PUM hijack taskmanager,regedit,disabled securitycenter

[nobodyshaani]

Results of screen317's Security Check version 0.99.60

Windows 7 x64 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 25.0.1364.97

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3%

````````````````````End of Log``````````````````````

[Maurice Naggar]

Your system has an old version (also insecure) of Adobe Reader. You need to uninstall Adobe Reader.

Consider getting an alternate tool like Sumatra PDF as mentioned by Corrine on her Security Garden blog.

http://securitygarden.blogspot.com/2013/02/replacing-adobe-reader-with-sumatra-pdf.html

Task 2

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Task 3

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

• Turn OFF your antivirus program.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  
• If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
  
• Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
  
• You will see a screen similar to this:
  
  Click the checkbox to participate, and then click on Continue button.
  
• Next
  
  Click on Select onjects for scanning
  
• Next
  
  Put a checkmark by clicking on the boxes as shown.
  Do not select Temporary files or System Restore points.
  Then click on Start scanning button
  
• The scan in progress will be shown like this
  
  
• IF something is detected, you will see a screen similar to this
  
  For each item "detected", click on the Action column down arrow, like this
  
  Your options will be Cure or Ignore
  IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
  Typically, you will keep the Cute default.
  Then click on the Neutralize button.
  
• When the actions are completed, you will see this
  
  
• Click on the green Open Report line. It will pop-up the report in NOTEPAD.
  Save the report to your desktop. The report will be called Cureit.log
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, attach the log Cureit.log you saved previously in your next reply.
  

Re-Enable your antivirus program when all done.

[nobodyshaani]

McAfee® Labs Stinger Version 10.2.0.1015 built on Mar 8 2013

Copyright © 2012 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Mar 8 2013.

Ready to scan for 6172 viruses, trojans and variants.

Scan initiated on Mon Mar 11 10:30:35 2013

Rootkit scan result : Not Scanned

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................3

Possibly Infected: ............0

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

Found the W32/Sality.gen.e virus !!!

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe is infected with the W32/Sality.gen.e virus !!!

C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.135\GOOGLECRASHHANDLER.EXE

Found the W32/Sality.gen.e virus !!!

C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.135\GOOGLECRASHHANDLER.EXE is infected with the W32/Sality.gen.e virus !!!

C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.135\GOOGLEUPDATEBROKER.EXE

Found the W32/Sality.gen.e virus !!!

C:\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.21.135\GOOGLEUPDATEBROKER.EXE is infected with the W32/Sality.gen.e virus !!!

C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\MBAM-CHAMELEON.EXE

Found the W32/Sality.gen.e virus !!!

C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\MBAM-CHAMELEON.EXE is infected with the W32/Sality.gen.e virus !!!

C:\Users\parushaa\DESKTOP\Scheck.exe\NIRCMDC.EXE

Found the Artemis!9CB3A3808880 trojan !!!

C:\Users\parushaa\DESKTOP\Scheck.exe\NIRCMDC.EXE is infected with the Artemis!9CB3A3808880 virus !!!

Number of clean files: 14233

Number of infected files: 5

Number of files renamed: 5

[Maurice Naggar]

Hello,

I am also looking for the result log from DrWeb Cure-It ! Have you run it ?

If not, please do so right away, and copy> paste the Cureit.log afterwards for my review.

[nobodyshaani]

thing is that i ran drweb cure it,, i reboot the computer and forgot to open log, and save it , but i let it cure the .exe files ,, and did the scan again , and pasting the log file it created second time,,,

[Maurice Naggar]

Please take your time as you do all this. Read all of the directions first. If you have a question, stop and ask.

As much as possible, I really need logs from this.

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

  Look at contents of this file using Notepad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://go.eset.com/us/online-scanner/faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break
    

Re-enable the antivirus program.

Reply with copy of the Eset scan log

[nobodyshaani]

1. cure it. log is too big to copy and paste into a reply , even would'nt fit into many replies... how can i attatch the file , i couldnt find the attatch button , in the meantime i will do the next steps you have told me to do ,,,
   

[nobodyshaani]

when i go to eset online scanner , i click on the "run eset online scanner " a pop up window opens,, and thn i accepted the terms, the next page doest show anything,.. what might be the problem ,, is active x or flash player missing,, youtube and other video links works fine on internet explorer..

[Maurice Naggar]

1. cure it. log is too big to copy and paste into a reply , even would'nt fit into many replies... how can i attatch the file , i couldnt find the attatch button , in the meantime i will do the next steps you have told me to do ,,,

In order to attach files you click on the button on the bottom right of your reply called "More Reply Options".

After you will be taken to a new screen and you can attach files by clicking on the button "Choose Files" at the bottom.

when i go to eset online scanner , i click on the "run eset online scanner " a pop up window opens,, and thn i accepted the terms, the next page doest show anything,.. what might be the problem ,, is active x or flash player missing,, youtube and other video links works fine on internet explorer..

Start Internet Explorer.

On the Tools menu, click Internet Options.

On the Advanced tab, click Reset.

In the Reset Internet Explorer Settings dialog box, click Reset to confirm.

