Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Browser redirect to click.get-answers.fast.com and other junk website links

This is a discussion on Browser redirect to click.get-answers.fast.com and other junk website links within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I have similar issues like the thread: "Re: .dll files missing, browser opens new tabs, google search redirects", except


 
 
Thread Tools Search this Thread
Old 05-30-2012, 05:11 AM   #1
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



Hello,

I have similar issues like the thread: "Re: .dll files missing, browser opens new tabs, google search redirects", except that my browser does not open new tabs. I implemented some of the best practices given in this thread on page 2 like installing WOT and Winpatrol and also used lots of softwares like malwarebytes, tdsskiller, rkill, spybot S & D, Mcafee, also running them at times from my pen-drive but all efforts in vain. I think after using MVPS HOST FILE, I have succeeded only to the point that in google chrome when the browser tries to redirect to a junk website, it says "oops chrome could not find it", which is GOOD since chrome is somewhere blocking it. However, I don't have the same consistency in Firefox, where the links still successfully redirect to bad websites. Basically, the problem of redirection still lies in IE, Chrome and Firefox.
Fyi, although I might have gotten the Windows Install Disk or a Boot CD with the purchase of this machine, it is hard to locate since we have not finished our unpacking as yet.

I paste the dds.txt log here and attach the attach.zip and ark.zip according to instructions.
dds.txt:-
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Mihir at 758 on 2012-05-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2684 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\NOTEPAD.EXE
C:\Users\Mihir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mihir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mihir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mihir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mihir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mihir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mihir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Mihir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uSearch Page = Google
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120507102705.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
StartupFolder: C:\Users\Mihir\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AD8DC805-2E71-4C86-9DE0-5218918258D7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AD8DC805-2E71-4C86-9DE0-5218918258D7}\022456C6B696E6F5D4D444F5C4D4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AD8DC805-2E71-4C86-9DE0-5218918258D7}\84F4D454D243534383 : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120507102705.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-20 98208]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-20 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-5-7 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-5-7 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-5-7 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-5-7 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-5-7 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-5-7 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-7 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-20 2320920]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-21 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-21 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-20 225280]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-28 13:28:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-28 01:07:02 -------- d-----w- C:\Users\Mihir\AppData\Roaming\WinPatrol
2012-05-28 0142 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-05-28 0140 -------- d-----w- C:\ProgramData\InstallMate
2012-05-28 00:05:43 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2012-05-28 00:05:42 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-05-27 21:58:21 98816 ----a-w- C:\Windows\sed.exe
2012-05-27 21:58:21 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-27 21:58:21 256000 ----a-w- C:\Windows\PEV.exe
2012-05-27 21:58:21 208896 ----a-w- C:\Windows\MBR.exe
2012-05-26 01:31:20 -------- d-----w- C:\Users\Mihir\AppData\Roaming\Malwarebytes
2012-05-26 01:31:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-26 01:07:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-26 00:25:32 -------- d-----w- C:\sh4ldr
2012-05-26 00:25:32 -------- d-----w- C:\Program Files\Enigma Software Group
2012-05-26 00:23:43 -------- d-----w- C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP
2012-05-26 00:23:40 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-05-26 00:17:50 -------- d-----w- C:\Windows\pss
2012-05-25 00:27:27 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-09 19:00:29 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 19:00:23 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 19:00:01 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 18:59:53 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 18:59:44 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 18:59:40 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 18:58:21 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 18:56:56 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 18:56:44 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 18:56:40 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-07 14:27:25 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-05-07 14:27:05 29272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-05-07 14:27:04 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-05-07 14:27:03 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-05-07 14:26:57 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-05-07 14:26:57 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-05-07 14:26:57 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-05-07 14:26:57 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-05-07 14:26:57 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-05-07 14:26:57 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-05-07 14:26:43 -------- d-----w- C:\Program Files\McAfee.com
2012-05-07 14:26:43 -------- d-----w- C:\Program Files\McAfee
2012-05-07 14:26:29 -------- d-----w- C:\Program Files (x86)\McAfee
2012-05-07 14:12:47 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-05-07 14:12:45 215336 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-05-07 14:12:45 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-05-07 14:12:45 1390640 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-05-07 14:12:44 400168 ----a-w- C:\Windows\System32\SynCOM.dll
2012-05-07 14:12:44 271144 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-05-07 14:12:44 214312 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-05-07 14:12:44 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-05-07 13:46:30 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-05-07 13:32:04 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-05-07 13:15:24 -------- d-----w- C:\Users\Mihir\AppData\Local\Mozilla
.
==================== Find3M ====================
.
2012-05-25 00:27:09 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-19 13:23:51 60 ----a-w- C:\Windows\wpd99.drv
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 7:10:04.17 ===============

I am not allowed to use my personal machine at work so will take action on replies as soon as I get back home and monitor messages. Thank you! for your kind help.
Attached Files
File Type: zip Attach.zip (3.1 KB, 60 views)
File Type: zip ark.zip (112 Bytes, 52 views)
fido.sevenup is offline  
Sponsored Links
Advertisement
 
Old 06-02-2012, 03:50 PM   #2
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi,

Please run the following:


download Farbar Recovery Scan Tool and save it to a flash drive.

(you need the 64bit version)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
CatByte is offline  
Old 06-04-2012, 04:34 AM   #3
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



Hello,

Thank you for responding. I have Microsoft Windows 7 Home Premium Service Pack 1. I have 2 problems. (a) The computer never stops to go to the advanced boot options when F8 is pressed and just starts in normal mode.
(b) I tried going into BIOS setup and other places pressing the ESC key while booting but did not find the "Repair your computer" option anywhere. I also tried using msconfig to get into the safe mode but did not find this option.

I searched a bit on this and found this: Repair your computer in Windows Vista or 7 | www.winhelp.us

From this post, it looks like Windows 7 does not have this option anymore. Since we have just moved, our CDs and other things are still in packing and it is going to take a while to see if and where the Windows 7 Disc is. I don't even remember if we got it from the shop when we purchased our machine 2 years ago. I think the HP brand new machine only had it pre-installed as part of the deal but they did not give us any discs, but I have to check.

The link also gives a method to burn a "System Repair Disc". and I do get the option "Create System Repair Disc". Should I create a disc? If not, can you please suggest an alternative?

Thanks, once again for considering my case and for your time.
fido.sevenup is offline  
Sponsored Links
Advertisement
 
Old 06-04-2012, 04:47 AM   #4
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi, Yes, create the repair disk, here are the instructions:

System Repair Disc - Create - Windows 7 Forums
CatByte is offline  
Old 06-04-2012, 04:58 AM   #5
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



Some Additional Information:
I have a HP machine and I think that probably that is the reason I have go press ESC to enter BIOS setup instead of F8. I also noticed that HP had given some of their own functions like F1 - System information, F2 - System Diagnostics, F9 - Boot Device options F10 (Bios Setup) F11 - System Recovery (For recovering the machine image like it was out of the box and other repair options for problems). All these options have a HP interface and in F11, there is nothing like "Repair my computer", where it takes the holistic approach but there is something like identify/choose a problem and then try to repair it. Hope this provides a good idea of my machine. Thanks.
fido.sevenup is offline  
Old 06-04-2012, 04:59 AM   #6
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



Do I follow the instructions in your first post after the repair disc is created or do the instructions change?
fido.sevenup is offline  
Old 06-04-2012, 07:45 AM   #7
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi,

Yes, follow the instructions given for

"To enter System Recovery Options by using Windows installation disc:"

to enter the recovery environment and run FRST
CatByte is offline  
Old 06-04-2012, 06:07 PM   #8
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



