59 -------- d-----w- c:\program files\Syser
2011-04-24 14:42 . 2011-04-25 20:59 -------- d-----w- c:\program files\Safari
2011-04-21 07:18 . 2011-04-21 07:18 -------- d-----w- c:\users\giridhar\AppData\Local\ElevatedDiagnostics
2011-04-20 23:17 . 2011-04-20 23:17 -------- d-----w- c:\program files\Common Files\AMD
2011-04-20 23:16 . 2011-04-20 23:17 -------- d-----w- c:\program files\AMD APP
2011-04-20 00:37 . 2011-04-20 00:37 -------- d-----w- c:\users\giridhar\.vim-fuf-data
2011-04-19 23:41 . 2011-04-19 23:41 -------- d-----w- c:\users\giridhar\AppData\Roaming\Hummingbird
2011-04-19 23:41 . 2011-04-19 23:41 -------- d-----w- c:\program files\Hummingbird
2011-04-19 23:40 . 2011-04-19 23:40 -------- d-----w- c:\program files\PuTTY
2011-04-16 18:22 . 2011-04-25 23:31 -------- d-----w- c:\users\giridhar\AppData\Roaming\skypePM
2011-04-16 14:04 . 2011-04-16 14:06 -------- d-----w- c:\users\giridhar\cr3
2011-04-16 11:04 . 2011-04-16 12:21 -------- d-----w- c:\users\giridhar\ChartNexus
2011-04-16 01:31 . 2011-04-16 01:31 -------- d-----w- C:\ctags
2011-04-16 01:17 . 2011-04-16 01:17 -------- d-----w- c:\program files\vim
2011-04-15 17:41 . 2011-04-26 10:01 -------- d-----w- c:\users\giridhar\AppData\Local\TSVNCache
2011-04-14 21:42 . 2011-04-14 21:42 -------- d-----w- c:\users\giridhar\AppData\Roaming\TortoiseSVN
2011-04-14 21:40 . 2011-04-14 21:40 -------- d-----w- c:\users\giridhar\AppData\Roaming\Subversion
2011-04-14 21:39 . 2011-04-14 21:39 -------- d-----w- c:\program files\TortoiseSVN
2011-04-14 21:39 . 2011-04-14 21:39 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2011-04-14 21:27 . 2011-04-14 21:27 -------- d-----w- c:\users\giridhar\.idlerc
2011-04-13 21:25 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-13 21:25 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-13 21:25 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-13 21:25 . 2011-03-03 03:42 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-10 22:30 . 2011-04-10 22:30 -------- d-----w- c:\program files\SyncToy 2.1
2011-04-10 22:28 . 2011-04-10 22:28 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-04-10 22:20 . 2011-04-11 19:40 -------- d-----w- c:\users\giridhar\AppData\Roaming\calibre
2011-04-10 22:17 . 2011-04-25 14:13 -------- d-----w- c:\program files\Calibre2
2011-04-10 19:22 . 2008-03-29 16:36 106768 ----a-w- c:\windows\system32\dneinobj.dll
2011-04-10 19:22 . 2008-03-29 16:36 125328 ----a-w- c:\windows\system32\drivers\dne2000.sys
2011-04-10 19:21 . 2011-04-10 19:21 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2011-04-10 19:21 . 2011-04-10 19:21 -------- d-----w- c:\program files\Cisco Systems
2011-04-10 15:50 . 2011-04-10 15:50 -------- d-----w- C:\Downloads
2011-04-10 15:48 . 2011-04-25 23:55 -------- d-----w- c:\users\giridhar\AppData\Local\FileServe Manager
2011-04-10 15:47 . 2011-04-10 15:47 -------- d-----w- c:\programdata\FileServe Limited
2011-04-04 23:19 . 2011-04-04 23:20 -------- d-----w- c:\program files\Common Files\iSpirit
2011-04-04 23:11 . 2011-04-04 23:40 -------- d-----w- c:\users\giridhar\AppData\Roaming\Free Download Manager
2011-04-04 23:11 . 2011-04-04 23:11 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2011-04-04 23:11 . 2011-04-04 23:11 -------- d-----w- c:\program files\Free Download Manager
2011-04-03 14:59 . 2011-04-25 15:22 -------- d-----w- c:\program files\QuoteTracker
2011-04-03 12:31 . 2011-04-03 12:31 -------- d-----w- c:\programdata\Codeorigin
2011-04-03 00:06 . 2011-04-03 00:06 -------- d-----w- c:\windows\system32\SPReview
2011-04-03 00:05 . 2011-04-03 00:05 -------- d-----w- c:\windows\system32\EventProviders
2011-04-02 23:53 . 2010-11-20 12:24 508904 ----a-w- c:\windows\system32\winload.exe
2011-04-02 23:52 . 2010-11-20 12:21 30208 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\winprint.dll
2011-04-02 23:51 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-02 23:51 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-02 23:51 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-02 23:51 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-02 23:51 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-02 23:50 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-02 23:50 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-02 23:49 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-02 23:49 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-02 23:06 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-02 22:58 . 2011-04-02 22:58 -------- d-----w- c:\windows\en
2011-04-02 22:58 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-04-02 22:52 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-02 22:52 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-02 22:52 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-02 20:13 . 2011-04-02 20:13 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\5f2970321cbf17220\MeshBetaRemover.exe
2011-04-02 20:12 . 2011-04-02 20:12 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\5022050c1cbf17218\DSETUP.dll