Next,

Try ESET one more time. Go slow and deliberate. Make sure to follow the prompts carefully, and accept the terms as prompted.

[Maurice Naggar]

How is it going? Any progress ?

[nobodyshaani]

cureit.log

[nobodyshaani]

when ever ESET online scanner starts, i Accept the Terms of Use and press Start button; Enable (check) the Remove found threats option, and run the scan. iwhile it downloads virus signature database

another window opens , showing message that "online cmdlinescanner.exe has stopped working, windows is looking for the solution to the problem, i resarted the computer but its still there ,

thn after some time scan shows unexpected error 101

[nobodyshaani]

and sorry for the late replies,, i am an independent filmaker,, i am shooting these days, and i need my computer to edit my movie,, and the virus is still thre and i am afraid it might start erasing my files..how much more time do you think this virus might take to leave? because i have reinstalled windows , its still there ,, and we are doing all these steps,, but its still there ,, my work is getting late and i dont have any other computer to work on.

[Maurice Naggar]

Do you mean that you wiped the system and then installed Windows fresh ---- yesterday?

Yes / no ?

If so, why did you not check with me first?

If you ran MBAM and it tagged anything, I need a copy of the MBAM scan log

I am really surprised by this. We had been doing fairly well before this. Plus DrWeb Cure-It did not detect any infection.

If you want me to continue to help you, I need a fresh set of reports from DDS

Download DDS and save it to your desktop from http://download.blee...om/sUBs/dds.com here

or http://download.blee...om/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

On Vista/ Windows 7/ Windows 8 do a RIGHT-click on dds and select Run As Administrator

On Windows XP double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

• When done, DDS will open two (2) logs:
  
• DDS.txt
  
• Attach.txt
  
• Save both reports to your desktop.
  

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

[nobodyshaani]

no i didnt installed windows yesterday , i meant i did that after i realised i couldnt delete this virus , a month ago before we started talking

[nobodyshaani]

trying to run ESET online scanner , but it is showing the same error

[Maurice Naggar]

Let's forget the ESET online scan.

If you ran MBAM and it tagged anything, I need a copy of the -last- MBAM scan log

I need a fresh set of reports from DDS

Download DDS and save it to your desktop from http://download.blee...om/sUBs/dds.com here

or http://download.blee...om/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

On Vista/ Windows 7/ Windows 8 do a RIGHT-click on dds and select Run As Administrator

On Windows XP double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

• When done, DDS will open two (2) logs:
  
• DDS.txt
  
• Attach.txt
  
• Save both reports to your desktop.
  

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

[nobodyshaani]

why do you need fresh DDS and attach text files? i didnt install window . it was before we started talking,,, read my comment on second page

[Maurice Naggar]

I'd like to review a fresh set of DDS logs. That gives a current view of the situation.

Or, do you feel that your issue if fully resolved? Do you still need my help?

[nobodyshaani]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 2/26/2013 5:48:42 AM

System Uptime: 3/18/2013 1:08:27 PM (6 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 790GX-G65 (MS-7576)

Processor: AMD Phenom II X4 965 Processor | CPU1 | 3400/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 98 GiB total, 64.731 GiB free.

D: is FIXED (NTFS) - 181 GiB total, 13.735 GiB free.

E: is FIXED (NTFS) - 187 GiB total, 14.866 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP9: 3/8/2013 10:04:11 AM - OTL Restore Point - 3/8/2013 10:04:10 AM

RP10: 3/9/2013 7:27:39 PM - Removed Adobe Reader 9.2.

RP11: 3/14/2013 11:32:21 PM - Windows Update

RP12: 3/16/2013 12:06:06 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Creative Suite 5 Master Collection

Adobe Flash Player (IE) Packages

Adobe Flash Player 11 ActiveX

Any Video Converter Professional 3.5.8

ATI AVIVO64 Codecs

ATI Catalyst Install Manager

BrowserProtect

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

DealPly

DealPly (remove only)

Delta Chrome Toolbar

Delta toolbar

ERUNT 1.1j

ESET Online Scanner v3

Facebook Video Calling 1.2.0.287

Google Chrome

Google Update Helper

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Picasa 3

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

tuto4pc_pt_14

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 1.0.3

WinRAR archiver

Yontoo 2.04.1

.

==== Event Viewer Messages From Past Week ========

.

3/17/2013 2:52:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

3/16/2013 9:54:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.

3/16/2013 9:51:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

3/13/2013 6:46:38 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

3/13/2013 10:41:02 AM, Error: Service Control Manager [7031] - The BrowserProtect service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

3/11/2013 9:48:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

3/11/2013 9:48:36 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/11/2013 9:46:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.