Hello,
Thanks. I created the Windows 7 System Repair Disc (64 bit) and also ran the FRST. Pasted below is the log. Thanks.
Scan result of Farbar Recovery Scan Tool Version: 03-06-2012
Ran by SYSTEM at 04-06-2012 20:46:19
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6486120 2011-05-07] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-28] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [374368 2012-04-15] (BillP Studios)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Mihir\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Mihir\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Mihir\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Mihir\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [140272 2010-05-21] (CinemaNow, Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [34872 2012-02-15] (Hewlett-Packard Development Company, L.P.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-04-13] (Intel Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-03-22] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-03-18] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [243744 2011-07-31] (Realtek Semiconductor Corp.)
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-04 07:46 - 2012-06-04 07:46 - 0000000 ____D C:\Users\All Users\Recovery
2012-06-04 03:08 - 2012-06-04 03:08 - 1395739 ____A C:\Users\Mihir\Desktop\FRST64.exe
2012-05-30 11:21 - 2012-06-04 16:31 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-30 11:21 - 2012-05-30 11:21 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-30 11:21 - 2012-05-30 11:21 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-30 03:42 - 2012-05-30 03:42 - 0000112 ____A C:\Users\Mihir\Desktop\ark.zip
2012-05-30 03:40 - 2012-05-30 03:40 - 0000000 ____A C:\Users\Mihir\Desktop\ark.txt
2012-05-30 03:38 - 2012-05-30 03:38 - 0008648 ____A C:\Users\Mihir\Desktop\Attach.txt
2012-05-30 03:38 - 2012-05-30 03:38 - 0003219 ____A C:\Users\Mihir\Desktop\Attach.zip
2012-05-30 03:14 - 2012-05-30 03:15 - 0302592 ____A C:\Users\Mihir\Desktop\gmer.exe
2012-05-30 03:14 - 2012-05-30 03:14 - 0294216 ____A C:\Users\Mihir\Downloads\gmer.zip
2012-05-30 03:11 - 2012-05-30 03:11 - 0022892 ____A C:\Users\Mihir\Desktop\DDS.txt
2012-05-28 17:16 - 2012-05-28 17:16 - 0607260 ____R (Swearware) C:\Users\Mihir\Downloads\dds.com
2012-05-28 05:28 - 2012-05-28 05:28 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-27 17:12 - 2012-05-27 17:12 - 0147963 ____A C:\Users\Mihir\Downloads\hosts.zip
2012-05-27 17:12 - 2012-05-27 17:12 - 0000000 ____D C:\Users\Mihir\Downloads\hosts
2012-05-27 17:07 - 2012-05-27 17:07 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\WinPatrol
2012-05-27 17:06 - 2012-05-27 17:06 - 0000000 ____D C:\Users\All Users\InstallMate
2012-05-27 17:06 - 2012-05-27 17:06 - 0000000 ____D C:\Program Files (x86)\BillP Studios
2012-05-27 17:05 - 2012-05-27 17:05 - 0854088 ____A (BillP Studios) C:\Users\Mihir\Downloads\wpsetup.exe
2012-05-27 16:05 - 2012-05-27 16:17 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-05-27 16:05 - 2012-05-27 16:05 - 0001083 ____A C:\Users\Mihir\Desktop\SpywareBlaster.lnk
2012-05-27 16:05 - 2010-01-10 14:40 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2012-05-27 15:49 - 2012-05-27 15:49 - 0022166 ____A C:\ComboFix.txt
2012-05-27 13:58 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-27 13:58 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-27 13:58 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-27 13:58 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-27 13:58 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-27 13:58 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-27 13:58 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-27 13:58 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-27 13:57 - 2012-05-27 15:49 - 0000000 ____D C:\Qoobox
2012-05-27 13:57 - 2012-05-27 14:13 - 0000000 ____D C:\Windows\ERDNT
2012-05-27 13:43 - 2012-05-27 13:45 - 0135948 ____A C:\TDSSKiller.2.7.37.0_27.05.2012_17.43.30_log.txt
2012-05-27 05:17 - 2012-05-27 05:17 - 0000361 ____A C:\rkill.log
2012-05-27 04:34 - 2012-05-27 13:57 - 4528653 ____R (Swearware) C:\Users\Mihir\Desktop\ComboFix.exe
2012-05-26 12:31 - 2012-05-26 12:31 - 0000122 ____A C:\Users\Mihir\Desktop\techsupport forum.txt
2012-05-26 08:19 - 2012-05-26 08:19 - 0000458 ____A C:\Users\Mihir\Desktop\script.zip
2012-05-25 17:31 - 2012-05-25 17:31 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\Malwarebytes
2012-05-25 17:31 - 2012-05-25 17:31 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-25 17:22 - 2012-05-25 17:23 - 0133986 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.22.19_log.txt
2012-05-25 17:21 - 2012-05-25 17:21 - 0004214 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.21.53_log.txt
2012-05-25 17:14 - 2012-05-25 17:20 - 0133986 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.14.55_log.txt
2012-05-25 17:13 - 2012-05-25 17:14 - 0133952 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.13.44_log.txt
2012-05-25 17:07 - 2012-05-25 17:07 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-25 17:04 - 2012-05-25 17:08 - 0135490 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.04.38_log.txt
2012-05-25 16:57 - 2012-05-25 16:57 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2012-05-25 16:57 - 2012-05-25 16:57 - 0000000 ____D C:\users\Administrator
2012-05-25 16:25 - 2012-05-25 16:56 - 0000000 ____D C:\sh4ldr
2012-05-25 16:25 - 2012-05-25 16:25 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-05-25 16:23 - 2012-05-25 16:56 - 0000000 ____D C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP
2012-05-25 16:17 - 2012-05-25 16:17 - 0000000 ____D C:\Windows\pss
2012-05-25 16:01 - 2012-05-25 16:01 - 0522961 ____A C:\Users\Mihir\Desktop\Doc2.docx
2012-05-24 16:27 - 2012-05-24 16:27 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-24 16:27 - 2012-05-24 16:27 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-24 16:27 - 2012-05-24 16:27 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-24 16:27 - 2012-05-24 16:27 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-22 13:23 - 2012-05-22 13:45 - 0013796 ____A C:\Users\Mihir\Desktop\GAF Warranty.docx
2012-05-19 06:02 - 2012-05-19 06:02 - 5681250 ____A C:\Users\Mihir\Desktop\BettyCrocker_BestofSpring2012.pdf
2012-05-19 05:23 - 2012-05-19 05:23 - 0163855 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation2.pdf
2012-05-19 05:20 - 2012-05-19 05:20 - 0172976 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation1.pdf
2012-05-19 05:16 - 2012-05-19 05:16 - 0151308 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation.pdf
2012-05-19 05:01 - 2012-05-19 05:01 - 0001262 ____A C:\Users\Mihir\Desktop\Spybot - Search & Destroy.lnk
2012-05-19 04:59 - 2012-05-19 04:59 - 16409960 ____A (Safer Networking Limited ) C:\Users\Mihir\Downloads\spybotsd162.exe
2012-05-09 11:00 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-09 11:00 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 11:00 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 10:59 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-09 10:59 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 10:59 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 10:58 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-09 10:56 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-07 06:28 - 2012-06-04 04:54 - 0001828 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2012-05-07 06:27 - 2012-05-07 06:27 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-05-07 06:27 - 2012-02-22 09:29 - 0010248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-05-07 06:26 - 2012-05-07 18:39 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-05-07 06:26 - 2012-05-07 06:28 - 0000000 ____D C:\Program Files\McAfee
2012-05-07 06:26 - 2012-05-07 06:26 - 0000000 ____D C:\Program Files\McAfee.com
2012-05-07 06:26 - 2012-02-22 09:29 - 0487296 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-05-07 06:26 - 2012-02-22 09:29 - 0289664 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-05-07 06:26 - 2012-02-22 09:29 - 0229528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-05-07 06:26 - 2012-02-22 09:29 - 0100912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-05-07 06:26 - 2012-02-22 09:29 - 0075936 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2012-05-07 06:26 - 2012-02-22 09:29 - 0065264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-05-07 06:12 - 2012-05-07 06:12 - 1390640 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2012-05-07 06:12 - 2012-05-07 06:12 - 0400168 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0271144 ____A (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0215336 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0214312 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0173352 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0147752 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo4.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0107816 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2012-05-07 06:05 - 2012-05-07 06:21 - 0000342 ____A C:\Windows\Tasks\HPCeeScheduleForMIHIRANU$.job
2012-05-07 05:46 - 2012-05-07 06:27 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-05-07 05:32 - 2012-05-07 15:25 - 0000000 ____D C:\Users\All Users\McAfee
2012-05-07 05:32 - 2012-03-20 09:11 - 0162192 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-05-07 05:15 - 2012-05-07 05:15 - 0000000 ____D C:\Users\Mihir\AppData\Local\Mozilla
2012-05-07 05:14 - 2012-05-29 10:58 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-07 05:14 - 2012-05-07 05:14 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-07 05:05 - 2012-05-07 05:05 - 16339280 ____A (Mozilla) C:\Users\Mihir\Downloads\Firefox Setup 12.0.exe