2011-04-02 20:12 . 2011-04-02 20:12 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\5022050c1cbf17218\DXSETUP.exe
2011-04-02 20:12 . 2011-04-02 20:12 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\5022050c1cbf17218\dsetup32.dll
2011-04-02 20:12 . 2011-04-02 20:12 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\4e05acd31cbf17217\DXSETUP.exe
2011-04-02 20:12 . 2011-04-02 20:12 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\4e05acd31cbf17217\DSETUP.dll
2011-04-02 20:12 . 2011-04-02 20:12 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\4e05acd31cbf17217\dsetup32.dll
2011-04-02 20:11 . 2011-04-02 20:11 -------- d-----w- c:\users\giridhar\AppData\Local\Windows Live
2011-04-01 02:06 . 2011-04-01 02:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-03-31 23:11 . 2011-03-31 23:19 -------- d-----w- C:\Perl
2011-03-31 22:35 . 2011-04-25 13:53 -------- d-----w- C:\Python27
2011-03-31 07:23 . 2011-03-31 07:23 -------- d-----w- c:\program files\Common Files\Java
2011-03-31 07:23 . 2011-03-31 07:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-31 07:23 . 2011-03-31 07:23 -------- d-----w- c:\program files\Java
2011-03-30 20:26 . 2011-03-30 20:26 -------- d-----w- c:\program files\Veoh_Web_Player
2011-03-30 20:26 . 2011-03-30 20:26 -------- d-----w- c:\program files\Veoh Networks
2011-03-29 18:52 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-29 18:52 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-29 18:52 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-28 19:48 . 2011-03-28 19:48 -------- d-----w- c:\program files\Haali
2011-03-28 19:43 . 2011-03-28 19:43 -------- d-----w- c:\program files\CoreCodec
2011-03-27 18:55 . 2011-03-27 18:55 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-03-27 18:55 . 2011-03-27 18:55 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-03-27 18:30 . 2011-03-27 18:40 -------- d-----w- c:\users\giridhar\FAH
2011-03-27 14:14 . 2011-03-27 14:14 -------- d-----w- c:\program files\7-Zip
2011-03-27 13:07 . 2011-03-27 13:07 -------- d-----w- c:\users\giridhar\AppData\Roaming\Helios
2011-03-27 13:07 . 2011-03-27 13:07 -------- d-----w- c:\program files\TextPad 5
2011-03-27 11:59 . 2011-03-27 11:59 -------- d-----w- c:\users\Public\CyberLink
2011-03-27 10:38 . 2011-03-27 10:38 -------- d-----w- c:\users\giridhar\AppData\Roaming\Folding@home-gpu
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-03 00:15 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-02 22:54 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-25 18:39 . 2011-03-25 18:39 2263 ----a-w- c:\programdata\xml9DF6.tmp
2011-03-25 18:39 . 2011-03-25 18:39 14007 ----a-w- c:\programdata\xml9D4A.tmp
2011-03-25 18:39 . 2011-03-25 18:39 8114 ----a-w- c:\programdata\xml982A.tmp
2011-03-25 15:52 . 2011-03-25 15:52 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-25 15:52 . 2011-03-25 15:52 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-25 15:52 . 2011-03-25 15:52 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-25 15:52 . 2011-03-25 15:52 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-25 15:52 . 2011-03-25 15:52 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-25 15:52 . 2011-03-25 15:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-25 15:52 . 2011-03-25 15:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-25 15:52 . 2011-03-25 15:52 367104 ----a-w- c:\windows\system32\html.iec
2011-03-25 15:52 . 2011-03-25 15:52 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-25 15:52 . 2011-03-25 15:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-25 15:52 . 2011-03-25 15:52 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-25 15:52 . 2011-03-25 15:52 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-25 15:52 . 2011-03-25 15:52 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-25 15:52 . 2011-03-25 15:52 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-25 15:52 . 2011-03-25 15:52 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-25 15:52 . 2011-03-25 15:52 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-25 15:52 . 2011-03-25 15:52 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-25 15:52 . 2011-03-25 15:52 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-25 15:52 . 2011-03-25 15:52 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-25 15:52 . 2011-03-25 15:52 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-25 15:52 . 2011-03-25 15:52 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-15 05:01 . 2011-03-15 05:01 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-07 10:48 . 2011-02-07 10:48 353280 ----a-w- c:\windows\system32\pythoncom27.dll
2011-02-07 10:48 . 2011-02-07 10:48 109568 ----a-w- c:\windows\system32\pywintypes27.dll
2011-02-07 10:48 . 2011-02-07 10:48 1060864 ----a-w- c:\windows\system32\MFC71.dll
2011-02-07 10:47 . 2011-02-07 10:47 2431488 ----a-w- c:\windows\system32\python27.dll