3/11/2013 9:46:35 AM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/11/2013 9:46:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

3/11/2013 9:46:20 AM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

[nobodyshaani]

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470

Run by parushaa at 19:12:05 on 2013-03-18

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.5887.4318 [GMT 5.5:30]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Windows\system32\taskhost.exe

C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Users\parushaa\AppData\Local\tuto4pc_pt_14\upt4pc_pt_14.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Users\parushaa\AppData\Roaming\Yontoo\YontooDesktop.exe

C:\Program Files (x86)\tuto4pc_pt_14\tuto4pc_pt_14.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearch Bar = Preserve

uSearch Page = hxxp://www.Google.com/

mStart Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit = userinit.exe,

BHO: E-Zsoft VideoDownloaderToolBar: {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\Versalsoft\InternetDownload\VDTB.dll

BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll

BHO: DealPly: {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

TB: E-Zsoft VideoDownloaderToolBar: {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files (x86)\Versalsoft\InternetDownload\VDTB.dll

TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll

uRun: [Yontoo Desktop] "C:\Users\parushaa\AppData\Roaming\Yontoo\YontooDesktop.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [internetDownload_upgrade] "C:\Program Files (x86)\Versalsoft\InternetDownload\InternetDownload.exe" /upgrade

mRun: [tuto4pc_pt_14] "C:\Program Files (x86)\tuto4pc_pt_14\tuto4pc_pt_14.exe"

mRunOnce: [upt4pc_pt_14.exe] C:\Users\parushaa\AppData\Local\tuto4pc_pt_14\upt4pc_pt_14.exe -runonce

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-System: DisableTaskMgr = dword:1

uPolicies-System: DisableRegistryTools = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: DisableTaskMgr = dword:1

mPolicies-System: DisableRegistryTools = dword:1

TCP: Interfaces\{B393CEF6-5134-4D0F-8C31-8E1FEF51F577} : NameServer = 218.248.255.196 218.248.245.5

AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCzzyBzz0A0AzzyBtD0AyDtN0D0Tzu0CyEtAzytN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1358372692&ir=

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-18 202752]

R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-3-13 2561488]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-3-13 23552]

R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-25 24176]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-27 1255736]

.

=============== Created Last 30 ================

.

2013-03-18 05:28:43 -------- d-----w- C:\Users\parushaa\AppData\Local\eorezo

2013-03-14 16:03:32 -------- d-----w- C:\Users\parushaa\AppData\Roaming\DealPly

2013-03-14 16:03:21 -------- d-----w- C:\Program Files (x86)\DealPly

2013-03-14 15:45:33 -------- d-----w- C:\Users\parushaa\AppData\Local\tuto4pc_pt_14

2013-03-14 15:45:33 -------- d-----w- C:\Program Files (x86)\tuto4pc_pt_14

2013-03-14 15:45:12 -------- d-----w- C:\Users\parushaa\AppData\Roaming\Funmoods

2013-03-14 06:37:24 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-13 16:21:18 -------- d-----w- C:\Users\parushaa\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C

2013-03-13 10:05:09 -------- d-----w- C:\Program Files (x86)\ESET

2013-03-13 05:18:22 -------- d-----w- C:\Users\parushaa\AppData\Local\Downloaded Installations

2013-03-13 05:10:57 -------- d-----w- C:\Users\parushaa\AppData\Roaming\Yontoo

2013-03-13 05:10:57 -------- d-----w- C:\Program Files (x86)\Yontoo

2013-03-13 05:10:27 -------- d-----w- C:\ProgramData\Tarma Installer

2013-03-13 03:27:50 -------- d-----w- C:\Windows\SysWow64\searchplugins

2013-03-13 03:27:50 -------- d-----w- C:\Windows\SysWow64\Extensions

2013-03-13 03:27:47 -------- d-----w- C:\ProgramData\BrowserProtect

2013-03-13 03:26:58 -------- d-----w- C:\Users\parushaa\AppData\Roaming\BabSolution

2013-03-13 03:24:45 -------- d-----w- C:\Program Files (x86)\Delta

2013-03-13 03:24:44 -------- d-----w- C:\Users\parushaa\AppData\Roaming\Delta

2013-03-13 03:22:13 -------- d-----w- C:\Users\parushaa\AppData\Roaming\Babylon

2013-03-13 03:22:13 -------- d-----w- C:\ProgramData\Babylon

2013-03-13 03:10:46 -------- d-----w- C:\Versalsoft

2013-03-13 03:10:40 -------- d-----w- C:\Program Files (x86)\Versalsoft

2013-03-13 03:10:38 -------- d-----w- C:\Program Files\Universal

2013-03-11 06:25:57 -------- d-----w- C:\Users\parushaa\Doctor Web

2013-03-11 05:00:39 16200 ----a-w- C:\Windows\stinger.sys

2013-03-11 04:59:23 -------- d-----w- C:\Program Files (x86)\stinger

2013-03-09 13:58:04 -------- d-----w- C:\Windows\System32\appmgmt

2013-03-08 04:33:33 -------- d-----w- C:\_OTL

2013-03-05 07:16:43 -------- d-----w- C:\Users\parushaa\AppData\Roaming\AnvSoft

2013-03-05 07:16:18 -------- d-----w- C:\Program Files (x86)\AnvSoft

2013-03-04 07:31:36 -------- d-----w- C:\Users\parushaa\AppData\Local\Facebook

2013-03-03 19:02:44 -------- d-----w- C:\FRST

2013-03-03 05:39:05 -------- d-----w- C:\Windows\ERUNT

2013-03-03 05:39:00 -------- d-----w- C:\JRT

2013-03-01 08:44:13 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{17BBC81F-CE17-4328-917C-343834B8AA66}\mpengine.dll

2013-02-27 17:19:32 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-27 17:19:32 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-27 13:33:53 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-27 13:33:53 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-27 05:29:21 1135104 ----a-w- C:\Windows\System32\FntCache.dll

2013-02-27 04:27:05 -------- d-----w- C:\Windows\SysWow64\Wat

2013-02-27 04:27:05 -------- d-----w- C:\Windows\System32\Wat

2013-02-27 04:05:19 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2013-02-27 04:05:19 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2013-02-27 03:52:39 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-02-27 03:52:39 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-02-27 03:52:39 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-02-27 03:52:39 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-02-27 03:47:28 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2013-02-27 03:47:28 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2013-02-27 03:47:28 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2013-02-27 03:47:28 444752 ----a-w- C:\Windows\System32\mscoree.dll