============ 3 Months Modified Files and Folders =============

2012-06-04 20:46 - 2012-06-04 20:45 - 0000000 ____D C:\FRST
2012-06-04 16:39 - 2012-01-21 16:40 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-04 16:38 - 2010-09-20 16:57 - 3062255616 __ASH C:\hiberfil.sys
2012-06-04 16:38 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-04 16:38 - 2009-07-13 20:51 - 0131255 ____A C:\Windows\setupact.log
2012-06-04 16:37 - 2010-09-20 17:00 - 1269400 ____A C:\Windows\WindowsUpdate.log
2012-06-04 16:31 - 2012-05-30 11:21 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-04 16:25 - 2012-01-21 16:40 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-04 16:25 - 2010-11-26 15:15 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2770126039-2069946603-1444546800-1002UA.job
2012-06-04 07:46 - 2012-06-04 07:46 - 0000000 ____D C:\Users\All Users\Recovery
2012-06-04 04:54 - 2012-05-07 06:28 - 0001828 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2012-06-04 04:52 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-04 04:52 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-04 03:13 - 2012-01-22 14:51 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForMihir.job
2012-06-04 03:13 - 2009-07-13 21:08 - 0032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-04 03:11 - 2011-05-03 06:11 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-04 03:11 - 2010-11-26 14:31 - 0000000 ____D C:\users\Mihir
2012-06-04 03:10 - 2011-10-29 17:14 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-06-04 03:08 - 2012-06-04 03:08 - 1395739 ____A C:\Users\Mihir\Desktop\FRST64.exe
2012-06-01 10:46 - 2010-11-26 15:15 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2770126039-2069946603-1444546800-1002Core.job
2012-06-01 10:43 - 2010-11-26 14:31 - 0000000 ____D C:\Users\Mihir\AppData\LocalLow
2012-05-30 11:21 - 2012-05-30 11:21 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-30 11:21 - 2012-05-30 11:21 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-30 11:21 - 2011-06-28 09:27 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-30 04:20 - 2010-11-26 19:26 - 0802878 ____A C:\Windows\PFRO.log
2012-05-30 03:42 - 2012-05-30 03:42 - 0000112 ____A C:\Users\Mihir\Desktop\ark.zip
2012-05-30 03:40 - 2012-05-30 03:40 - 0000000 ____A C:\Users\Mihir\Desktop\ark.txt
2012-05-30 03:38 - 2012-05-30 03:38 - 0008648 ____A C:\Users\Mihir\Desktop\Attach.txt
2012-05-30 03:38 - 2012-05-30 03:38 - 0003219 ____A C:\Users\Mihir\Desktop\Attach.zip
2012-05-30 03:15 - 2012-05-30 03:14 - 0302592 ____A C:\Users\Mihir\Desktop\gmer.exe
2012-05-30 03:14 - 2012-05-30 03:14 - 0294216 ____A C:\Users\Mihir\Downloads\gmer.zip
2012-05-30 03:11 - 2012-05-30 03:11 - 0022892 ____A C:\Users\Mihir\Desktop\DDS.txt
2012-05-29 10:58 - 2012-05-07 05:14 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-29 10:58 - 2012-04-05 03:58 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\Mozilla
2012-05-28 17:16 - 2012-05-28 17:16 - 0607260 ____R (Swearware) C:\Users\Mihir\Downloads\dds.com
2012-05-28 05:28 - 2012-05-28 05:28 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-27 18:30 - 2011-05-09 20:11 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\SoftGrid Client
2012-05-27 17:42 - 2011-07-29 18:44 - 0000000 ____D C:\Users\Mihir\Documents\2059 Suzanne
2012-05-27 17:12 - 2012-05-27 17:12 - 0147963 ____A C:\Users\Mihir\Downloads\hosts.zip
2012-05-27 17:12 - 2012-05-27 17:12 - 0000000 ____D C:\Users\Mihir\Downloads\hosts
2012-05-27 17:12 - 2009-07-13 18:34 - 0604003 ____A C:\Windows\System32\Drivers\etc\HOSTS
2012-05-27 17:07 - 2012-05-27 17:07 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\WinPatrol
2012-05-27 17:06 - 2012-05-27 17:06 - 0000000 ____D C:\Users\All Users\InstallMate
2012-05-27 17:06 - 2012-05-27 17:06 - 0000000 ____D C:\Program Files (x86)\BillP Studios
2012-05-27 17:05 - 2012-05-27 17:05 - 0854088 ____A (BillP Studios) C:\Users\Mihir\Downloads\wpsetup.exe
2012-05-27 16:17 - 2012-05-27 16:05 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-05-27 16:05 - 2012-05-27 16:05 - 0001083 ____A C:\Users\Mihir\Desktop\SpywareBlaster.lnk
2012-05-27 15:49 - 2012-05-27 15:49 - 0022166 ____A C:\ComboFix.txt
2012-05-27 15:49 - 2012-05-27 13:57 - 0000000 ____D C:\Qoobox
2012-05-27 15:44 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-05-27 14:16 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-05-27 14:13 - 2012-05-27 13:57 - 0000000 ____D C:\Windows\ERDNT
2012-05-27 13:57 - 2012-05-27 04:34 - 4528653 ____R (Swearware) C:\Users\Mihir\Desktop\ComboFix.exe
2012-05-27 13:45 - 2012-05-27 13:43 - 0135948 ____A C:\TDSSKiller.2.7.37.0_27.05.2012_17.43.30_log.txt
2012-05-27 05:29 - 2010-07-15 13:33 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-27 05:17 - 2012-05-27 05:17 - 0000361 ____A C:\rkill.log
2012-05-27 05:15 - 2009-07-13 21:13 - 0727310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-26 12:31 - 2012-05-26 12:31 - 0000122 ____A C:\Users\Mihir\Desktop\techsupport forum.txt
2012-05-26 08:36 - 2012-02-24 14:22 - 0000000 ____D C:\Users\Mihir\AppData\Local\ElevatedDiagnostics
2012-05-26 08:19 - 2012-05-26 08:19 - 0000458 ____A C:\Users\Mihir\Desktop\script.zip
2012-05-25 17:31 - 2012-05-25 17:31 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\Malwarebytes
2012-05-25 17:31 - 2012-05-25 17:31 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-25 17:23 - 2012-05-25 17:22 - 0133986 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.22.19_log.txt
2012-05-25 17:21 - 2012-05-25 17:21 - 0004214 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.21.53_log.txt
2012-05-25 17:20 - 2012-05-25 17:14 - 0133986 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.14.55_log.txt
2012-05-25 17:14 - 2012-05-25 17:13 - 0133952 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.13.44_log.txt
2012-05-25 17:08 - 2012-05-25 17:04 - 0135490 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.04.38_log.txt
2012-05-25 17:07 - 2012-05-25 17:07 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-25 16:57 - 2012-05-25 16:57 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2012-05-25 16:57 - 2012-05-25 16:57 - 0000000 ____D C:\users\Administrator
2012-05-25 16:56 - 2012-05-25 16:25 - 0000000 ____D C:\sh4ldr
2012-05-25 16:56 - 2012-05-25 16:23 - 0000000 ____D C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP
2012-05-25 16:25 - 2012-05-25 16:25 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-05-25 16:17 - 2012-05-25 16:17 - 0000000 ____D C:\Windows\pss
2012-05-25 16:01 - 2012-05-25 16:01 - 0522961 ____A C:\Users\Mihir\Desktop\Doc2.docx
2012-05-25 12:43 - 2011-06-07 10:22 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-24 16:27 - 2012-05-24 16:27 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-24 16:27 - 2012-05-24 16:27 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-24 16:27 - 2012-05-24 16:27 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-24 16:27 - 2012-05-24 16:27 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-24 16:27 - 2010-07-15 13:33 - 0472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-22 13:45 - 2012-05-22 13:23 - 0013796 ____A C:\Users\Mihir\Desktop\GAF Warranty.docx
2012-05-19 13:30 - 2011-06-07 10:22 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-19 06:02 - 2012-05-19 06:02 - 5681250 ____A C:\Users\Mihir\Desktop\BettyCrocker_BestofSpring2012.pdf
2012-05-19 05:23 - 2012-05-19 05:23 - 0163855 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation2.pdf
2012-05-19 05:23 - 2011-05-09 04:13 - 0000060 ____A C:\Windows\wpd99.drv
2012-05-19 05:23 - 2011-05-09 04:13 - 0000000 ____D C:\Users\All Users\pdf995
2012-05-19 05:20 - 2012-05-19 05:20 - 0172976 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation1.pdf
2012-05-19 05:16 - 2012-05-19 05:16 - 0151308 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation.pdf
2012-05-19 05:01 - 2012-05-19 05:01 - 0001262 ____A C:\Users\Mihir\Desktop\Spybot - Search & Destroy.lnk
2012-05-19 04:59 - 2012-05-19 04:59 - 16409960 ____A (Safer Networking Limited ) C:\Users\Mihir\Downloads\spybotsd162.exe
2012-05-16 06:13 - 2011-06-21 15:32 - 0000000 ____D C:\Users\Mihir\AppData\Local\CrashDumps
2012-05-10 04:02 - 2009-07-13 20:45 - 0303856 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-09 20:20 - 2011-10-15 04:01 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 20:05 - 2010-07-15 13:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-09 04:23 - 2011-05-25 10:58 - 0000000 ____D C:\Users\Mihir\Documents\Mira
2012-05-08 19:27 - 2012-04-11 19:07 - 0000000 ___HD C:\Users\Mihir\Desktop\.picasaoriginals
2012-05-07 18:39 - 2012-05-07 06:26 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-05-07 15:25 - 2012-05-07 05:32 - 0000000 ____D C:\Users\All Users\McAfee
2012-05-07 06:28 - 2012-05-07 06:26 - 0000000 ____D C:\Program Files\McAfee
2012-05-07 06:27 - 2012-05-07 06:27 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-05-07 06:27 - 2012-05-07 05:46 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-05-07 06:26 - 2012-05-07 06:26 - 0000000 ____D C:\Program Files\McAfee.com
2012-05-07 06:21 - 2012-05-07 06:05 - 0000342 ____A C:\Windows\Tasks\HPCeeScheduleForMIHIRANU$.job
2012-05-07 06:20 - 2010-09-20 17:19 - 0000000 ____D C:\Users\All Users\Norton
2012-05-07 06:14 - 2010-09-20 17:03 - 0009606 ____A C:\Windows\DPINST.LOG
2012-05-07 06:12 - 2012-05-07 06:12 - 1390640 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2012-05-07 06:12 - 2012-05-07 06:12 - 0400168 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0271144 ____A (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0215336 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0214312 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0173352 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0147752 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo4.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0107816 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2012-05-07 06:12 - 2009-09-06 16:40 - 0000000 ____D C:\SwSetup
2012-05-07 05:15 - 2012-05-07 05:15 - 0000000 ____D C:\Users\Mihir\AppData\Local\Mozilla
2012-05-07 05:14 - 2012-05-07 05:14 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-07 05:05 - 2012-05-07 05:05 - 16339280 ____A (Mozilla) C:\Users\Mihir\Downloads\Firefox Setup 12.0.exe
2012-04-29 07:07 - 2011-05-13 15:33 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\Skype
2012-04-27 14:22 - 2012-04-27 14:22 - 0193940 ____N C:\Users\Mihir\Desktop\Print - https Greeting Cards, Birthday Cards, Photo Cards | Cardstore.com checkout displayOrderConfirmation.pdf
2012-04-25 04:54 - 2012-04-25 04:54 - 0422729 ____A C:\Users\Mihir\Downloads\dwsup (10).pdf
2012-04-25 04:54 - 2012-04-25 04:54 - 0422726 ____A C:\Users\Mihir\Downloads\dwsup (9).pdf
2012-04-25 04:52 - 2012-04-25 04:52 - 0422726 ____A C:\Users\Mihir\Downloads\dwsup (8).pdf
2012-04-22 09:45 - 2012-04-22 09:45 - 0000403 ____A C:\Users\Mihir\Desktop\Pooja's diet.txt
2012-04-19 19:51 - 2012-04-14 18:46 - 0219648 ____A C:\Users\Mihir\Downloads\LEASE (1).doc
2012-04-17 11:10 - 2010-11-26 14:41 - 0068784 ____A C:\Users\Mihir\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-17 03:41 - 2012-04-17 03:41 - 0339555 ____A C:\Users\Mihir\Downloads\Dhond pport.pdf
2012-04-17 03:40 - 2012-04-17 03:40 - 0000110 ____A C:\Users\Mihir\Desktop\icici notes.txt
2012-04-16 17:59 - 2012-04-16 17:59 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\Catalina Marketing Corp
2012-04-16 04:15 - 2012-04-16 04:15 - 0216176 ____A C:\Users\Mihir\Desktop\Dhond_Resume.pdf
2012-04-14 12:54 - 2012-04-09 19:34 - 0136192 ____A C:\Users\Mihir\Downloads\LEASE.doc
2012-04-12 20:42 - 2012-04-12 20:42 - 0260052 ____A C:\Users\Mihir\Desktop\Lease_2010-11-27_Mihir_Dhon_FP001222800.txt
2012-04-10 16:29 - 2012-04-10 16:29 - 0978560 ____A C:\Users\Mihir\Downloads\Lease_2010-11-27_Mihir_Dhon_FP001222800.pdf
2012-03-30 22:05 - 2012-05-09 11:00 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 10:59 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 10:59 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 10:59 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:01 - 2012-03-29 12:54 - 0010618 ____A C:\Users\Mihir\Desktop\Jacob.xlsx
2012-03-30 03:35 - 2012-05-09 10:56 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 12:40 - 2012-03-29 12:40 - 0442861 ____N C:\Users\Mihir\Desktop\Print - 104 Tulip Tree Ct, Jupiter, FL 33458 to 104 Tulip Tree Ct, Jer, FL 33458 - Google Maps.pdf
2012-03-29 12:37 - 2012-03-29 12:37 - 0567325 ____N C:\Users\Mihir\Desktop\Print - 104 Tulip Tree Ct, Jupiter, FL 33458 to 104 Tulip Tree Ct, Jupiter, FL 33458 - Google Maps.pdf
2012-03-27 03:47 - 2012-03-25 08:35 - 0000000 ____D C:\Users\Mihir\Desktop\September
2012-03-27 00:47 - 2012-03-27 00:47 - 0029696 ____A C:\Users\Mihir\Downloads\app checklist.wiz
2012-03-26 11:49 - 2012-03-26 11:49 - 0021504 ____A C:\Users\Mihir\Downloads\aai-baba trip planning.xls
2012-03-24 14:24 - 2012-03-24 14:24 - 0151611 ____A C:\Users\Mihir\Downloads\Aai3.jpg
2012-03-24 14:24 - 2012-03-24 14:24 - 0138803 ____A C:\Users\Mihir\Downloads\Aai4 (1).jpg
2012-03-24 14:23 - 2012-03-24 14:23 - 0138803 ____A C:\Users\Mihir\Downloads\Aai4.jpg
2012-03-24 14:23 - 2012-03-24 14:23 - 0131710 ____A C:\Users\Mihir\Downloads\baba4.jpg
2012-03-24 14:22 - 2012-03-24 14:22 - 0127986 ____A C:\Users\Mihir\Downloads\baba3.jpg
2012-03-24 14:22 - 2012-03-24 14:22 - 0127986 ____A C:\Users\Mihir\Downloads\baba3 (1).jpg
2012-03-24 14:12 - 2012-03-24 14:12 - 0048128 ____A C:\Users\Mihir\Downloads\DHOND_SHEELA_MRS_E_TCK_ON_DL.doc
2012-03-24 14:11 - 2012-03-24 14:11 - 0048128 ____A C:\Users\Mihir\Downloads\DHOND_SADANAND_MR_E_TCK_ON_DL.doc
2012-03-24 13:59 - 2010-07-15 11:14 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-03-22 11:12 - 2012-03-22 11:12 - 4435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-20 09:11 - 2012-05-07 05:32 - 0162192 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-03-18 03:45 - 2012-03-18 03:45 - 0000000 ____D C:\Users\Mihir\AppData\Local\{4709916D-BB2B-4C76-9A0B-3F4D99F7ED7F}
2012-03-18 03:45 - 2012-03-18 03:44 - 0000000 ____D C:\Users\Mihir\AppData\Local\{68E76F45-D052-4CED-8F10-71805281B97D}
2012-03-18 03:44 - 2011-05-11 05:48 - 0000000 ____D C:\Users\Mihir\AppData\Local\Windows Live
2012-03-16 23:58 - 2012-05-09 10:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 15:26 - 2012-03-15 15:26 - 0158229 ____A C:\Users\Mihir\Desktop\amx.jpg
2012-03-13 08:49 - 2012-03-13 08:49 - 0038609 ____N C:\Users\Mihir\Desktop\Print - my health & wellness center.pdf
2012-03-11 20:30 - 2011-11-16 12:03 - 0000000 ____D C:\Users\Mihir\Desktop\Receipts
2012-03-07 10:12 - 2012-03-07 10:12 - 0000000 ____D C:\Users\Mihir\AppData\Local\{BDEE8740-6C91-49D1-8959-9A50E6F79AFA}
2012-03-07 10:12 - 2012-03-07 10:12 - 0000000 ____D C:\Users\Mihir\AppData\Local\{47A9FC8F-699E-4812-AA3F-FB7F9C6E1E09}
2012-03-07 05:36 - 2012-03-07 05:36 - 0025948 ____A C:\Users\Mihir\Downloads\20120307082529603.pdf