2011-02-03 05:54 . 2011-03-25 15:08 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 23:36 . 2011-01-26 23:36 7566848 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2010-08-06 18:36 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:55 . 2011-01-26 22:55 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-26 22:53 . 2010-08-06 18:36 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 22:49 . 2010-08-06 18:36 4105728 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-26 22:28 . 2011-01-26 22:28 4170752 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 22:24 . 2011-01-26 22:24 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-26 22:20 . 2010-08-06 18:36 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 238592 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2010-08-06 18:36 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-26 22:12 . 2011-01-26 22:12 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-18 17:57 . 2011-03-25 15:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeoh.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 12:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2010-06-13 18:10 2734688 ----a-w- c:\program files\Veoh_Web_Player\tbVeoh.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeoh.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-25 39408]
"Norton Download Manager{NBRT35-B23-4abb-B07C-C084B04B4F12}"="c:\users\Public\Downloads\Norton\{NBRT35-B23-4abb-B07C-C084B04B4F12}\NBRT-Retail-Downloader.exe" [2011-04-26 399032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-25 30192]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-03-25 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Immunet Protect"="c:\program files\Immunet Protect\2.0.17\iptray.exe" [2011-04-25 2615624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^giridhar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Folding@home-gpu.lnk]
path=c:\users\giridhar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home-gpu.lnk
backup=c:\windows\pss\Folding@home-gpu.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\giridhar\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 17:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-25 20:05 399736 ----a-w- c:\users\giridhar\Downloads\utorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
R1 MpKsldbbae6b5;MpKsldbbae6b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CC8DE26-FB67-4006-A5C6-58E90B6570FA}\MpKsldbbae6b5.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
R2 ImmunetProtect;Immunet Protect;c:\program files\Immunet Protect\2.0.17\agent.exe [2011-04-25 756680]
R3 FZOBRFTDQ;FZOBRFTDQ;c:\users\giridhar\AppData\Local\Temp\FZOBRFTDQ.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-25 30192]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\161F.tmp [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP1a\RpcAgentSrv.exe [2009-08-10 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-26 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0500000.07D\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS [2010-11-18 652336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110419.001\BHDrvx86.sys [2011-04-15 802936]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110425.001\IDSvix86.sys [2011-03-14 353912]
S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [2011-04-25 41424]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [2011-04-25 31184]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 10752]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0500000.07D\Ironx86.SYS [2010-11-16 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360\0500000.07D\SYMNETS.SYS [2010-12-01 295032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 284672]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe [2010-11-24 130000]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-26 102448]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 30392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-25 15:44]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 15:45]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 15:45]
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2710976732-3104117540-3585796290-1000Core.job
- c:\users\giridhar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-26 15:46]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2710976732-3104117540-3585796290-1000UA.job
- c:\users\giridhar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-26 15:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\giridhar\AppData\Roaming\Mozilla\Firefox\Profiles\9dvu231c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\161F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2710976732-3104117540-3585796290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2710976732-3104117540-3585796290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-26 11:31:42
ComboFix-quarantined-files.txt 2011-04-26 10:31
ComboFix2.txt 2011-04-26 09:05
.
Pre-Run: 71,585,468,416 bytes free
Post-Run: 71,300,395,008 bytes free
.
- - End Of File - - 63A7304ADAF5D28120E90FFD3F6872B5