2013-02-27 03:47:28 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2013-02-27 03:47:28 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2013-02-27 03:47:28 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2013-02-27 03:47:28 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2013-02-27 03:47:28 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2013-02-27 03:47:28 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2013-02-27 03:39:35 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-02-27 03:39:35 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-02-27 03:39:35 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-02-27 03:39:35 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-02-27 03:38:58 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-02-27 03:38:58 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-02-27 03:38:58 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-02-27 03:38:58 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-02-27 03:38:58 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-02-27 03:38:58 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-02-27 03:38:58 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-02-27 03:36:21 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2013-02-27 03:36:21 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-02-27 03:36:21 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-02-27 03:36:21 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-02-27 03:36:21 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-02-27 03:34:44 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2013-02-27 03:34:44 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2013-02-26 17:00:26 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-02-26 17:00:19 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-26 17:00:18 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-26 17:00:18 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-26 16:58:01 142336 ----a-w- C:\Windows\System32\poqexec.exe

2013-02-26 16:58:01 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2013-02-26 16:57:55 2870272 ----a-w- C:\Windows\explorer.exe

2013-02-26 16:57:54 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe

2013-02-26 16:57:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-02-26 16:57:52 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-02-26 16:57:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2013-02-26 16:57:43 850432 ----a-w- C:\Windows\SysWow64\sbe.dll

2013-02-26 16:57:43 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2013-02-26 16:57:43 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2013-02-26 16:57:43 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2013-02-26 16:57:43 1118720 ----a-w- C:\Windows\System32\sbe.dll

2013-02-26 16:57:38 148992 ----a-w- C:\Windows\System32\t2embed.dll

2013-02-26 16:57:38 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2013-02-26 16:50:35 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2013-02-26 16:50:35 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2013-02-26 16:50:34 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2013-02-26 16:50:34 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2013-02-26 16:50:34 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2013-02-26 16:50:29 395776 ----a-w- C:\Windows\System32\webio.dll

2013-02-26 16:50:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll

2013-02-26 16:50:19 3150848 ----a-w- C:\Windows\System32\win32k.sys

2013-02-26 16:45:41 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll

2013-02-26 16:45:41 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll

2013-02-26 16:45:40 552960 ----a-w- C:\Windows\System32\msdri.dll

2013-02-26 16:44:33 515584 ----a-w- C:\Windows\System32\timedate.cpl

2013-02-26 16:44:33 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl

2013-02-26 16:44:33 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-02-26 16:44:32 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-02-26 16:44:32 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-02-26 16:41:45 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-02-26 16:41:45 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-02-26 16:41:23 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2013-02-26 16:41:23 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2013-02-26 16:41:23 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2013-02-26 16:41:23 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2013-02-26 16:38:55 4068864 ----a-w- C:\Windows\System32\mf.dll

2013-02-26 16:37:26 2001408 ----a-w- C:\Windows\System32\msxml6.dll

2013-02-26 16:37:26 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2013-02-26 16:37:26 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-02-26 16:37:26 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-02-26 16:37:08 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2013-02-26 16:37:06 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2013-02-26 16:37:05 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-02-26 16:37:03 208896 ----a-w- C:\Windows\System32\profsvc.dll

2013-02-26 16:37:01 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2013-02-26 16:37:01 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2013-02-26 16:37:01 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2013-02-26 16:36:24 478208 ----a-w- C:\Windows\System32\dpnet.dll

2013-02-26 16:36:24 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2013-02-26 16:36:23 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2013-02-26 16:36:23 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-02-26 16:36:23 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-02-26 16:36:23 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2013-02-26 16:36:22 220160 ----a-w- C:\Windows\System32\wintrust.dll

2013-02-26 16:36:22 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-02-26 16:32:57 295792 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2013-02-26 16:31:28 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe

2013-02-26 16:31:28 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe

2013-02-26 16:31:28 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll

2013-02-26 16:31:27 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-02-26 16:31:26 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2013-02-26 16:31:24 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-02-26 16:31:22 714752 ----a-w- C:\Windows\System32\kerberos.dll

2013-02-26 16:31:22 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2013-02-26 16:28:10 3213824 ----a-w- C:\Windows\System32\msi.dll