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3893.86 MB
Available physical RAM: 3193.12 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3181.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:216.59 GB) (Free:100.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:16 GB) (Free:2.31 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
4 Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.26 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:0.24 GB) (Free:0.18 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 248 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 216 GB 200 MB
Partition 3 Primary 15 GB 216 GB
Partition 4 Primary 103 MB 232 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 216 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 15 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 248 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 248 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-01 16:27

======================= End Of Log ==========================
fido.sevenup is offline  
Old 06-04-2012, 06:25 PM   #9
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Code:
start
SubSystems: [Windows] ==> ZeroAccess
2012-03-18 03:45 - 2012-03-18 03:45 - 0000000 ____D C:\Users\Mihir\AppData\Local\{4709916D-BB2B-4C76-9A0B-3F4D99F7ED7F}
2012-03-18 03:45 - 2012-03-18 03:44 - 0000000 ____D C:\Users\Mihir\AppData\Local\{68E76F45-D052-4CED-8F10-71805281B97D}
2012-03-07 10:12 - 2012-03-07 10:12 - 0000000 ____D C:\Users\Mihir\AppData\Local\{BDEE8740-6C91-49D1-8959-9A50E6F79AFA}
2012-03-07 10:12 - 2012-03-07 10:12 - 0000000 ____D C:\Users\Mihir\AppData\Local\{47A9FC8F-699E-4812-AA3F-FB7F9C6E1E09}
2012-05-25 16:23 - 2012-05-25 16:56 - 0000000 ____D C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT

delete the copy of ComboFix from your desktop and download a fresh copy from the link below,

make sure your security programs are disabled and run it, post the resulting log.

https://download.bleepingcomputer.com/sUBs/ComboFix.exe
CatByte is offline  
Old 06-04-2012, 07:30 PM   #10
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



Hello,
Thanks. I did according to your instructions and pasting both, fixlog and combofix logs below:
Fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 2012-06-04 21:49:42 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Users\Mihir\AppData\Local\{4709916D-BB2B-4C76-9A0B-3F4D99F7ED7F} moved successfully.
C:\Users\Mihir\AppData\Local\{68E76F45-D052-4CED-8F10-71805281B97D} moved successfully.
C:\Users\Mihir\AppData\Local\{BDEE8740-6C91-49D1-8959-9A50E6F79AFA} moved successfully.
C:\Users\Mihir\AppData\Local\{47A9FC8F-699E-4812-AA3F-FB7F9C6E1E09} moved successfully.
C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP moved successfully.