Regards,
Giri
 
I am at a loss to understand why you downloaded Norton when you already had 4 AV programs running!
And it is strange to wonder why a cloud AV was the only one to find Win32/Crypt.

Here's what happening: Immunet Protect is conflicting with the Avast scanning process. As Avast extracts a file into that temporary folder Immunet Protect is hooking/locking the file so that it can scan it. That effectively blocks Avast from scanning it.

If Immunet weren't there then Avast would scan the file (and hopefully alert and deal with it according to the pre-set actions and clear the _avast5_ folder) or even if it was not detected avast cleans up after the scan emptying the _avast5_ folder.

Avast can't scan it as Immunet has the file locked- not that Avast hasn't detected it. It will put the file in a folder similar to this: C:\Windows\Temp\_avast5_\unp204022784.tmp.
(With help from Avast Support for others having the same find and problem.)
Click to expand...

Note: Norton plays even less better with other security programs. I highly recommend that you uninstall;; thee Immune Protect program and let Norton it's job.

If you need more convincing, the following are security-related errors from the past week:
The McShield service terminated unexpectedly. It has done this 2 time(s).
The McShield service terminated unexpectedly. It has done this 1 time(s).
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
The McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
A timeout was reached (30000 milliseconds) while waiting for the McShield service to connect.
The Windows Firewall service terminated with service-specific error Access is denied..
The avast! Antivirus service hung on starting.
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.
The Microsoft Antimalware Service service terminated unexpectedly
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
Click to expand...

There are 4 different security programs represented above which are either crashing or failing to start. I can promise you that Norton has an intense dislike of any other security program getting in it's way! This will make your system more vulnerable and possibly cause it to miss and/or remove malware entries.

Tell me please- are you having any problems that could be related to malware other that this Win32/Crypt find?
 
Since yesterday I dint see any warnings.
After the first time blue screen (i guess that is just after system got infected) mcafee stopped working.
Also I can't see safe boot options only recovery and normal boot are available, firewalls were turned off, as well real time protection.

There may be virus in MBR but not sure how to check/delete them.

I'm using laptop with recovery partition.
If I do complete restore could I remove all viruses including MBR?

Thanks for your time. If restore cures the problem I would like to do that been spending all the time sorting this out.

Regards,
Giri
 
If I do complete restore could I remove all viruses including MBR?
Click to expand...
There is no indication of a rootkit or bootkit malware infections.

You don't do a restore because the antivuruses are argueing over which one if going to protect you!
Please remove Immunet Protect It will conflict with the Norton security.
=====================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
KillAll::
File::
c:\users\giridhar\Downloads\utorrent.exe
c:\users\giridhar\AppData\Local\Temp\FZOBRFTDQ.exe
c:\windows\system32\161F.tmp

Folder::
c:\programdata\Alwil Software> uninstall
c:\program files\Alwil Software
DDS::
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110325201413.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.0.2237.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
uRun: [uTorrent] "c:\users\giridhar\downloads\utorrent.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=- 
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

Driver::
FZOBRFTDQ
MEMSWEEP2
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
==============================================
Please remove Immunet Protect It will conflict with the Norton security.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
842
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back