2013-02-26 16:28:10 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2013-02-26 16:20:28 95744 ----a-w- C:\Windows\System32\synceng.dll

2013-02-26 16:20:28 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2013-02-26 16:20:26 640896 ----a-w- C:\Windows\System32\winload.efi

2013-02-26 16:20:26 603976 ----a-w- C:\Windows\System32\winload.exe

2013-02-26 16:20:26 556928 ----a-w- C:\Windows\System32\winresume.efi

2013-02-26 16:20:26 518160 ----a-w- C:\Windows\System32\winresume.exe

2013-02-26 16:20:26 20352 ----a-w- C:\Windows\System32\kdusb.dll

2013-02-26 16:20:26 19328 ----a-w- C:\Windows\System32\kd1394.dll

2013-02-26 16:20:26 17792 ----a-w- C:\Windows\System32\kdcom.dll

2013-02-26 16:20:09 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2013-02-26 16:20:09 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2013-02-26 16:14:59 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-02-26 16:13:44 956416 ----a-w- C:\Windows\System32\localspl.dll

2013-02-26 16:13:39 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2013-02-26 16:13:34 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2013-02-26 16:13:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2013-02-26 16:13:33 331776 ----a-w- C:\Windows\System32\oleacc.dll

2013-02-26 16:13:33 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2013-02-26 16:13:25 723456 ----a-w- C:\Windows\System32\EncDec.dll

2013-02-26 16:13:25 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2013-02-26 16:13:11 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2013-02-26 16:13:10 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-02-26 16:13:10 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2013-02-26 16:13:10 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2013-02-26 16:13:10 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-02-26 16:12:38 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2013-02-26 16:12:38 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2013-02-26 16:11:57 720896 ----a-w- C:\Windows\System32\odbc32.dll

2013-02-26 16:11:57 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2013-02-26 16:11:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2013-02-26 16:11:57 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2013-02-26 16:11:57 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2013-02-26 16:11:57 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2013-02-26 16:11:57 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2013-02-26 16:11:57 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2013-02-26 16:11:28 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2013-02-26 16:11:28 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-02-26 16:10:56 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2013-02-26 16:10:56 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2013-02-26 16:10:45 67584 ----a-w- C:\Windows\splwow64.exe

2013-02-26 16:10:45 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2013-02-26 16:08:35 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-02-26 16:08:35 1462784 ----a-w- C:\Windows\System32\crypt32.dll

2013-02-26 16:08:35 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2013-02-26 16:08:35 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-02-26 16:08:35 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-02-26 16:08:35 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-02-26 16:08:29 77312 ----a-w- C:\Windows\System32\packager.dll

2013-02-26 16:08:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-02-26 15:45:45 139264 ----a-w- C:\Windows\System32\cabview.dll

2013-02-26 15:45:45 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2013-02-26 15:45:38 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-02-26 15:45:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-02-26 15:45:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-02-26 15:34:03 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-02-26 15:33:58 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-02-26 15:33:54 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-02-26 15:33:54 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2013-02-26 00:18:04 0 ----a-w- C:\Windows\ativpsrm.bin

2013-02-26 00:16:02 -------- d-sh--w- C:\Boot

2013-02-25 14:22:29 -------- d-----w- C:\Users\parushaa\AppData\Local\Deployment

2013-02-25 14:22:29 -------- d-----w- C:\Users\parushaa\AppData\Local\Apps

2013-02-25 12:59:24 -------- d-----w- C:\Users\parushaa\AppData\Roaming\Malwarebytes

2013-02-25 12:59:22 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-25 12:59:22 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-25 12:59:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-25 12:59:14 -------- d-----w- C:\Users\parushaa\AppData\Local\Programs

2013-02-25 11:18:57 -------- d-----w- C:\Users\parushaa\AppData\Local\Adobe

2013-02-25 11:14:19 -------- d-----w- C:\Users\parushaa\AppData\Local\Google

2013-02-25 11:13:22 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-02-25 11:10:03 -------- d-----w- C:\Users\parushaa\AppData\Local\ATI

2013-02-25 11:07:11 16440 ----a-w- C:\Windows\System32\drivers\AtiPcie.sys

2013-02-25 11:07:10 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-02-25 11:07:06 121872 ----a-w- C:\Windows\System32\drivers\AtiHdmi.sys

2013-02-25 11:06:59 446464 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2013-02-25 11:06:49 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2013-02-25 11:06:32 -------- d-sh--w- C:\Windows\Installer

2013-02-25 11:05:59 -------- d-----w- C:\Program Files\ATI Technologies

2013-02-25 11:05:46 -------- d-----w- C:\Program Files\ATI

2013-02-25 11:03:58 -------- d--h--w- C:\Program Files (x86)\Temp

2013-02-25 11:03:57 831488 ------r- C:\Windows\RtlExUpd.dll

2013-02-25 11:03:56 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2013-02-25 11:03:56 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2013-02-25 11:03:56 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2013-02-25 11:03:56 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2013-02-25 11:03:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2013-02-25 11:03:56 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2013-02-25 11:03:56 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2013-02-25 11:03:55 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2013-02-25 11:03:55 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2013-02-25 10:57:25 -------- d-sh--we C:\Documents and Settings

2013-02-25 10:57:25 -------- d-sh--w- C:\Recovery

.