==== End of Fixlog ====

combofix log

ComboFix 12-06-04.02 - Mihir 06/04/2012 22:02:59.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2700 [GMT -4:00]
Running from: c:\users\Mihir\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 04:45 . 2012-06-05 04:47 -------- d-----w- C:\FRST
2012-06-05 02:14 . 2012-06-05 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 15:46 . 2012-06-05 05:46 -------- d-----w- c:\programdata\Recovery
2012-05-30 19:21 . 2012-05-30 19:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-30 19:21 . 2012-05-30 19:21 -------- d-----w- c:\windows\system32\Macromed
2012-05-28 01:07 . 2012-05-28 01:07 -------- d-----w- c:\users\Mihir\AppData\Roaming\WinPatrol
2012-05-28 01:06 . 2012-05-28 01:06 -------- d-----w- c:\program files (x86)\BillP Studios
2012-05-28 01:06 . 2012-05-28 01:06 -------- d-----w- c:\programdata\InstallMate
2012-05-28 00:05 . 2010-01-10 22:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-05-28 00:05 . 2012-05-28 00:17 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-05-26 01:31 . 2012-05-26 01:31 -------- d-----w- c:\users\Mihir\AppData\Roaming\Malwarebytes
2012-05-26 01:31 . 2012-05-26 01:31 -------- d-----w- c:\programdata\Malwarebytes
2012-05-26 01:07 . 2012-05-26 01:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-26 00:57 . 2012-05-26 00:57 -------- d-----w- c:\users\Administrator
2012-05-26 00:25 . 2012-05-26 00:56 -------- d-----w- C:\sh4ldr
2012-05-26 00:25 . 2012-05-26 00:25 -------- d-----w- c:\program files\Enigma Software Group
2012-05-26 00:23 . 2012-05-26 00:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-25 00:54 . 2012-05-25 00:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-25 00:27 . 2012-05-25 00:27 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 19:00 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 19:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 19:00 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 18:59 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 18:59 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 18:59 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 18:58 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 18:56 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 18:56 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 18:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-07 14:27 . 2012-02-22 17:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-05-07 14:27 . 2012-05-07 14:27 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-05-07 14:26 . 2012-02-22 17:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-05-07 14:26 . 2012-02-22 17:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-05-07 14:26 . 2012-02-22 17:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-05-07 14:26 . 2012-02-22 17:29 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-05-07 14:26 . 2012-02-22 17:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-05-07 14:26 . 2012-02-22 17:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-05-07 14:26 . 2012-05-07 14:28 -------- d-----w- c:\program files\McAfee
2012-05-07 14:26 . 2012-05-08 02:39 -------- d-----w- c:\program files (x86)\McAfee
2012-05-07 14:12 . 2012-05-07 14:12 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-05-07 14:12 . 2012-05-07 14:12 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-05-07 14:12 . 2012-05-07 14:12 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-05-07 14:12 . 2012-05-07 14:12 1390640 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-05-07 14:12 . 2012-05-07 14:12 400168 ----a-w- c:\windows\system32\SynCOM.dll
2012-05-07 14:12 . 2012-05-07 14:12 271144 ----a-w- c:\windows\system32\SynCtrl.dll
2012-05-07 14:12 . 2012-05-07 14:12 214312 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-05-07 14:12 . 2012-05-07 14:12 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-05-07 13:46 . 2012-05-07 14:27 -------- d-----w- c:\program files\Common Files\McAfee
2012-05-07 13:32 . 2012-03-20 17:11 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-05-07 13:32 . 2012-05-07 23:25 -------- d-----w- c:\programdata\McAfee
2012-05-07 13:15 . 2012-05-07 13:15 -------- d-----w- c:\users\Mihir\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 19:21 . 2011-06-28 17:27 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-25 00:27 . 2010-07-15 21:33 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-17 01:59 . 2012-04-17 01:59 485576 ----a-w- c:\users\Mihir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((( [email protected]_22.12.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-05-26 23:08 . 2012-05-26 23:08 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-06-05 01:44 . 2012-06-05 01:44 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-07-15 19:17 . 2012-06-05 01:52 58506 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-05 01:52 51842 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-26 22:33 . 2012-06-05 01:52 21600 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2770126039-2069946603-1444546800-1002_UserData.bin
+ 2010-11-27 03:26 . 2012-06-05 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-27 03:26 . 2012-05-27 14:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-27 03:26 . 2012-06-05 01:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-27 03:26 . 2012-05-27 14:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-05 01:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-27 14:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-27 12:22 . 2012-05-27 12:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-05 01:50 . 2012-06-05 01:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-05 01:50 . 2012-06-05 01:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-27 12:22 . 2012-05-27 12:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-30 19:21 . 2012-05-30 19:21 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-30 19:21 . 2012-05-30 19:21 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-05-30 19:21 . 2012-05-30 19:21 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-09-08 12:33 . 2012-06-04 21:56 233150 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-05-03 18:54 . 2012-06-05 00:25 266582 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-05-27 13:15 624856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-05 01:43 624856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-05 01:43 106942 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-27 13:15 106942 c:\windows\system32\perfc009.dat
+ 2012-05-30 19:21 . 2012-05-30 19:21 631456 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
+ 2012-05-30 19:21 . 2012-05-30 19:21 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll
- 2009-07-14 05:01 . 2012-05-26 23:08 281856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-05 01:45 281856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-15 11:10 . 2012-05-08 01:43 579376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2770126039-2069946603-1444546800-1002-12288.dat
+ 2011-12-15 11:10 . 2012-05-30 20:33 579376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2770126039-2069946603-1444546800-1002-12288.dat
+ 2010-09-21 01:41 . 2012-06-05 01:44 1938792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-09-21 01:41 . 2012-05-26 23:08 1938792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-11-26 22:50 . 2012-06-05 01:45 2451062 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2770126039-2069946603-1444546800-1002-8192.dat
+ 2011-10-16 04:41 . 2012-06-05 01:45 13842148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2770126039-2069946603-1444546800-1002-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368]
.
c:\users\Mihir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-31 243744]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 19:21]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 00:40]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 00:40]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2770126039-2069946603-1444546800-1002Core.job
- c:\users\Mihir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 23:15]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2770126039-2069946603-1444546800-1002UA.job
- c:\users\Mihir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 23:15]
.
2012-06-04 c:\windows\Tasks\HPCeeScheduleForMihir.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-05-07 c:\windows\Tasks\HPCeeScheduleForMIHIRANU$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-07 6486120]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
.
------- Supplementary Scan -------
.
uStart Page = Google
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-04 22:18:49
ComboFix-quarantined-files.txt 2012-06-05 02:18
ComboFix2.txt 2012-05-27 23:49
ComboFix3.txt 2012-05-27 22:16
.
Pre-Run: 108,971,941,888 bytes free
Post-Run: 108,924,182,528 bytes free
.
- - End Of File - - A56334C132DBB39C89F28390893FEA75
fido.sevenup is offline  
Old 06-04-2012, 07:40 PM   #11
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please advise how the computer is running now and if there are any outstanding issues
CatByte is offline  
Old 06-05-2012, 08:05 PM   #12
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



Hello,
Thanks. I ran both, Malwarebytes and ESET Online scanner and here are the logs:

Malwarebytes LOG:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.05.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mihir :: MIHIRANU [administrator]
Protection: Disabled
6/5/2012 7:48:02 PM
mbam-log-2012-06-05 (19-48-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221298
Time elapsed: 7 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

ESET Online Scanner Log:
It found 1 infected file
HTML/Scrlnject.B.Gen virus

The scanner shows that it is on step 3 out of 4 but shows that scanning is 100% complete but I did not get any separate results page or a "List of threats found" "Button". In the current scan result it just shows the 1 infected file name that I have typed above. Please let me know how you want me to treat it. Meanwhile, while I have refrained from using this machine while we are running repairs, let me know if I can try to use it for browsing as a test to see if the problem is resolved. I will then test all 3 browsers - Firefox, IE and Chrome and let you know the results. Thanks!
fido.sevenup is offline  
Old 06-05-2012, 08:09 PM   #13
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



ESET SCAN LOG from the downloaded text file:

C:\Users\Mihir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWQ5Y0ID\the-approval-central_com[1].htm HTML/ScrInject.B.Gen virus
fido.sevenup is offline  
Old 06-06-2012, 03:33 PM   #14
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



Hello,

Unfortunately, the behavior still persists, where I get redirected not necessarily to click-.get* but to one or other junk websites. Mcafee Site Advisor warns me of the redirected websites, which it did before too and obviously I do not click on those but the "redirection" behavior still persists.
fido.sevenup is offline  
Old 06-06-2012, 03:38 PM   #15
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



is it occurring in all three browsers?

Please delete the copy of FRST that you have on your desktop and download a fresh copy (it has been updated to deal with newer variants)

please run a fresh FRST scan and post the resulting log

Farbar Recovery Scan Tool


C:\Users\Mihir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWQ5Y0ID\the-approval-central_com[1].htm

This file can be removed by deleting your temporary Internet files,

please run this Temp File Cleaner which will do the job for you.

Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
CatByte is offline  
Old 06-07-2012, 06:42 PM   #16
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



Hello,

The issue was(is) occuring in all 3 browsers (FF, Google and IE). I have performed all steps according to your instructions and will be testing chrome and IE for a day or two and get back. Below is the log as requested.

I did everything exactly according to your instructions:
(a) Deleted all cookies, browsing history and temp. internet files from all browsers,
(b) Uninstalled Firefox (here it was occuring the most).
(c) Downloaded a fresh copy of FRST64 and ran it from the command prompt from the system recovery options menu.
(d) Downloaded TFC to my desktop and ran it.
(e) Rebooted after both, the FRST64 and TFC scans were over.