==================== Find3M ====================

.

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-16 19:58:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-04 05:41:01 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-04 05:40:54 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll

2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll

2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2013-01-04 05:30:34 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2013-01-04 05:27:03 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 19:12:38.79 ===============</orphaned></orphaned>

[Maurice Naggar]

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Choose one of them.

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

There will be more to do as the log still shows some odd settings.

But with the new Antivirus, I highly urge you to Start it.

Do an Update run.

Then do a FULL system scan.

Tell me the result. Do not do any "typical" use of your system until I give the all clear.

[nobodyshaani]

Avira Free Antivirus

Report file date: Wednesday, March 20, 2013 09:20

The program is running as an unrestricted full version.

Online services are available.

Licensee : Avira Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 Ultimate

Windows version : (plain) [6.1.7600]

Boot mode : Normally booted

Username : parushaa

Computer name : PARUSHAA-PC

Version information:

BUILD.DAT : 13.0.0.3185 47702 Bytes 1/30/2013 10:13:00

AVSCAN.EXE : 13.6.0.584 640224 Bytes 3/20/2013 03:32:15

AVSCANRC.DLL : 13.4.0.360 54560 Bytes 3/20/2013 03:32:17

LUKE.DLL : 13.6.0.602 67808 Bytes 3/20/2013 03:36:15

AVSCPLR.DLL : 13.6.0.986 94944 Bytes 3/20/2013 03:41:28

AVREG.DLL : 13.6.0.940 250592 Bytes 3/20/2013 03:41:24

avlode.dll : 13.6.2.624 434912 Bytes 3/20/2013 03:41:36

avlode.rdf : 13.0.0.38 15231 Bytes 3/20/2013 03:41:30

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 03:08:53

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 03:12:35

VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 03:16:34

VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 03:17:47

VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 03:18:59

VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 03:20:07

VBASE006.VDF : 7.11.41.250 4902400 Bytes 9/6/2012 03:21:28

VBASE007.VDF : 7.11.50.230 3904512 Bytes 11/22/2012 03:22:35

VBASE008.VDF : 7.11.60.10 6627328 Bytes 2/7/2013 03:24:31

VBASE009.VDF : 7.11.60.11 2048 Bytes 2/7/2013 03:24:31

VBASE010.VDF : 7.11.60.12 2048 Bytes 2/7/2013 03:24:32

VBASE011.VDF : 7.11.60.13 2048 Bytes 2/7/2013 03:24:32

VBASE012.VDF : 7.11.60.14 2048 Bytes 2/7/2013 03:24:32

VBASE013.VDF : 7.11.60.62 351232 Bytes 2/8/2013 03:24:39

VBASE014.VDF : 7.11.60.115 190976 Bytes 2/9/2013 03:24:43

VBASE015.VDF : 7.11.60.177 282624 Bytes 2/11/2013 03:24:50

VBASE016.VDF : 7.11.60.249 215552 Bytes 2/13/2013 03:24:54

VBASE017.VDF : 7.11.61.65 151040 Bytes 2/15/2013 03:24:57

VBASE018.VDF : 7.11.61.135 159232 Bytes 2/18/2013 03:25:01

VBASE019.VDF : 7.11.61.163 152064 Bytes 2/18/2013 03:25:05

VBASE020.VDF : 7.11.61.207 164352 Bytes 2/19/2013 03:25:11

VBASE021.VDF : 7.11.62.43 206336 Bytes 2/21/2013 03:25:18

VBASE022.VDF : 7.11.64.106 1510912 Bytes 3/11/2013 03:25:40

VBASE023.VDF : 7.11.64.157 137216 Bytes 3/12/2013 03:25:43

VBASE024.VDF : 7.11.64.233 159744 Bytes 3/14/2013 03:25:47

VBASE025.VDF : 7.11.65.19 143360 Bytes 3/15/2013 03:25:50

VBASE026.VDF : 7.11.65.63 150528 Bytes 3/17/2013 03:25:53

VBASE027.VDF : 7.11.65.107 162816 Bytes 3/19/2013 03:25:58

VBASE028.VDF : 7.11.65.108 2048 Bytes 3/19/2013 03:25:59

VBASE029.VDF : 7.11.65.109 2048 Bytes 3/19/2013 03:25:59

VBASE030.VDF : 7.11.65.110 2048 Bytes 3/19/2013 03:25:59

VBASE031.VDF : 7.11.65.130 19968 Bytes 3/19/2013 03:26:01

Engine version : 8.2.12.16

AEVDF.DLL : 8.1.2.10 102772 Bytes 3/20/2013 03:27:50

AESCRIPT.DLL : 8.1.4.98 475516 Bytes 3/20/2013 03:27:48

AESCN.DLL : 8.1.10.0 131445 Bytes 3/20/2013 03:27:41

AESBX.DLL : 8.2.5.12 606578 Bytes 3/20/2013 03:27:55

AERDL.DLL : 8.2.0.88 643444 Bytes 3/20/2013 03:27:38

AEPACK.DLL : 8.3.2.2 827767 Bytes 3/20/2013 03:27:30

AEOFFICE.DLL : 8.1.2.56 205180 Bytes 3/20/2013 03:27:21

AEHEUR.DLL : 8.1.4.248 5804409 Bytes 3/20/2013 03:27:19

AEHELP.DLL : 8.1.25.2 258423 Bytes 3/20/2013 03:26:27

AEGEN.DLL : 8.1.6.16 434549 Bytes 3/20/2013 03:26:24

AEEXP.DLL : 8.4.0.12 192886 Bytes 3/20/2013 03:27:58

AEEMU.DLL : 8.1.3.2 393587 Bytes 3/20/2013 03:26:18

AECORE.DLL : 8.1.31.2 201080 Bytes 3/20/2013 03:26:14

AEBB.DLL : 8.1.1.4 53619 Bytes 3/20/2013 03:26:11

AVWINLL.DLL : 13.6.0.480 26480 Bytes 3/20/2013 03:02:34

AVPREF.DLL : 13.6.0.480 51056 Bytes 3/20/2013 03:32:08

AVREP.DLL : 13.6.0.480 178544 Bytes 3/20/2013 03:41:27

AVARKT.DLL : 13.6.0.624 260832 Bytes 3/20/2013 03:31:09

AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 3/20/2013 03:31:40

SQLITE3.DLL : 3.7.0.1 397704 Bytes 3/20/2013 03:38:43

AVSMTP.DLL : 13.6.0.480 62832 Bytes 3/20/2013 03:32:32

NETNT.DLL : 13.6.0.480 16240 Bytes 3/20/2013 03:37:18

RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 3/20/2013 03:02:50

RCTEXT.DLL : 13.6.0.480 66928 Bytes 3/20/2013 03:02:52

Configuration settings for the scan:

Jobname.............................: Quick system scan

Configuration file..................: c:\program files (x86)\avira\antivir desktop\quicksysscan.avp

Reporting...........................: default

Primary action......................: Interactive

Secondary action....................: Ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Limit recursion depth...............: 20

Smart extensions....................: on

Macrovirus heuristic................: on

File heuristic......................: extended

Start of the scan: Wednesday, March 20, 2013 09:20

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

The scan of running processes will be started:

Scan process 'svchost.exe' - '52' Module(s) have been scanned

Scan process 'svchost.exe' - '36' Module(s) have been scanned

Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned

Scan process 'svchost.exe' - '77' Module(s) have been scanned

Scan process 'svchost.exe' - '89' Module(s) have been scanned

Scan process 'svchost.exe' - '170' Module(s) have been scanned

Scan process 'UMVPFSrv.exe' - '34' Module(s) have been scanned

Scan process 'svchost.exe' - '84' Module(s) have been scanned

Scan process 'atieclxx.exe' - '30' Module(s) have been scanned

Scan process 'svchost.exe' - '87' Module(s) have been scanned

Scan process 'spoolsv.exe' - '77' Module(s) have been scanned

Scan process 'svchost.exe' - '60' Module(s) have been scanned

Scan process 'BrowserProtect.exe' - '36' Module(s) have been scanned

Scan process 'taskhost.exe' - '52' Module(s) have been scanned

Scan process 'schtasks.exe' - '32' Module(s) have been scanned

Scan process 'conhost.exe' - '14' Module(s) have been scanned

Scan process 'BrowserProtect.exe' - '54' Module(s) have been scanned

Scan process 'sppsvc.exe' - '27' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'Y2Desktop.Updater.exe' - '53' Module(s) have been scanned

Scan process 'rundll32.exe' - '28' Module(s) have been scanned

Scan process 'Dwm.exe' - '32' Module(s) have been scanned

Scan process 'Explorer.EXE' - '185' Module(s) have been scanned

Scan process 'upt4pc_pt_14.exe' - '56' Module(s) have been scanned

Scan process 'RAVCpl64.exe' - '42' Module(s) have been scanned

Scan process 'YontooDesktop.exe' - '103' Module(s) have been scanned

Scan process 'tuto4pc_pt_14.exe' - '51' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned

Scan process 'iexplore.exe' - '115' Module(s) have been scanned

Scan process 'iexplore.exe' - '115' Module(s) have been scanned

Scan process 'svchost.exe' - '49' Module(s) have been scanned

Scan process 'iexplore.exe' - '113' Module(s) have been scanned

Scan process 'wuauclt.exe' - '36' Module(s) have been scanned

Scan process 'wmplayer.exe' - '118' Module(s) have been scanned

Scan process 'avira_free_antivirus.exe' - '44' Module(s) have been scanned

Scan process 'avwebloader.exe' - '78' Module(s) have been scanned

Scan process 'presetup.exe' - '45' Module(s) have been scanned

Scan process 'setup.exe' - '101' Module(s) have been scanned

Scan process 'msiexec.exe' - '46' Module(s) have been scanned

Scan process 'Updater.exe' - '63' Module(s) have been scanned

Scan process 'SearchProtocolHost.exe' - '43' Module(s) have been scanned

Scan process 'SearchFilterHost.exe' - '28' Module(s) have been scanned

Scan process 'avguard.exe' - '98' Module(s) have been scanned

Scan process 'avshadow.exe' - '20' Module(s) have been scanned

Scan process 'sched.exe' - '45' Module(s) have been scanned

Scan process 'AVWEBGRD.EXE' - '66' Module(s) have been scanned

Scan process 'avgnt.exe' - '81' Module(s) have been scanned

Scan process 'avconfig.exe' - '75' Module(s) have been scanned

Scan process 'avcenter.exe' - '68' Module(s) have been scanned

Scan process 'avscan.exe' - '105' Module(s) have been scanned

Scan process 'SearchProtocolHost.exe' - '39' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Scan process 'csrss.exe' - '18' Module(s) have been scanned

Scan process 'wininit.exe' - '26' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'services.exe' - '33' Module(s) have been scanned

Scan process 'lsass.exe' - '62' Module(s) have been scanned

Scan process 'lsm.exe' - '16' Module(s) have been scanned

Scan process 'winlogon.exe' - '31' Module(s) have been scanned

Starting to scan executable files (registry):

C:\Program Files (x86)\Versalsoft\InternetDownload\InternetDownload.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\DealPly\uninst.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Versalsoft\InternetDownload\Uninstall.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Versalsoft\InternetDownload\FLVPlayer.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Adobe\Adobe Utilities - CS5\ExtendScript Toolkit CS5\ExtendScript Toolkit.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Adobe\Adobe Extension Manager CS5\Adobe Extension Manager CS5.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Adobe\Adobe Utilities - CS5\Pixel Bender Toolkit 2\Pixel Bender Toolkit.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\AnvSoft\Any Video Converter Professional\VideoConvPro.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\AnvSoft\Any Video Converter Professional\unins000.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\ERUNT\ERUNT.EXE

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\ERUNT\NTREGOPT.EXE

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\ERUNT\unins000.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\Silverlight.Configuration.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\Google\Picasa3\Uninstall.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files (x86)\tuto4pc_pt_14\Tuto4PC_widget.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Program Files\Universal\UFileDownloadD\USetup.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

C:\Users\parushaa\Downloads\mplayer_Setup.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

D:\3D\Players\Firefox Setup 3.5.6.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

D:\3D\Players\Firefox Setup 3.5.5.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

The registry was scanned ( '4467' files ).

Beginning disinfection:

D:\3D\Players\Firefox Setup 3.5.5.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

D:\3D\Players\Firefox Setup 3.5.6.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Users\parushaa\Downloads\mplayer_Setup.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files\Universal\UFileDownloadD\USetup.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\tuto4pc_pt_14\Tuto4PC_widget.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Google\Picasa3\Uninstall.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\Silverlight.Configuration.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\ERUNT\unins000.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\ERUNT\NTREGOPT.EXE

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\ERUNT\ERUNT.EXE

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\AnvSoft\Any Video Converter Professional\unins000.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\AnvSoft\Any Video Converter Professional\VideoConvPro.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Adobe\Adobe Utilities - CS5\Pixel Bender Toolkit 2\Pixel Bender Toolkit.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Adobe\Adobe Extension Manager CS5\Adobe Extension Manager CS5.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Adobe\Adobe Utilities - CS5\ExtendScript Toolkit CS5\ExtendScript Toolkit.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Versalsoft\InternetDownload\FLVPlayer.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Versalsoft\InternetDownload\Uninstall.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\DealPly\uninst.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

C:\Program Files (x86)\Versalsoft\InternetDownload\InternetDownload.exe

[DETECTION] Contains code of the W32/Sality.AG Windows virus

[NOTE] The file was repaired.

End of the scan: Wednesday, March 20, 2013 09:45

Used time: 00:32 Minute(s)

The scan has been done completely.

0 Scanned directories

5253 Files were scanned

24 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 Files were deleted

24 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

5229 Files not concerned

45 Archives were scanned

0 Warnings

24 Notes

[Maurice Naggar]

That was a lot of Sality virus infection found on this system.

I'm afraid I have very bad news. Your system is infected with a nasty variant of Win32/Sality. This family of malware is a polymorphic file infector which infects .exe, .scr files, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.

Please see Kaspersky's Threat Encyclopaedia of Win32.Sality.NAO.

With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

As with many other malware, Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.

About Sality Virus

If the computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach.Because your computer was compromised please read:

• How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
  
• What Should I Do If I've Become A Victim Of Identity Theft?
  
• Identity Theft Victims Guide - What to do
  

Since Win32.Sality is not effectively disinfectable, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:

• When should I re-format? How should I reinstall?
  
• Help: I Got Hacked. Now What Do I Do?
  
• Where to draw the line? When to recommend a format and reinstall?
  

credit quietman7

[nobodyshaani]

well that's bad news, i will change passwords immediatly,, from another computer,,, how do i take backup of the files i have in this hardisk ..?? is there a way without infecting the new harddisk?? i bought new external hardisks,, there are some video files i need to copy from this computer to the new hard disks,, ( i havent yet connected them to this computer) is there a way??