FRST64 Log:

Scan result of Farbar Recovery Scan Tool Version: 06-06-2012 04
Ran by SYSTEM at 07-06-2012 21:14:29
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6486120 2011-05-07] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-28] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [374368 2012-04-15] (BillP Studios)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Mihir\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Mihir\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.)
HKU\Mihir\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Mihir\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Services (Whitelisted) ======
2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [140272 2010-05-21] (CinemaNow, Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [34872 2012-02-15] (Hewlett-Packard Development Company, L.P.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-04-13] (Intel Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-03-18] (Intel Corporation)
========================== Drivers (Whitelisted) =============
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [243744 2011-07-31] (Realtek Semiconductor Corp.)
3 mfeavfk01; [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-07 16:54 - 2012-06-07 16:54 - 01396571 ____A C:\Users\Mihir\Desktop\FRST64.exe
2012-06-06 14:17 - 2012-06-06 14:17 - 00000157 ____A C:\Users\Mihir\Desktop\ESETSCAN.txt
2012-06-05 16:02 - 2012-06-05 16:02 - 00000000 ____D C:\Program Files (x86)\ESET
2012-06-05 15:46 - 2012-06-05 15:46 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-05 15:45 - 2012-06-05 15:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-05 15:45 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-04 20:45 - 2012-06-07 21:14 - 00000000 ____D C:\FRST
2012-06-04 18:27 - 2012-06-04 18:27 - 00000000 __SHD C:\$RECYCLE.BIN
2012-06-04 18:18 - 2012-06-04 18:18 - 00024923 ____A C:\ComboFix.txt
2012-06-04 17:56 - 2012-06-04 17:55 - 04536351 ____R (Swearware) C:\Users\Mihir\Desktop\ComboFix.exe
2012-06-04 17:55 - 2012-06-04 17:55 - 04536351 ____A (Swearware) C:\Users\Mihir\Downloads\ComboFix.exe
2012-06-04 17:54 - 2012-06-04 18:00 - 01989775 ____A (Swearware) C:\Users\Mihir\Desktop\ComboFix.exe.4wdz3cs.partial
2012-06-04 17:51 - 2012-06-04 18:21 - 00000000 ____D C:\Users\Mihir\Desktop\FRST
2012-06-04 17:22 - 2012-06-04 17:23 - 00000000 ____D C:\Users\Mihir\Desktop\Mira
2012-06-04 07:46 - 2012-06-04 21:46 - 00000000 ____D C:\Users\All Users\Recovery
2012-05-30 11:21 - 2012-06-07 16:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-30 11:21 - 2012-05-30 11:21 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-30 11:21 - 2012-05-30 11:21 - 00000000 ____D C:\Windows\System32\Macromed
2012-05-30 03:42 - 2012-05-30 03:42 - 00000112 ____A C:\Users\Mihir\Desktop\ark.zip
2012-05-30 03:40 - 2012-05-30 03:40 - 00000000 ____A C:\Users\Mihir\Desktop\ark.txt
2012-05-30 03:38 - 2012-05-30 03:38 - 00008648 ____A C:\Users\Mihir\Desktop\Attach.txt
2012-05-30 03:38 - 2012-05-30 03:38 - 00003219 ____A C:\Users\Mihir\Desktop\Attach.zip
2012-05-30 03:14 - 2012-05-30 03:15 - 00302592 ____A C:\Users\Mihir\Desktop\gmer.exe
2012-05-30 03:14 - 2012-05-30 03:14 - 00294216 ____A C:\Users\Mihir\Downloads\gmer.zip
2012-05-30 03:11 - 2012-05-30 03:11 - 00022892 ____A C:\Users\Mihir\Desktop\DDS.txt
2012-05-28 17:16 - 2012-05-28 17:16 - 00607260 ____R (Swearware) C:\Users\Mihir\Downloads\dds.com
2012-05-27 17:12 - 2012-05-27 17:12 - 00147963 ____A C:\Users\Mihir\Downloads\hosts.zip
2012-05-27 17:12 - 2012-05-27 17:12 - 00000000 ____D C:\Users\Mihir\Downloads\hosts
2012-05-27 17:07 - 2012-05-27 17:07 - 00000000 ____D C:\Users\Mihir\AppData\Roaming\WinPatrol
2012-05-27 17:06 - 2012-05-27 17:06 - 00000000 ____D C:\Users\All Users\InstallMate
2012-05-27 17:06 - 2012-05-27 17:06 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2012-05-27 17:05 - 2012-05-27 17:05 - 00854088 ____A (BillP Studios) C:\Users\Mihir\Downloads\wpsetup.exe
2012-05-27 16:05 - 2012-05-27 16:17 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-05-27 16:05 - 2012-05-27 16:05 - 00001083 ____A C:\Users\Mihir\Desktop\SpywareBlaster.lnk
2012-05-27 16:05 - 2010-01-10 14:40 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2012-05-27 13:58 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-05-27 13:58 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-05-27 13:58 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-27 13:58 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-27 13:58 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-27 13:58 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-05-27 13:58 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-05-27 13:58 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-05-27 13:57 - 2012-06-04 18:18 - 00000000 ____D C:\Qoobox
2012-05-27 13:57 - 2012-05-27 14:13 - 00000000 ____D C:\Windows\ERDNT
2012-05-27 13:43 - 2012-05-27 13:45 - 00135948 ____A C:\TDSSKiller.2.7.37.0_27.05.2012_17.43.30_log.txt
2012-05-27 05:17 - 2012-05-27 05:17 - 00000361 ____A C:\rkill.log
2012-05-26 12:31 - 2012-05-26 12:31 - 00000122 ____A C:\Users\Mihir\Desktop\techsupport forum.txt
2012-05-26 08:19 - 2012-05-26 08:19 - 00000458 ____A C:\Users\Mihir\Desktop\script.zip
2012-05-25 17:31 - 2012-05-25 17:31 - 00000000 ____D C:\Users\Mihir\AppData\Roaming\Malwarebytes
2012-05-25 17:31 - 2012-05-25 17:31 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-25 17:22 - 2012-05-25 17:23 - 00133986 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.22.19_log.txt
2012-05-25 17:21 - 2012-05-25 17:21 - 00004214 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.21.53_log.txt
2012-05-25 17:14 - 2012-05-25 17:20 - 00133986 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.14.55_log.txt
2012-05-25 17:13 - 2012-05-25 17:14 - 00133952 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.13.44_log.txt
2012-05-25 17:07 - 2012-05-25 17:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-05-25 17:04 - 2012-05-25 17:08 - 00135490 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.04.38_log.txt
2012-05-25 16:57 - 2012-05-25 16:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2012-05-25 16:57 - 2012-05-25 16:57 - 00000000 ____D C:\users\Administrator
2012-05-25 16:25 - 2012-05-25 16:56 - 00000000 ____D C:\sh4ldr
2012-05-25 16:25 - 2012-05-25 16:25 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-05-25 16:17 - 2012-05-25 16:17 - 00000000 ____D C:\Windows\pss
2012-05-25 16:01 - 2012-05-25 16:01 - 00522961 ____A C:\Users\Mihir\Desktop\Doc2.docx
2012-05-24 16:27 - 2012-05-24 16:27 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-24 16:27 - 2012-05-24 16:27 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-24 16:27 - 2012-05-24 16:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-24 16:27 - 2012-05-24 16:27 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-22 13:23 - 2012-05-22 13:45 - 00013796 ____A C:\Users\Mihir\Desktop\GAF Warranty.docx
2012-05-19 06:02 - 2012-05-19 06:02 - 05681250 ____A C:\Users\Mihir\Desktop\BettyCrocker_BestofSpring2012.pdf
2012-05-19 05:23 - 2012-05-19 05:23 - 00163855 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation2.pdf
2012-05-19 05:20 - 2012-05-19 05:20 - 00172976 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation1.pdf
2012-05-19 05:16 - 2012-05-19 05:16 - 00151308 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation.pdf
2012-05-19 05:01 - 2012-05-19 05:01 - 00001262 ____A C:\Users\Mihir\Desktop\Spybot - Search & Destroy.lnk
2012-05-19 04:59 - 2012-05-19 04:59 - 16409960 ____A (Safer Networking Limited ) C:\Users\Mihir\Downloads\spybotsd162.exe
2012-05-09 11:00 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-09 11:00 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 11:00 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 10:59 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-09 10:59 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 10:59 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 10:58 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-09 10:56 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
============ 3 Months Modified Files and Folders =============
2012-06-07 21:14 - 2012-06-04 20:45 - 0000000 ____D C:\FRST
2012-06-07 17:08 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-07 17:08 - 2009-07-13 20:45 - 0023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-07 17:05 - 2012-01-21 16:40 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-07 17:05 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-07 17:05 - 2009-07-13 20:51 - 0132151 ____A C:\Windows\setupact.log
2012-06-07 17:04 - 2010-09-20 16:57 - 3062255616 __ASH C:\hiberfil.sys
2012-06-07 17:01 - 2010-09-20 17:00 - 1382050 ____A C:\Windows\WindowsUpdate.log
2012-06-07 16:58 - 2010-11-26 15:15 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2770126039-2069946603-1444546800-1002UA.job
2012-06-07 16:57 - 2009-07-13 21:13 - 0727310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-07 16:55 - 2012-01-21 16:40 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-07 16:54 - 2012-06-07 16:54 - 1396571 ____A C:\Users\Mihir\Desktop\FRST64.exe
2012-06-07 16:31 - 2012-05-30 11:21 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-07 11:48 - 2012-05-07 06:28 - 0001828 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2012-06-06 14:17 - 2012-06-06 14:17 - 0000157 ____A C:\Users\Mihir\Desktop\ESETSCAN.txt
2012-06-06 12:05 - 2012-05-07 06:05 - 0000342 ____A C:\Windows\Tasks\HPCeeScheduleForMIHIRANU$.job
2012-06-05 16:03 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-06-05 16:02 - 2012-06-05 16:02 - 0000000 ____D C:\Program Files (x86)\ESET
2012-06-05 15:46 - 2012-06-05 15:46 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-05 15:46 - 2012-06-05 15:45 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-05 15:33 - 2012-05-07 06:26 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-06-05 15:33 - 2010-11-26 19:26 - 0804286 ____A C:\Windows\PFRO.log
2012-06-05 11:58 - 2011-05-25 10:58 - 0000000 ____D C:\Users\Mihir\Documents\Mira
2012-06-04 21:46 - 2012-06-04 07:46 - 0000000 ____D C:\Users\All Users\Recovery
2012-06-04 18:27 - 2012-06-04 18:27 - 0000000 __SHD C:\$RECYCLE.BIN
2012-06-04 18:21 - 2012-06-04 17:51 - 0000000 ____D C:\Users\Mihir\Desktop\FRST
2012-06-04 18:18 - 2012-06-04 18:18 - 0024923 ____A C:\ComboFix.txt
2012-06-04 18:18 - 2012-05-27 13:57 - 0000000 ____D C:\Qoobox
2012-06-04 18:14 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-06-04 18:00 - 2012-06-04 17:54 - 1989775 ____A (Swearware) C:\Users\Mihir\Desktop\ComboFix.exe.4wdz3cs.partial
2012-06-04 17:58 - 2010-11-26 14:31 - 0000000 ____D C:\users\Mihir
2012-06-04 17:55 - 2012-06-04 17:56 - 4536351 ____R (Swearware) C:\Users\Mihir\Desktop\ComboFix.exe
2012-06-04 17:55 - 2012-06-04 17:55 - 4536351 ____A (Swearware) C:\Users\Mihir\Downloads\ComboFix.exe
2012-06-04 17:44 - 2011-05-09 20:11 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\SoftGrid Client
2012-06-04 17:23 - 2012-06-04 17:22 - 0000000 ____D C:\Users\Mihir\Desktop\Mira
2012-06-04 03:13 - 2012-01-22 14:51 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForMihir.job
2012-06-04 03:13 - 2009-07-13 21:08 - 0032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-04 03:11 - 2011-05-03 06:11 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-04 03:10 - 2011-10-29 17:14 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-06-01 10:46 - 2010-11-26 15:15 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2770126039-2069946603-1444546800-1002Core.job
2012-06-01 10:43 - 2010-11-26 14:31 - 0000000 ____D C:\Users\Mihir\AppData\LocalLow
2012-05-30 11:21 - 2012-05-30 11:21 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-30 11:21 - 2012-05-30 11:21 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-30 11:21 - 2011-06-28 09:27 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-30 03:42 - 2012-05-30 03:42 - 0000112 ____A C:\Users\Mihir\Desktop\ark.zip
2012-05-30 03:40 - 2012-05-30 03:40 - 0000000 ____A C:\Users\Mihir\Desktop\ark.txt
2012-05-30 03:38 - 2012-05-30 03:38 - 0008648 ____A C:\Users\Mihir\Desktop\Attach.txt
2012-05-30 03:38 - 2012-05-30 03:38 - 0003219 ____A C:\Users\Mihir\Desktop\Attach.zip
2012-05-30 03:15 - 2012-05-30 03:14 - 0302592 ____A C:\Users\Mihir\Desktop\gmer.exe
2012-05-30 03:14 - 2012-05-30 03:14 - 0294216 ____A C:\Users\Mihir\Downloads\gmer.zip
2012-05-30 03:11 - 2012-05-30 03:11 - 0022892 ____A C:\Users\Mihir\Desktop\DDS.txt
2012-05-29 10:58 - 2012-05-07 05:14 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-29 10:58 - 2012-04-05 03:58 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\Mozilla
2012-05-28 17:16 - 2012-05-28 17:16 - 0607260 ____R (Swearware) C:\Users\Mihir\Downloads\dds.com
2012-05-27 17:42 - 2011-07-29 18:44 - 0000000 ____D C:\Users\Mihir\Documents\2059 Suzanne
2012-05-27 17:12 - 2012-05-27 17:12 - 0147963 ____A C:\Users\Mihir\Downloads\hosts.zip
2012-05-27 17:12 - 2012-05-27 17:12 - 0000000 ____D C:\Users\Mihir\Downloads\hosts
2012-05-27 17:12 - 2009-07-13 18:34 - 0604003 ____A C:\Windows\System32\Drivers\etc\HOSTS
2012-05-27 17:07 - 2012-05-27 17:07 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\WinPatrol
2012-05-27 17:06 - 2012-05-27 17:06 - 0000000 ____D C:\Users\All Users\InstallMate
2012-05-27 17:06 - 2012-05-27 17:06 - 0000000 ____D C:\Program Files (x86)\BillP Studios
2012-05-27 17:05 - 2012-05-27 17:05 - 0854088 ____A (BillP Studios) C:\Users\Mihir\Downloads\wpsetup.exe
2012-05-27 16:17 - 2012-05-27 16:05 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-05-27 16:05 - 2012-05-27 16:05 - 0001083 ____A C:\Users\Mihir\Desktop\SpywareBlaster.lnk
2012-05-27 14:16 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-05-27 14:13 - 2012-05-27 13:57 - 0000000 ____D C:\Windows\ERDNT
2012-05-27 13:45 - 2012-05-27 13:43 - 0135948 ____A C:\TDSSKiller.2.7.37.0_27.05.2012_17.43.30_log.txt
2012-05-27 05:29 - 2010-07-15 13:33 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-27 05:17 - 2012-05-27 05:17 - 0000361 ____A C:\rkill.log
2012-05-26 12:31 - 2012-05-26 12:31 - 0000122 ____A C:\Users\Mihir\Desktop\techsupport forum.txt
2012-05-26 08:36 - 2012-02-24 14:22 - 0000000 ____D C:\Users\Mihir\AppData\Local\ElevatedDiagnostics
2012-05-26 08:19 - 2012-05-26 08:19 - 0000458 ____A C:\Users\Mihir\Desktop\script.zip
2012-05-25 17:31 - 2012-05-25 17:31 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\Malwarebytes
2012-05-25 17:31 - 2012-05-25 17:31 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-25 17:23 - 2012-05-25 17:22 - 0133986 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.22.19_log.txt
2012-05-25 17:21 - 2012-05-25 17:21 - 0004214 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.21.53_log.txt
2012-05-25 17:20 - 2012-05-25 17:14 - 0133986 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.14.55_log.txt
2012-05-25 17:14 - 2012-05-25 17:13 - 0133952 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.13.44_log.txt
2012-05-25 17:08 - 2012-05-25 17:04 - 0135490 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_21.04.38_log.txt
2012-05-25 17:07 - 2012-05-25 17:07 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-25 16:57 - 2012-05-25 16:57 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2012-05-25 16:57 - 2012-05-25 16:57 - 0000000 ____D C:\users\Administrator
2012-05-25 16:56 - 2012-05-25 16:25 - 0000000 ____D C:\sh4ldr
2012-05-25 16:25 - 2012-05-25 16:25 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-05-25 16:17 - 2012-05-25 16:17 - 0000000 ____D C:\Windows\pss
2012-05-25 16:01 - 2012-05-25 16:01 - 0522961 ____A C:\Users\Mihir\Desktop\Doc2.docx
2012-05-25 12:43 - 2011-06-07 10:22 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-24 16:27 - 2012-05-24 16:27 - 0476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-24 16:27 - 2012-05-24 16:27 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-24 16:27 - 2012-05-24 16:27 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-24 16:27 - 2012-05-24 16:27 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-24 16:27 - 2010-07-15 13:33 - 0472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-22 13:45 - 2012-05-22 13:23 - 0013796 ____A C:\Users\Mihir\Desktop\GAF Warranty.docx
2012-05-19 13:30 - 2011-06-07 10:22 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-19 06:02 - 2012-05-19 06:02 - 5681250 ____A C:\Users\Mihir\Desktop\BettyCrocker_BestofSpring2012.pdf
2012-05-19 05:23 - 2012-05-19 05:23 - 0163855 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation2.pdf
2012-05-19 05:23 - 2011-05-09 04:13 - 0000060 ____A C:\Windows\wpd99.drv
2012-05-19 05:23 - 2011-05-09 04:13 - 0000000 ____D C:\Users\All Users\pdf995
2012-05-19 05:20 - 2012-05-19 05:20 - 0172976 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation1.pdf
2012-05-19 05:16 - 2012-05-19 05:16 - 0151308 ____N C:\Users\Mihir\Desktop\Print - AAA Auto Club South- Maps & Tourbooks Online Order Confirmation.pdf
2012-05-19 05:01 - 2012-05-19 05:01 - 0001262 ____A C:\Users\Mihir\Desktop\Spybot - Search & Destroy.lnk
2012-05-19 04:59 - 2012-05-19 04:59 - 16409960 ____A (Safer Networking Limited ) C:\Users\Mihir\Downloads\spybotsd162.exe
2012-05-16 06:13 - 2011-06-21 15:32 - 0000000 ____D C:\Users\Mihir\AppData\Local\CrashDumps
2012-05-10 04:02 - 2009-07-13 20:45 - 0303856 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-09 20:20 - 2011-10-15 04:01 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 20:05 - 2010-07-15 13:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-08 19:27 - 2012-04-11 19:07 - 0000000 ___HD C:\Users\Mihir\Desktop\.picasaoriginals
2012-05-07 15:25 - 2012-05-07 05:32 - 0000000 ____D C:\Users\All Users\McAfee
2012-05-07 06:28 - 2012-05-07 06:26 - 0000000 ____D C:\Program Files\McAfee
2012-05-07 06:27 - 2012-05-07 06:27 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-05-07 06:27 - 2012-05-07 05:46 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-05-07 06:26 - 2012-05-07 06:26 - 0000000 ____D C:\Program Files\McAfee.com
2012-05-07 06:20 - 2010-09-20 17:19 - 0000000 ____D C:\Users\All Users\Norton
2012-05-07 06:14 - 2010-09-20 17:03 - 0009606 ____A C:\Windows\DPINST.LOG
2012-05-07 06:12 - 2012-05-07 06:12 - 1390640 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2012-05-07 06:12 - 2012-05-07 06:12 - 0400168 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0271144 ____A (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0215336 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0214312 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0173352 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0147752 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo4.dll
2012-05-07 06:12 - 2012-05-07 06:12 - 0107816 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2012-05-07 06:12 - 2009-09-06 16:40 - 0000000 ____D C:\SwSetup
2012-05-07 05:15 - 2012-05-07 05:15 - 0000000 ____D C:\Users\Mihir\AppData\Local\Mozilla
2012-05-07 05:14 - 2012-05-07 05:14 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-07 05:05 - 2012-05-07 05:05 - 16339280 ____A (Mozilla) C:\Users\Mihir\Downloads\Firefox Setup 12.0.exe
2012-04-29 07:07 - 2011-05-13 15:33 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\Skype
2012-04-27 14:22 - 2012-04-27 14:22 - 0193940 ____N C:\Users\Mihir\Desktop\Print - https www.cardstore.com checkout displayOrderConfirmation.pdf
2012-04-25 04:54 - 2012-04-25 04:54 - 0422729 ____A C:\Users\Mihir\Downloads\dwsup (10).pdf
2012-04-25 04:54 - 2012-04-25 04:54 - 0422726 ____A C:\Users\Mihir\Downloads\dwsup (9).pdf
2012-04-25 04:52 - 2012-04-25 04:52 - 0422726 ____A C:\Users\Mihir\Downloads\dwsup (8).pdf
2012-04-22 09:45 - 2012-04-22 09:45 - 0000403 ____A C:\Users\Mihir\Desktop\Pooja's diet.txt
2012-04-19 19:51 - 2012-04-14 18:46 - 0219648 ____A C:\Users\Mihir\Downloads\LEASE (1).doc
2012-04-17 11:10 - 2010-11-26 14:41 - 0068784 ____A C:\Users\Mihir\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-17 03:41 - 2012-04-17 03:41 - 0339555 ____A C:\Users\Mihir\Downloads\Dhond pport.pdf
2012-04-17 03:40 - 2012-04-17 03:40 - 0000110 ____A C:\Users\Mihir\Desktop\icici notes.txt
2012-04-16 17:59 - 2012-04-16 17:59 - 0000000 ____D C:\Users\Mihir\AppData\Roaming\Catalina Marketing Corp
2012-04-16 04:15 - 2012-04-16 04:15 - 0216176 ____A C:\Users\Mihir\Desktop\Dhond_Resume.pdf
2012-04-14 12:54 - 2012-04-09 19:34 - 0136192 ____A C:\Users\Mihir\Downloads\LEASE.doc
2012-04-12 20:42 - 2012-04-12 20:42 - 0260052 ____A C:\Users\Mihir\Desktop\Lease_2010-11-27_Mihir_Dhon_FP001222800.txt
2012-04-10 16:29 - 2012-04-10 16:29 - 0978560 ____A C:\Users\Mihir\Downloads\Lease_2010-11-27_Mihir_Dhon_FP001222800.pdf
2012-04-04 11:56 - 2012-06-05 15:45 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 22:05 - 2012-05-09 11:00 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 10:59 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 10:59 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 10:59 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:01 - 2012-03-29 12:54 - 0010618 ____A C:\Users\Mihir\Desktop\Jacob.xlsx
2012-03-30 03:35 - 2012-05-09 10:56 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 12:40 - 2012-03-29 12:40 - 0442861 ____N C:\Users\Mihir\Desktop\Print - 104 Tulip Tree Ct, Jupiter, FL 33458 to 104 Tulip Tree Ct, Jer, FL 33458 - Google Maps.pdf
2012-03-29 12:37 - 2012-03-29 12:37 - 0567325 ____N C:\Users\Mihir\Desktop\Print - 104 Tulip Tree Ct, Jupiter, FL 33458 to 104 Tulip Tree Ct, Jupiter, FL 33458 - Google Maps.pdf
2012-03-27 03:47 - 2012-03-25 08:35 - 0000000 ____D C:\Users\Mihir\Desktop\September
2012-03-27 00:47 - 2012-03-27 00:47 - 0029696 ____A C:\Users\Mihir\Downloads\app checklist.wiz
2012-03-26 11:49 - 2012-03-26 11:49 - 0021504 ____A C:\Users\Mihir\Downloads\aai-baba trip planning.xls
2012-03-24 14:24 - 2012-03-24 14:24 - 0151611 ____A C:\Users\Mihir\Downloads\Aai3.jpg
2012-03-24 14:24 - 2012-03-24 14:24 - 0138803 ____A C:\Users\Mihir\Downloads\Aai4 (1).jpg
2012-03-24 14:23 - 2012-03-24 14:23 - 0138803 ____A C:\Users\Mihir\Downloads\Aai4.jpg
2012-03-24 14:23 - 2012-03-24 14:23 - 0131710 ____A C:\Users\Mihir\Downloads\baba4.jpg
2012-03-24 14:22 - 2012-03-24 14:22 - 0127986 ____A C:\Users\Mihir\Downloads\baba3.jpg
2012-03-24 14:22 - 2012-03-24 14:22 - 0127986 ____A C:\Users\Mihir\Downloads\baba3 (1).jpg
2012-03-24 14:12 - 2012-03-24 14:12 - 0048128 ____A C:\Users\Mihir\Downloads\DHOND_SHEELA_MRS_E_TCK_ON_DL.doc
2012-03-24 14:11 - 2012-03-24 14:11 - 0048128 ____A C:\Users\Mihir\Downloads\DHOND_SADANAND_MR_E_TCK_ON_DL.doc
2012-03-24 13:59 - 2010-07-15 11:14 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-03-22 11:12 - 2012-03-22 11:12 - 4435968 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-03-20 09:11 - 2012-05-07 05:32 - 0162192 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-03-18 03:44 - 2011-05-11 05:48 - 0000000 ____D C:\Users\Mihir\AppData\Local\Windows Live
2012-03-16 23:58 - 2012-05-09 10:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 15:26 - 2012-03-15 15:26 - 0158229 ____A C:\Users\Mihir\Desktop\amx.jpg
2012-03-13 08:49 - 2012-03-13 08:49 - 0038609 ____N C:\Users\Mihir\Desktop\Print - my health & wellness center.pdf
2012-03-11 20:30 - 2011-11-16 12:03 - 0000000 ____D C:\Users\Mihir\Desktop\Receipts
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 17%
Total physical RAM: 3893.86 MB
Available physical RAM: 3197.3 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3185.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:216.59 GB) (Free:100.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:16 GB) (Free:2.31 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
4 Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.26 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:0.24 GB) (Free:0.18 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 248 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 216 GB 200 MB
Partition 3 Primary 15 GB 216 GB
Partition 4 Primary 103 MB 232 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 216 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 15 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 248 MB 16 KB
======================================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 248 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-01 16:27
======================= End Of Log ==========================
fido.sevenup is offline  
Old 06-07-2012, 06:45 PM   #17
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



Forgot to Add, I ran the FRST64 from my pen/flash drive as per instructions from last time.
fido.sevenup is offline  
Old 06-07-2012, 06:58 PM   #18
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi,

I don't see anything in the log that could be causing the redirects, so let's try the following:

Reset your Router:
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

NEXT


Please do the following:
  1. Click the Microsoft Start logo in the bottom left corner of the screen
  2. Click All Programs
  3. Click Accessories
  4. RIGHT-click on Command Prompt
  5. Select Run As Administrator
  6. In the command window type the following and then hit enter:

    ipconfig /flushdns

  7. You will see the following confirmation:

Quote:
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

Please advise in as much detail as possible any outstanding issues
CatByte is offline  
Old 06-08-2012, 06:15 PM   #19
Registered Member
 
Join Date: May 2012
Posts: 21
OS: Windows 7 Home Premium SP 1



We have AT&T UVerse internet, where the modem is wireless. Since we don't have a wireless router, I could only turn off the modem and turn it back on without actually resetting anything.

I followed your instructions about running IPConfig/FlushDNS, and also got the success message. Unfortunately, the redirect problem still remains. Attached is a screenshot of the redirection that occurred today, soon after completing all the steps.

I also tried rebooting the machine with no success.
Attached Files
File Type: doc mih.doc (247.0 KB, 63 views)
fido.sevenup is offline  
Old 06-08-2012, 07:11 PM   #20
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi,

Please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs
CatByte is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:22 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts