Jump to content

Computer Affected with Antimalware Doctor


Recommended Posts

Hello I was browsing the web as i was suddenly atacked by some malware funny thing is i have avast as well as mbam and before this one came along they worked just fine but with this oe they didnt notice it... next thing you know computer restarts and i have antimalware doctor installed on my pc which autostarts and keeps going on and on opera keeps geting redirrected to links that i dont wana go into. I use this pc for shopping and so on so i would really appreciate it if someone out there could help me fix this problem.

i have managed to remove some of them using malwarebytes and avast but theres still some more lurking around so please help me get this pc back upto its top notch condition Thank You.

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Hello itidakimas

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

OTL logfile created on: 07/12/2010 17:26:04 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bijay\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 150.06 Gb Total Space | 35.63 Gb Free Space | 23.74% Space Free | Partition Type: NTFS

Drive D: | 50.19 Gb Total Space | 24.36 Gb Free Space | 48.54% Space Free | Partition Type: NTFS

Drive E: | 30.27 Gb Total Space | 10.92 Gb Free Space | 36.06% Space Free | Partition Type: NTFS

Computer Name: BIJAY-PC | User Name: Bijay | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bijay\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Opera\opera.exe (Opera Software)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Bijay\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found

DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys File not found

DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys File not found

DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (aswNdis) -- C:\Windows\system32\DRIVERS\aswNdis.sys (ALWIL Software)

DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (SISAGP) -- C:\Windows\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.)

DRV - (GUCI_AVS) -- C:\Windows\System32\drivers\GUCI_AVS.sys (PixArt Imaging Incorporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (SiSkp) -- C:\Windows\System32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SiS315) -- C:\Windows\System32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.)

DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 FC 08 B0 C8 AD CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.skip-search.com/?cfg=2-82-0-rBj5

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2010/02/16 22:35:12 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/06/12 09:04:29 | 000,000,479 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (adfazcicpr Object) - {6634628B-4C61-4DE2-95DF-D7E068AAA3F1} - C:\Windows\$NtUninstallMTF197$\jcdyr.dll ()

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (brumazcicgrm Object) - {B38A1E23-C1C2-4DDD-953C-737A1C027993} - C:\Windows\$NtUninstallMTF197$\vscpi.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bipro] C:\Windows\$NtUninstallMTF197$\jcdyr.DLL ()

O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [siSPower] C:\Windows\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [soundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [{031E9A5B-F845-6689-D5CF-698CAE7ED798}] C:\Users\Bijay\AppData\Roaming\Beozu\vout.exe (Microsoft Corporation)

O4 - HKCU..\Run: [{25FB07CF-D12F-3CF6-8A76-939C74A8F851}] C:\Users\Bijay\AppData\Roaming\Faley\upda.exe (Auslogics)

O4 - HKCU..\Run: [{8E61C738-0DA0-6CEB-5701-79AEA0702D87}] C:\Users\Bijay\AppData\Roaming\Uduz\yqli.exe File not found

O4 - HKCU..\Run: [{9368BD62-DD05-82F7-2C37-7932DDCA087E}] C:\Users\Bijay\AppData\Roaming\Rimoor\obza.exe ()

O4 - HKCU..\Run: [uPc+neoZkfgnfNCxl] C:\Users\Bijay\AppData\Local\Temp\fpqh67.DLL ()

O4 - HKCU..\Run: [uPc+neoZkfgsBQaXms] C:\Users\Bijay\AppData\Local\Temp\zb1986kt.DLL ()

O4 - HKCU..\Run: [wercosmanx.exe] C:\Users\Bijay\AppData\Local\Temp\wercosmanx.exe File not found

O4 - HKCU..\RunOnce: [45A732C160AF4789F5DBE0573A684E3BB4E6C65C963D4F700F4E40A8FC494692] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [9265C470E08A472D8B7B71632DD84D16BDD40782B9AA4EF30AF54D6E85164830] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Bijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hdvptnot.exe (Macromedia, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1268984194416 (MUCatalogWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} http://217.36.219.81:9001/DvrOcx.cab (DvrOcx Control)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/12/02 11:50:36 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/12/02 11:50:36 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/12/02 11:50:37 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{64df9c8e-6d39-11df-9cef-0013d486e628}\Shell - "" = AutoRun

O33 - MountPoints2\{64df9c8e-6d39-11df-9cef-0013d486e628}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{bf857fcf-19b6-11df-ba2d-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{bf857fcf-19b6-11df-ba2d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- File not found

O33 - MountPoints2\{c6ad355b-6751-11df-9ead-0013d486e628}\Shell - "" = AutoRun

O33 - MountPoints2\{c6ad355b-6751-11df-9ead-0013d486e628}\Shell\AutoRun\command - "" = H:\Laguna.exe -- File not found

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 17:24:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bijay\Desktop\OTL.exe

[2010/12/07 17:04:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/12/07 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Local\ElevatedDiagnostics

[2010/12/06 21:03:08 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\750249DE89CDA053536D092F47E6AE7C

[2010/12/06 20:17:45 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Local\{B2516CF3-D56D-4872-A7DE-498914A85B00}

[2010/12/06 20:17:28 | 000,054,784 | RHS- | C] (Microsoft Corporation) -- C:\Users\Bijay\AppData\Roaming\SHELLU.dll

[2010/12/06 20:17:28 | 000,054,784 | RHS- | C] (Microsoft Corporation) -- C:\Users\Bijay\AppData\Roaming\fmifs5.dll

[2010/12/06 20:17:07 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server

[2010/12/06 20:15:50 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\Moz7B1E

[2010/12/06 20:15:34 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\Help

[2010/12/06 20:15:02 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\MozC0C7

[2010/12/04 14:02:26 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\skypePM

[2010/12/04 14:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010/12/04 14:00:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010/12/04 14:00:50 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\Skype

[2010/12/04 14:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2010/12/04 13:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer

[2010/12/02 11:50:36 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2010/11/30 21:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Investintech.com Inc

[2010/11/30 21:16:53 | 000,000,000 | ---D | C] -- C:\Users\Bijay\Documents\dilli

[2010/11/30 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Bijay\Desktop\New folder

[2010/11/30 20:36:59 | 000,000,000 | ---D | C] -- C:\Users\Bijay\SisGqVUBDVΐ

Link to post
Share on other sites

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (adfazcicpr Object) - {6634628B-4C61-4DE2-95DF-D7E068AAA3F1} - C:\Windows\$NtUninstallMTF197$\jcdyr.dll ()

O2 - BHO: (brumazcicgrm Object) - {B38A1E23-C1C2-4DDD-953C-737A1C027993} - C:\Windows\$NtUninstallMTF197$\vscpi.dll ()

O4 - HKLM..\Run: [bipro] C:\Windows\$NtUninstallMTF197$\jcdyr.DLL ()

O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found

O4 - HKCU..\Run: [{031E9A5B-F845-6689-D5CF-698CAE7ED798}] C:\Users\Bijay\AppData\Roaming\Beozu\vout.exe (Microsoft Corporation)

O4 - HKCU..\Run: [{25FB07CF-D12F-3CF6-8A76-939C74A8F851}] C:\Users\Bijay\AppData\Roaming\Faley\upda.exe (Auslogics)

O4 - HKCU..\Run: [{8E61C738-0DA0-6CEB-5701-79AEA0702D87}] C:\Users\Bijay\AppData\Roaming\Uduz\yqli.exe File not found

O4 - HKCU..\Run: [{9368BD62-DD05-82F7-2C37-7932DDCA087E}] C:\Users\Bijay\AppData\Roaming\Rimoor\obza.exe ()

O4 - HKCU..\Run: [uPc+neoZkfgnfNCxl] C:\Users\Bijay\AppData\Local\Temp\fpqh67.DLL ()

O4 - HKCU..\Run: [uPc+neoZkfgsBQaXms] C:\Users\Bijay\AppData\Local\Temp\zb1986kt.DLL ()

O4 - HKCU..\Run: [wercosmanx.exe] C:\Users\Bijay\AppData\Local\Temp\wercosmanx.exe File not found

O4 - HKCU..\RunOnce: [45A732C160AF4789F5DBE0573A684E3BB4E6C65C963D4F700F4E40A8FC494692]

O4 - HKCU..\RunOnce: [9265C470E08A472D8B7B71632DD84D16BDD40782B9AA4EF30AF54D6E85164830]

O4 - Startup: C:\Users\Bijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hdvptnot.exe (Macromedia, Inc.)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O33 - MountPoints2\{bf857fcf-19b6-11df-ba2d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- File not found

O33 - MountPoints2\{c6ad355b-6751-11df-9ead-0013d486e628}\Shell\AutoRun\command - "" = H:\Laguna.exe -- File not found

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found

[2010/12/06 21:03:08 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\750249DE89CDA053536D092F47E6AE7C

[2010/12/06 20:17:45 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Local\{B2516CF3-D56D-4872-A7DE-498914A85B00}

[2010/12/06 20:17:28 | 000,054,784 | RHS- | C] (Microsoft Corporation) -- C:\Users\Bijay\AppData\Roaming\SHELLU.dll

[2010/12/06 20:17:28 | 000,054,784 | RHS- | C] (Microsoft Corporation) -- C:\Users\Bijay\AppData\Roaming\fmifs5.dll

[2010/12/06 20:15:50 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\Moz7B1E

[2010/12/06 20:15:34 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\Help

[2010/12/06 20:15:02 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\MozC0C7

[2010/12/02 11:50:36 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2010/11/30 20:36:59 | 000,000,000 | ---D | C] -- C:\Users\Bijay\SisGqVUBDVΐ

Link to post
Share on other sites

OTL Extras logfile created on: 07/12/2010 17:26:04 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bijay\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 150.06 Gb Total Space | 35.63 Gb Free Space | 23.74% Space Free | Partition Type: NTFS

Drive D: | 50.19 Gb Total Space | 24.36 Gb Free Space | 48.54% Space Free | Partition Type: NTFS

Drive E: | 30.27 Gb Total Space | 10.92 Gb Free Space | 36.06% Space Free | Partition Type: NTFS

Computer Name: BIJAY-PC | User Name: Bijay | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"$NtUninstallMTF197$" = Street-Ads Browser Enhancer

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode

"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision

"{49272E0B-CF97-4BD6-85A0-9B1C59495850}_is1" = Able2Extract 7.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4d55a0bd-e6a8-4bd8-8c35-8a3a30631337}" = Nero 9

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = DSA Theory Test

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap

"{9FD81537-F8EC-41DB-BBEB-3FCFD70BB186}" = USB2.0 UVC VGA

"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime

"{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}" = SiS VGA Utilities

"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype

Link to post
Share on other sites

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-12-07 19:27:01

Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000032 WDC_WD25 rev.1.00

Running: iiujgmqj.exe; Driver: C:\Users\Bijay\AppData\Local\Temp\fwlcqpod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81E85599 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EA9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtProtectVirtualMemory 776C5360 5 Bytes JMP 002A000A

.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtWriteVirtualMemory 776C5EE0 5 Bytes JMP 002B000A

.text C:\Windows\system32\svchost.exe[788] ntdll.dll!KiUserExceptionDispatcher 776C6448 5 Bytes JMP 0025000A

.text C:\Windows\system32\svchost.exe[788] ole32.dll!CoCreateInstance 767957FC 5 Bytes JMP 003E000A

.text C:\Windows\system32\svchost.exe[788] USER32.dll!GetCursorPos 75BAC198 5 Bytes JMP 0041000A

.text C:\Windows\Explorer.EXE[1256] ntdll.dll!NtProtectVirtualMemory 776C5360 5 Bytes JMP 0089000A

.text C:\Windows\Explorer.EXE[1256] ntdll.dll!NtWriteVirtualMemory 776C5EE0 5 Bytes JMP 008A000A

.text C:\Windows\Explorer.EXE[1256] ntdll.dll!KiUserExceptionDispatcher 776C6448 5 Bytes JMP 0088000A

.text C:\Windows\system32\ctfmon.exe[1316] ntdll.dll!NtCreateUserProcess 776C4BC0 5 Bytes JMP 0115405E

.text C:\Windows\system32\ctfmon.exe[1316] ntdll.dll!LdrLoadDll 776DF585 5 Bytes JMP 0115418D

.text C:\Windows\system32\ctfmon.exe[1316] kernel32.dll!GetFileAttributesExW 77535F4D 5 Bytes JMP 0115422F

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!SwitchDesktop 75BA17ED 5 Bytes JMP 0115582D

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!OpenInputDesktop 75BA5B5A 5 Bytes JMP 011557DD

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!RegisterClassExA 75BA60F8 5 Bytes JMP 01155C3B

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!DefDlgProcW 75BABB59 5 Bytes JMP 011558D7

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetCapture 75BABBB3 5 Bytes JMP 01153E62

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetCursorPos 75BAC198 5 Bytes JMP 01153D34

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetUpdateRect 75BAC265 5 Bytes JMP 01154A21

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!ReleaseCapture 75BAC49E 5 Bytes JMP 01153E12

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!DefWindowProcA 75BAE0E4 5 Bytes JMP 01155891

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!RegisterClassA 75BAE225 5 Bytes JMP 01155B9C

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!RegisterClassExW 75BB212B 5 Bytes JMP 01155BE9

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!RegisterClassW 75BB281B 5 Bytes JMP 01155B4F

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetMessageA 75BB286F 5 Bytes JMP 01153F29

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!PeekMessageA 75BB2EB2 5 Bytes JMP 01153F7C

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!CallWindowProcW 75BB43DA 5 Bytes JMP 01155A81

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetDCEx 75BB4516 5 Bytes JMP 01154908

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetWindowDC 75BB68EA 5 Bytes JMP 011549A2

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetDC 75BB7041 5 Bytes JMP 01154963

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!ReleaseDC 75BB7055 5 Bytes JMP 011549E1

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!DefWindowProcW 75BB724B 5 Bytes JMP 0115584B

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!EndPaint 75BB7B73 5 Bytes JMP 011548C8

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!BeginPaint 75BB7B87 5 Bytes JMP 0115485A

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetMessageW 75BB8F97 5 Bytes JMP 01153F01

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!TranslateMessage 75BB910F 5 Bytes JMP 0114995B

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!PeekMessageW 75BB91B5 5 Bytes JMP 01153F51

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetClipboardData 75BC4B47 5 Bytes JMP 01149AC8

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!DefDlgProcA 75BC90D7 5 Bytes JMP 0115591D

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!DefMDIChildProcA 75BD3439 5 Bytes JMP 01155A3B

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!DefMDIChildProcW 75BD3B7A 5 Bytes JMP 011559F5

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!DefFrameProcW 75BD3CCC 5 Bytes JMP 01155963

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!DefFrameProcA 75BD3E9B 5 Bytes JMP 011559AC

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetUpdateRgn 75BD4074 5 Bytes JMP 01154AB4

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!CallWindowProcA 75BD41DE 5 Bytes JMP 01155ACA

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!GetMessagePos 75BD6785 5 Bytes JMP 01153D02

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!SetCapture 75BD6B2A 5 Bytes JMP 01153DB8

.text C:\Windows\system32\ctfmon.exe[1316] USER32.dll!SetCursorPos 75BEC1D8 5 Bytes JMP 01153D7B

.text C:\Windows\system32\ctfmon.exe[1316] WININET.dll!InternetCloseHandle 7651C87E 5 Bytes JMP 01158A5D

.text C:\Windows\system32\ctfmon.exe[1316] WININET.dll!HttpQueryInfoA 7651CC02 5 Bytes JMP 01158B55

.text C:\Windows\system32\ctfmon.exe[1316] WININET.dll!InternetReadFile 7651E2A4 5 Bytes JMP 01158AA0

.text C:\Windows\system32\ctfmon.exe[1316] WININET.dll!HttpSendRequestW 7651EEF3 5 Bytes JMP 0115887D

.text C:\Windows\system32\ctfmon.exe[1316] WININET.dll!InternetQueryDataAvailable 7652420B 5 Bytes JMP 01158B29

.text C:\Windows\system32\ctfmon.exe[1316] WININET.dll!HttpSendRequestExW 76538E8C 5 Bytes JMP 01158925

.text C:\Windows\system32\ctfmon.exe[1316] WININET.dll!InternetReadFileExA 76541339 5 Bytes JMP 01158ADF

.text C:\Windows\system32\ctfmon.exe[1316] WININET.dll!HttpSendRequestExA 76590066 5 Bytes JMP 011589C1

.text C:\Windows\system32\ctfmon.exe[1316] WININET.dll!HttpSendRequestA 7659014C 5 Bytes JMP 011588D1

.text C:\Windows\system32\ctfmon.exe[1316] CRYPT32.dll!PFXImportCertStore 75A40D60 5 Bytes JMP 01159A66

.text C:\Windows\system32\ctfmon.exe[1316] WS2_32.dll!closesocket 760C3BED 5 Bytes JMP 0115979E

.text C:\Windows\system32\ctfmon.exe[1316] WS2_32.dll!WSASend 760C68A7 5 Bytes JMP 011597F7

.text C:\Windows\system32\ctfmon.exe[1316] WS2_32.dll!send 760CC4C8 5 Bytes JMP 011597D6

.text C:\iiujgmqj.exe[1776] ntdll.dll!NtCreateUserProcess 776C4BC0 5 Bytes JMP 0061405E

.text C:\iiujgmqj.exe[1776] ntdll.dll!LdrLoadDll 776DF585 5 Bytes JMP 0061418D

.text C:\iiujgmqj.exe[1776] kernel32.dll!GetFileAttributesExW 77535F4D 5 Bytes JMP 0061422F

.text C:\iiujgmqj.exe[1776] USER32.dll!SwitchDesktop 75BA17ED 5 Bytes JMP 0061582D

.text C:\iiujgmqj.exe[1776] USER32.dll!OpenInputDesktop 75BA5B5A 5 Bytes JMP 006157DD

.text C:\iiujgmqj.exe[1776] USER32.dll!RegisterClassExA 75BA60F8 5 Bytes JMP 00615C3B

.text C:\iiujgmqj.exe[1776] USER32.dll!DefDlgProcW 75BABB59 5 Bytes JMP 006158D7

.text C:\iiujgmqj.exe[1776] USER32.dll!GetCapture 75BABBB3 5 Bytes JMP 00613E62

.text C:\iiujgmqj.exe[1776] USER32.dll!GetCursorPos 75BAC198 5 Bytes JMP 00613D34

.text C:\iiujgmqj.exe[1776] USER32.dll!GetUpdateRect 75BAC265 5 Bytes JMP 00614A21

.text C:\iiujgmqj.exe[1776] USER32.dll!ReleaseCapture 75BAC49E 5 Bytes JMP 00613E12

.text C:\iiujgmqj.exe[1776] USER32.dll!DefWindowProcA 75BAE0E4 5 Bytes JMP 00615891

.text C:\iiujgmqj.exe[1776] USER32.dll!RegisterClassA 75BAE225 5 Bytes JMP 00615B9C

.text C:\iiujgmqj.exe[1776] USER32.dll!RegisterClassExW 75BB212B 5 Bytes JMP 00615BE9

.text C:\iiujgmqj.exe[1776] USER32.dll!RegisterClassW 75BB281B 5 Bytes JMP 00615B4F

.text C:\iiujgmqj.exe[1776] USER32.dll!GetMessageA 75BB286F 5 Bytes JMP 00613F29

.text C:\iiujgmqj.exe[1776] USER32.dll!PeekMessageA 75BB2EB2 5 Bytes JMP 00613F7C

.text C:\iiujgmqj.exe[1776] USER32.dll!CallWindowProcW 75BB43DA 5 Bytes JMP 00615A81

.text C:\iiujgmqj.exe[1776] USER32.dll!GetDCEx 75BB4516 5 Bytes JMP 00614908

.text C:\iiujgmqj.exe[1776] USER32.dll!GetWindowDC 75BB68EA 5 Bytes JMP 006149A2

.text C:\iiujgmqj.exe[1776] USER32.dll!GetDC 75BB7041 5 Bytes JMP 00614963

.text C:\iiujgmqj.exe[1776] USER32.dll!ReleaseDC 75BB7055 5 Bytes JMP 006149E1

.text C:\iiujgmqj.exe[1776] USER32.dll!DefWindowProcW 75BB724B 5 Bytes JMP 0061584B

.text C:\iiujgmqj.exe[1776] USER32.dll!EndPaint 75BB7B73 5 Bytes JMP 006148C8

.text C:\iiujgmqj.exe[1776] USER32.dll!BeginPaint 75BB7B87 5 Bytes JMP 0061485A

.text C:\iiujgmqj.exe[1776] USER32.dll!GetMessageW 75BB8F97 5 Bytes JMP 00613F01

.text C:\iiujgmqj.exe[1776] USER32.dll!TranslateMessage 75BB910F 5 Bytes JMP 0060995B

.text C:\iiujgmqj.exe[1776] USER32.dll!PeekMessageW 75BB91B5 5 Bytes JMP 00613F51

.text C:\iiujgmqj.exe[1776] USER32.dll!GetClipboardData 75BC4B47 5 Bytes JMP 00609AC8

.text C:\iiujgmqj.exe[1776] USER32.dll!DefDlgProcA 75BC90D7 5 Bytes JMP 0061591D

.text C:\iiujgmqj.exe[1776] USER32.dll!DefMDIChildProcA 75BD3439 5 Bytes JMP 00615A3B

.text C:\iiujgmqj.exe[1776] USER32.dll!DefMDIChildProcW 75BD3B7A 5 Bytes JMP 006159F5

.text C:\iiujgmqj.exe[1776] USER32.dll!DefFrameProcW 75BD3CCC 5 Bytes JMP 00615963

.text C:\iiujgmqj.exe[1776] USER32.dll!DefFrameProcA 75BD3E9B 5 Bytes JMP 006159AC

.text C:\iiujgmqj.exe[1776] USER32.dll!GetUpdateRgn 75BD4074 5 Bytes JMP 00614AB4

.text C:\iiujgmqj.exe[1776] USER32.dll!CallWindowProcA 75BD41DE 5 Bytes JMP 00615ACA

.text C:\iiujgmqj.exe[1776] USER32.dll!GetMessagePos 75BD6785 5 Bytes JMP 00613D02

.text C:\iiujgmqj.exe[1776] USER32.dll!SetCapture 75BD6B2A 5 Bytes JMP 00613DB8

.text C:\iiujgmqj.exe[1776] USER32.dll!SetCursorPos 75BEC1D8 5 Bytes JMP 00613D7B

.text C:\iiujgmqj.exe[1776] WININET.dll!InternetCloseHandle 7651C87E 5 Bytes JMP 00618A5D

.text C:\iiujgmqj.exe[1776] WININET.dll!HttpQueryInfoA 7651CC02 5 Bytes JMP 00618B55

.text C:\iiujgmqj.exe[1776] WININET.dll!InternetReadFile 7651E2A4 5 Bytes JMP 00618AA0

.text C:\iiujgmqj.exe[1776] WININET.dll!HttpSendRequestW 7651EEF3 5 Bytes JMP 0061887D

.text C:\iiujgmqj.exe[1776] WININET.dll!InternetQueryDataAvailable 7652420B 5 Bytes JMP 00618B29

.text C:\iiujgmqj.exe[1776] WININET.dll!HttpSendRequestExW 76538E8C 5 Bytes JMP 00618925

.text C:\iiujgmqj.exe[1776] WININET.dll!InternetReadFileExA 76541339 5 Bytes JMP 00618ADF

.text C:\iiujgmqj.exe[1776] WININET.dll!HttpSendRequestExA 76590066 5 Bytes JMP 006189C1

.text C:\iiujgmqj.exe[1776] WININET.dll!HttpSendRequestA 7659014C 5 Bytes JMP 006188D1

.text C:\iiujgmqj.exe[1776] CRYPT32.dll!PFXImportCertStore 75A40D60 5 Bytes JMP 00619A66

.text C:\iiujgmqj.exe[1776] WS2_32.dll!closesocket 760C3BED 5 Bytes JMP 0061979E

.text C:\iiujgmqj.exe[1776] WS2_32.dll!WSASend 760C68A7 5 Bytes JMP 006197F7

.text C:\iiujgmqj.exe[1776] WS2_32.dll!send 760CC4C8 5 Bytes JMP 006197D6

.text C:\Program Files\Opera\opera.exe[2000] ntdll.dll!NtProtectVirtualMemory 776C5360 5 Bytes JMP 0036000A

.text C:\Program Files\Opera\opera.exe[2000] ntdll.dll!NtWriteVirtualMemory 776C5EE0 5 Bytes JMP 0037000A

.text C:\Program Files\Opera\opera.exe[2000] ntdll.dll!KiUserExceptionDispatcher 776C6448 5 Bytes JMP 0023000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744E2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744C5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744C56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744E250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744D8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744D4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744D50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744D51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744D66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744D82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744D8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744D907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744DE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1256] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744D4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Device\00000065 -> \??\SCSI#Disk&Ven_WDC_WD25&Prod_00JD-00HBB0#4&b9b8728&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6634628B-4C61-4DE2-95DF-D7E068AAA3F1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6634628B-4C61-4DE2-95DF-D7E068AAA3F1}\ deleted successfully.

C:\Windows\$NtUninstallMTF197$\jcdyr.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B38A1E23-C1C2-4DDD-953C-737A1C027993}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B38A1E23-C1C2-4DDD-953C-737A1C027993}\ deleted successfully.

C:\Windows\$NtUninstallMTF197$\vscpi.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bipro deleted successfully.

File C:\Windows\$NtUninstallMTF197$\jcdyr.DLL not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gchk deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{031E9A5B-F845-6689-D5CF-698CAE7ED798} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{031E9A5B-F845-6689-D5CF-698CAE7ED798}\ not found.

C:\Users\Bijay\AppData\Roaming\Beozu\vout.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{25FB07CF-D12F-3CF6-8A76-939C74A8F851} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25FB07CF-D12F-3CF6-8A76-939C74A8F851}\ not found.

C:\Users\Bijay\AppData\Roaming\Faley\upda.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{8E61C738-0DA0-6CEB-5701-79AEA0702D87} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E61C738-0DA0-6CEB-5701-79AEA0702D87}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{9368BD62-DD05-82F7-2C37-7932DDCA087E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9368BD62-DD05-82F7-2C37-7932DDCA087E}\ not found.

C:\Users\Bijay\AppData\Roaming\Rimoor\obza.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+neoZkfgnfNCxl deleted successfully.

C:\Users\Bijay\AppData\Local\Temp\fpqh67.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+neoZkfgsBQaXms deleted successfully.

C:\Users\Bijay\AppData\Local\Temp\zb1986kt.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wercosmanx.exe deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\45A732C160AF4789F5DBE0573A684E3BB4E6C65C963D4F700F4E40A8FC494692 deleted successfully.

File not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\9265C470E08A472D8B7B71632DD84D16BDD40782B9AA4EF30AF54D6E85164830 deleted successfully.

File not found.

C:\Users\Bijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hdvptnot.exe moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf857fcf-19b6-11df-ba2d-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf857fcf-19b6-11df-ba2d-806e6f6e6963}\ not found.

File F:\start.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6ad355b-6751-11df-9ead-0013d486e628}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6ad355b-6751-11df-9ead-0013d486e628}\ not found.

File H:\Laguna.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.

File H:\autorun.exe not found.

C:\Users\Bijay\AppData\Roaming\750249DE89CDA053536D092F47E6AE7C folder moved successfully.

C:\Users\Bijay\AppData\Local\{B2516CF3-D56D-4872-A7DE-498914A85B00}\chrome\content folder moved successfully.

C:\Users\Bijay\AppData\Local\{B2516CF3-D56D-4872-A7DE-498914A85B00}\chrome folder moved successfully.

C:\Users\Bijay\AppData\Local\{B2516CF3-D56D-4872-A7DE-498914A85B00} folder moved successfully.

C:\Users\Bijay\AppData\Roaming\SHELLU.dll moved successfully.

C:\Users\Bijay\AppData\Roaming\fmifs5.dll moved successfully.

C:\Users\Bijay\AppData\Roaming\Moz7B1E folder moved successfully.

C:\Users\Bijay\AppData\Roaming\Help\coredb folder moved successfully.

C:\Users\Bijay\AppData\Roaming\Help folder moved successfully.

C:\Users\Bijay\AppData\Roaming\MozC0C7 folder moved successfully.

C:\autorun.inf folder moved successfully.

C:\Users\Bijay\SisGqVUBDVΐ

Link to post
Share on other sites

ComboFix 10-12-06.04 - Bijay 07/12/2010 20:31:53.2.1 - x86 NETWORK

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1983.1387 [GMT 0:00]

Running from: c:\users\Bijay\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Bijay\AppData\Roaming\Hupi

c:\users\Bijay\AppData\Roaming\Hupi\keufw.exe

c:\users\Bijay\AppData\Roaming\Owqiy

c:\users\Bijay\AppData\Roaming\Owqiy\ykav.iqz

c:\users\Bijay\AppData\Roaming\Owqiy\ykav.tmp

c:\users\Public\Documents\Server\admin.txt

c:\users\Public\Documents\Server\server.dat

.

((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))

.

2010-12-07 20:42 . 2010-12-07 20:42 -------- d-----w- c:\users\Bijay\AppData\Local\temp

2010-12-07 20:42 . 2010-12-07 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-07 19:37 . 2010-12-07 19:37 -------- d-----w- C:\_OTL

2010-12-07 18:02 . 2010-12-07 18:02 296448 ----a-w- C:\iiujgmqj.exe

2010-12-07 17:04 . 2010-12-07 17:04 153088 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\edosop.exe

2010-12-07 17:04 . 2010-12-07 17:04 153088 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\udhu.exe

2010-12-07 17:04 . 2010-12-07 17:04 -------- d-----w- c:\windows\Sun

2010-12-07 12:27 . 2010-12-07 12:27 -------- d-----w- c:\users\Bijay\AppData\Local\ElevatedDiagnostics

2010-12-04 14:02 . 2010-12-06 19:23 -------- d-----w- c:\users\Bijay\AppData\Roaming\skypePM

2010-12-04 14:01 . 2010-12-04 14:01 -------- d-----w- c:\program files\Common Files\Skype

2010-12-04 14:00 . 2010-12-04 14:01 -------- d-----r- c:\program files\Skype

2010-12-04 14:00 . 2010-12-06 20:10 -------- d-----w- c:\users\Bijay\AppData\Roaming\Skype

2010-12-04 14:00 . 2010-12-04 14:00 -------- d-----w- c:\programdata\Skype

2010-12-04 13:33 . 2010-12-04 13:33 -------- d-----w- c:\program files\TeamViewer

2010-11-30 21:27 . 2010-11-30 21:27 -------- d-----w- c:\program files\Investintech.com Inc

2010-11-30 16:01 . 2010-11-30 20:37 -------- d-----w- c:\users\Bijay\windows

2010-11-17 19:28 . 2010-02-25 14:15 1053696 ----a-w- c:\windows\system32\mfc71u.dll

2010-11-17 19:27 . 2010-11-17 19:27 -------- d-----w- c:\program files\Aimersoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 17:42 . 2010-04-15 10:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 17:42 . 2010-04-15 10:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

------- Sigcheck -------

[-] 2010-06-16 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2005-01-04 49152]

"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

edosop.exe [2010-12-7 153088]

udhu.exe [2010-12-7 153088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Bijay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]

backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]

2010-03-01 13:00 9216928 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]

2010-03-01 13:00 9216928 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-03-26 00:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAP7501_Monitor]

2007-12-10 15:55 323584 ----a-w- c:\windows\Pixart\PAP7501\GUCI_AVS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 11:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-02-16 22:34 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 135664]

R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]

R3 GUCI_AVS;USB2.0 UVC VGA;c:\windows\system32\DRIVERS\GUCI_AVS.sys [2009-07-15 592640]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-04-28 3555568]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

.

Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\AWC Update.job

- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-07-21 10:08]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 11:53]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 11:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://217.36.219.81:9001/DvrOcx.cab

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-{9368BD62-DD05-82F7-2C37-7932DDCA087E} - c:\users\Bijay\AppData\Roaming\Hupi\keufw.exe

HKLM-RunOnce-<NO NAME> - (no file)

MSConfigStartUp-{031E9A5B-F845-6689-D5CF-698CAE7ED798} - c:\users\Bijay\AppData\Roaming\Beozu\vout.exe

MSConfigStartUp-{25FB07CF-D12F-3CF6-8A76-939C74A8F851} - c:\users\Bijay\AppData\Roaming\Faley\upda.exe

MSConfigStartUp-{51CFE21D-A9DE-7EFB-8256-9F7B586944BE} - c:\users\Bijay\AppData\Roaming\Ubywto\ocse.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: WDC_WD25 rev.1.00 -> Harddisk0\DR0 ->

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84AC0555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84ac67b0]; MOV EAX, [0x84ac682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x81E55458] -> \Device\Harddisk0\DR0[0x84AA1030]

3 CLASSPNP[0x87FCE59E] -> ntkrnlpa!IofCallDriver[0x81E55458] -> [0x83C8CE00]

5 ACPI[0x87AA93B2] -> ntkrnlpa!IofCallDriver[0x81E55458] -> \00000066[0x848C3690]

\Driver\SiSRaid2[0x84AA18E8] -> IRP_MJ_CREATE -> 0x84AC0555

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

detected disk devices:

\Device\00000066 -> \??\SCSI#Disk&Ven_WDC_WD25&Prod_00JD-00HBB0#4&b9b8728&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user & kernel MBR OK

error: Read Insufficient system resources exist to complete the requested service.

Warning: possible TDL3 rootkit infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-12-07 20:46:01

ComboFix-quarantined-files.txt 2010-12-07 20:46

Pre-Run: 39,556,403,200 bytes free

Post-Run: 39,495,323,648 bytes free

- - End Of File - - 88F9BE95955B5E0A871BBE2966C6F3AF

Link to post
Share on other sites

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

================

1. Open notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=69659

Collect::[44]
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\edosop.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\udhu.exe

FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll|c:\windows\System32\user32.dll

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

4. During this run Combofix will collect and automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[44]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Link to post
Share on other sites

2010/12/08 07:58:48.0291 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01

2010/12/08 07:58:48.0291 ================================================================================

2010/12/08 07:58:48.0291 SystemInfo:

2010/12/08 07:58:48.0291

2010/12/08 07:58:48.0291 OS Version: 6.1.7600 ServicePack: 0.0

2010/12/08 07:58:48.0292 Product type: Workstation

2010/12/08 07:58:48.0292 ComputerName: BIJAY-PC

2010/12/08 07:58:48.0296 UserName: Bijay

2010/12/08 07:58:48.0298 Windows directory: C:\Windows

2010/12/08 07:58:48.0298 System windows directory: C:\Windows

2010/12/08 07:58:48.0298 Processor architecture: Intel x86

2010/12/08 07:58:48.0298 Number of processors: 1

2010/12/08 07:58:48.0298 Page size: 0x1000

2010/12/08 07:58:48.0298 Boot type: Normal boot

2010/12/08 07:58:48.0298 ================================================================================

2010/12/08 07:58:48.0687 Initialize success

2010/12/08 07:59:36.0445 ================================================================================

2010/12/08 07:59:36.0445 Scan started

2010/12/08 07:59:36.0445 Mode: Manual;

2010/12/08 07:59:36.0445 ================================================================================

2010/12/08 07:59:37.0585 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/12/08 07:59:37.0773 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2010/12/08 07:59:37.0898 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/12/08 07:59:38.0085 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/12/08 07:59:38.0210 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2010/12/08 07:59:38.0335 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2010/12/08 07:59:38.0523 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2010/12/08 07:59:38.0710 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2010/12/08 07:59:38.0960 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS

2010/12/08 07:59:39.0150 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2010/12/08 07:59:39.0220 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2010/12/08 07:59:39.0294 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2010/12/08 07:59:39.0367 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2010/12/08 07:59:39.0447 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2010/12/08 07:59:39.0521 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2010/12/08 07:59:39.0599 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/12/08 07:59:39.0703 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2010/12/08 07:59:39.0787 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2010/12/08 07:59:39.0949 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2010/12/08 07:59:40.0029 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2010/12/08 07:59:40.0160 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys

2010/12/08 07:59:40.0296 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys

2010/12/08 07:59:40.0470 aswFW (25ace55b10046e9e6e9b148fa7abd3b7) C:\Windows\system32\drivers\aswFW.sys

2010/12/08 07:59:40.0599 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys

2010/12/08 07:59:40.0816 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys

2010/12/08 07:59:40.0943 aswNdis2 (125febcb61d33b358afc20866b8a9842) C:\Windows\system32\drivers\aswNdis2.sys

2010/12/08 07:59:41.0074 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys

2010/12/08 07:59:41.0185 aswSnx (81f10376af5f0f466f03cb2c5321b7ed) C:\Windows\system32\drivers\aswSnx.sys

2010/12/08 07:59:41.0355 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys

2010/12/08 07:59:41.0556 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys

2010/12/08 07:59:41.0679 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/08 07:59:41.0740 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2010/12/08 07:59:42.0009 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2010/12/08 07:59:42.0132 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/12/08 07:59:42.0306 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2010/12/08 07:59:42.0416 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/12/08 07:59:42.0509 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/08 07:59:42.0587 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/12/08 07:59:42.0650 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/12/08 07:59:42.0759 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2010/12/08 07:59:42.0837 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/12/08 07:59:42.0900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/12/08 07:59:43.0041 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/12/08 07:59:43.0166 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/12/08 07:59:43.0556 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/08 07:59:43.0650 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/08 07:59:43.0869 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2010/12/08 07:59:44.0009 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2010/12/08 07:59:44.0134 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/08 07:59:44.0212 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2010/12/08 07:59:44.0291 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2010/12/08 07:59:44.0369 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/08 07:59:44.0462 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/12/08 07:59:44.0587 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/12/08 07:59:44.0822 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2010/12/08 07:59:44.0972 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2010/12/08 07:59:45.0062 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2010/12/08 07:59:45.0166 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2010/12/08 07:59:45.0312 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2010/12/08 07:59:45.0466 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/08 07:59:45.0714 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2010/12/08 07:59:46.0123 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2010/12/08 07:59:46.0263 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2010/12/08 07:59:46.0388 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2010/12/08 07:59:46.0466 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2010/12/08 07:59:46.0560 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/08 07:59:46.0685 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2010/12/08 07:59:46.0748 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2010/12/08 07:59:46.0826 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/08 07:59:46.0904 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2010/12/08 07:59:47.0044 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2010/12/08 07:59:47.0169 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/08 07:59:47.0466 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys

2010/12/08 07:59:47.0591 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/12/08 07:59:47.0654 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/12/08 07:59:47.0826 GUCI_AVS (f5c525af6c9fed12ea81ad3826e3cd3f) C:\Windows\system32\DRIVERS\GUCI_AVS.sys

2010/12/08 07:59:48.0138 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2010/12/08 07:59:48.0232 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/08 07:59:48.0310 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/12/08 07:59:48.0373 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2010/12/08 07:59:48.0451 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2010/12/08 07:59:48.0593 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/08 07:59:48.0734 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/12/08 07:59:48.0859 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2010/12/08 07:59:49.0078 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2010/12/08 07:59:49.0234 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/08 07:59:49.0375 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/12/08 07:59:49.0500 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2010/12/08 07:59:49.0609 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2010/12/08 07:59:49.0718 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/08 07:59:49.0875 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/08 07:59:50.0031 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/12/08 07:59:50.0218 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2010/12/08 07:59:50.0343 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2010/12/08 07:59:50.0406 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2010/12/08 07:59:50.0500 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/08 07:59:50.0609 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/08 07:59:50.0703 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/08 07:59:50.0843 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/08 07:59:50.0937 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2010/12/08 07:59:51.0109 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/08 07:59:51.0265 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/12/08 07:59:51.0328 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/12/08 07:59:51.0406 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/12/08 07:59:51.0484 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/12/08 07:59:51.0595 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2010/12/08 07:59:51.0673 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2010/12/08 07:59:51.0767 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/12/08 07:59:51.0861 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2010/12/08 07:59:51.0939 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/08 07:59:52.0033 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/08 07:59:52.0111 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/08 07:59:52.0189 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2010/12/08 07:59:52.0267 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2010/12/08 07:59:52.0345 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/08 07:59:52.0439 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2010/12/08 07:59:52.0548 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/08 07:59:52.0673 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/08 07:59:52.0736 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/08 07:59:52.0892 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2010/12/08 07:59:53.0033 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2010/12/08 07:59:53.0173 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2010/12/08 07:59:53.0283 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2010/12/08 07:59:53.0345 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/12/08 07:59:53.0439 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/08 07:59:53.0517 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/08 07:59:53.0595 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2010/12/08 07:59:53.0658 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2010/12/08 07:59:53.0751 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/08 07:59:53.0830 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2010/12/08 07:59:53.0892 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/12/08 07:59:54.0068 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2010/12/08 07:59:54.0222 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/08 07:59:54.0359 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2010/12/08 07:59:54.0501 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/12/08 07:59:54.0650 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/08 07:59:54.0759 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/08 07:59:54.0931 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/08 07:59:55.0056 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2010/12/08 07:59:55.0259 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/08 07:59:55.0353 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/08 07:59:55.0509 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/12/08 07:59:55.0712 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2010/12/08 07:59:55.0884 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/08 07:59:56.0056 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2010/12/08 07:59:56.0337 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2010/12/08 07:59:56.0494 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/12/08 07:59:56.0603 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2010/12/08 07:59:56.0759 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/12/08 07:59:56.0931 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/12/08 07:59:57.0056 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2010/12/08 07:59:57.0134 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2010/12/08 07:59:57.0212 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2010/12/08 07:59:57.0306 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2010/12/08 07:59:57.0384 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2010/12/08 07:59:57.0462 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/12/08 07:59:57.0603 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2010/12/08 07:59:57.0775 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2010/12/08 07:59:58.0212 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/08 07:59:58.0306 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2010/12/08 07:59:58.0478 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/08 07:59:58.0587 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys

2010/12/08 07:59:58.0697 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2010/12/08 07:59:58.0869 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/12/08 07:59:58.0962 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/08 07:59:59.0119 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/08 07:59:59.0259 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/12/08 07:59:59.0369 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/08 07:59:59.0494 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/08 07:59:59.0556 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/08 07:59:59.0650 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/08 07:59:59.0697 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/12/08 07:59:59.0791 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/08 07:59:59.0962 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2010/12/08 08:00:00.0087 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/08 08:00:00.0212 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2010/12/08 08:00:00.0322 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2010/12/08 08:00:00.0478 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2010/12/08 08:00:00.0650 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys

2010/12/08 08:00:00.0837 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/08 08:00:00.0978 RT2500 (ae1e626f00180bfb3ca5a81fffc65332) C:\Windows\system32\DRIVERS\RT2500.sys

2010/12/08 08:00:01.0119 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys

2010/12/08 08:00:01.0212 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/12/08 08:00:01.0337 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/12/08 08:00:01.0494 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys

2010/12/08 08:00:01.0603 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2010/12/08 08:00:01.0775 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/12/08 08:00:02.0009 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2010/12/08 08:00:02.0119 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2010/12/08 08:00:02.0228 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2010/12/08 08:00:02.0447 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/12/08 08:00:02.0556 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/12/08 08:00:02.0697 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/12/08 08:00:02.0775 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/12/08 08:00:03.0056 SiS315 (4fabfab9231f7e7c833677377cf013b8) C:\Windows\system32\DRIVERS\sisgrp.sys

2010/12/08 08:00:03.0228 SISAGP (546b935f005e9bb7fec7b17d42547d0e) C:\Windows\system32\DRIVERS\SISAGPX.sys

2010/12/08 08:00:03.0353 SiSkp (82387bf8f5a35358118b2129ff91c890) C:\Windows\system32\DRIVERS\srvkp.sys

2010/12/08 08:00:03.0462 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/12/08 08:00:03.0556 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/12/08 08:00:03.0722 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2010/12/08 08:00:03.0910 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2010/12/08 08:00:04.0130 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys

2010/12/08 08:00:04.0279 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/08 08:00:04.0412 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/08 08:00:04.0574 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2010/12/08 08:00:04.0730 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/12/08 08:00:04.0792 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2010/12/08 08:00:04.0855 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/08 08:00:05.0089 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys

2010/12/08 08:00:05.0292 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/08 08:00:05.0449 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/08 08:00:05.0589 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2010/12/08 08:00:05.0683 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2010/12/08 08:00:05.0839 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/08 08:00:06.0027 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/08 08:00:06.0246 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/08 08:00:06.0355 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/08 08:00:06.0496 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2010/12/08 08:00:06.0589 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/08 08:00:06.0730 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/12/08 08:00:06.0833 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/08 08:00:07.0001 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2010/12/08 08:00:07.0273 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2010/12/08 08:00:07.0460 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

2010/12/08 08:00:07.0632 usbbus (5aadc9297c39aa249cd994acdba19034) C:\Windows\system32\DRIVERS\lgusbbus.sys

2010/12/08 08:00:07.0773 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/08 08:00:07.0898 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2010/12/08 08:00:08.0070 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\Windows\system32\DRIVERS\lgusbdiag.sys

2010/12/08 08:00:08.0242 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/08 08:00:08.0320 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/08 08:00:08.0414 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\Windows\system32\DRIVERS\lgusbmodem.sys

2010/12/08 08:00:08.0539 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2010/12/08 08:00:08.0632 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/08 08:00:08.0804 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/08 08:00:08.0882 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/08 08:00:09.0007 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/12/08 08:00:09.0101 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/08 08:00:09.0179 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2010/12/08 08:00:09.0257 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/12/08 08:00:09.0429 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2010/12/08 08:00:09.0615 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2010/12/08 08:00:09.0712 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2010/12/08 08:00:09.0865 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2010/12/08 08:00:09.0943 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/12/08 08:00:10.0177 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\Windows\system32\DRIVERS\vncmirror.sys

2010/12/08 08:00:10.0302 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/12/08 08:00:10.0412 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2010/12/08 08:00:10.0568 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2010/12/08 08:00:10.0677 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/12/08 08:00:10.0818 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2010/12/08 08:00:10.0958 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2010/12/08 08:00:11.0130 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/08 08:00:11.0208 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/08 08:00:11.0443 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2010/12/08 08:00:11.0568 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/08 08:00:11.0802 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/12/08 08:00:11.0896 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2010/12/08 08:00:12.0130 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2010/12/08 08:00:12.0240 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/12/08 08:00:12.0412 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/08 08:00:12.0568 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2010/12/08 08:00:12.0662 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/08 08:00:12.0867 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/08 08:00:12.0882 ================================================================================

2010/12/08 08:00:12.0882 Scan finished

2010/12/08 08:00:12.0882 ================================================================================

2010/12/08 08:00:12.0929 Detected object count: 1

2010/12/08 08:00:33.0621 \HardDisk0 - will be cured after reboot

2010/12/08 08:00:33.0621 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/08 08:00:46.0093 Deinitialize success

Link to post
Share on other sites

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan inside archives.
  • Click Scan
  • Wait for the scan to finish
  • Click on the option that says Export to text file.
  • Save it to your desktop and post the contents here in your next reply.
  • Once the log is saved click the option to delete quarantined threats and Uninstall application on close.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5272

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

08/12/2010 16:55:28

mbam-log-2010-12-08 (16-55-28).txt

Scan type: Quick scan

Objects scanned: 134986

Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

C:\Qoobox\Quarantine\[44]-Submit_2010-12-08_08.20.08.zip a variant of Win32/Kryptik.IRX trojan deleted - quarantined

C:\Users\Bijay\Documents\Softwares\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined

C:\Users\Bijay\Downloads\Call of Duty\Call of Duty CD-1.ISO probably a variant of Win32/Agent.FICVLEB trojan deleted - quarantined

C:\Users\Bijay\windows\setup5.exe a variant of Win32/Kryptik.IOF trojan cleaned by deleting - quarantined

C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.DZ trojan cleaned by deleting - quarantined

C:\Users\Public\Documents\Server\sphlp.dll Win32/Bamital.ET trojan cleaned by deleting - quarantined

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\1c49c6e1-245654c5 multiple threats deleted - quarantined

C:\_OTL\MovedFiles\12072010_193719\C_Users\Bijay\AppData\Local\ilazuzifowasila.dll a variant of Win32/Cimag.EX trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\12072010_193719\C_Users\Bijay\AppData\Roaming\Beozu\vout.exe a variant of Win32/Kryptik.IGJ trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\12072010_193719\C_Users\Bijay\AppData\Roaming\Faley\upda.exe a variant of Win32/Kryptik.IIG trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\12072010_193719\C_Users\Bijay\AppData\Roaming\Iluka\faope.exe a variant of Win32/Kryptik.IPQ trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\12072010_193719\C_Users\Bijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hdvptnot.exe Win32/Ramnit.A virus unable to clean

C:\_OTL\MovedFiles\12072010_193719\C_Users\Bijay\AppData\Roaming\Moz7B1E\ky7B2F.exe Win32/Pinit.BB worm cleaned by deleting - quarantined

C:\_OTL\MovedFiles\12072010_193719\C_Users\Bijay\AppData\Roaming\MozC0C7\kyC0D8.exe Win32/Pinit.BB worm cleaned by deleting - quarantined

C:\_OTL\MovedFiles\12072010_193719\C_Users\Bijay\PIBRCmgDd교

Link to post
Share on other sites

OTL logfile created on: 08/12/2010 21:32:19 - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bijay\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 150.06 Gb Total Space | 37.50 Gb Free Space | 24.99% Space Free | Partition Type: NTFS

Drive D: | 50.19 Gb Total Space | 24.36 Gb Free Space | 48.54% Space Free | Partition Type: NTFS

Drive E: | 30.27 Gb Total Space | 10.92 Gb Free Space | 36.07% Space Free | Partition Type: NTFS

Computer Name: BIJAY-PC | User Name: Bijay | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bijay\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\Opera\opera.exe (Opera Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

========== Modules (SafeList) ==========

MOD - C:\Users\Bijay\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found

DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys File not found

DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys File not found

DRV - (catchme) -- C:\Users\Bijay\AppData\Local\Temp\catchme.sys File not found

DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (aswNdis) -- C:\Windows\system32\DRIVERS\aswNdis.sys (ALWIL Software)

DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (SISAGP) -- C:\Windows\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.)

DRV - (GUCI_AVS) -- C:\Windows\System32\drivers\GUCI_AVS.sys (PixArt Imaging Incorporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (SiSkp) -- C:\Windows\System32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SiS315) -- C:\Windows\System32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.)

DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 FC 08 B0 C8 AD CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.skip-search.com/?cfg=2-82-0-rBj5

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/12/08 08:34:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [siSPower] C:\Windows\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [soundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1268984194416 (MUCatalogWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} http://217.36.219.81:9001/DvrOcx.cab (DvrOcx Control)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/12/02 11:50:36 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/12/02 11:50:37 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 15:53:38 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2010/12/08 15:52:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/12/08 15:38:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/12/08 08:38:29 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Local\temp

[2010/12/08 08:17:18 | 000,000,000 | ---D | C] -- C:\Users\Bijay\Desktop\New folder (2)

[2010/12/08 07:57:56 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bijay\Desktop\TDSSKiller.exe

[2010/12/07 19:53:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/12/07 19:53:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/12/07 19:53:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/12/07 19:52:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/12/07 19:49:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/12/07 19:37:19 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/12/07 17:24:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bijay\Desktop\OTL.exe

[2010/12/07 17:04:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/12/07 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Local\ElevatedDiagnostics

[2010/12/06 20:17:07 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server

[2010/12/04 14:02:26 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\skypePM

[2010/12/04 14:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010/12/04 14:00:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010/12/04 14:00:50 | 000,000,000 | ---D | C] -- C:\Users\Bijay\AppData\Roaming\Skype

[2010/12/04 14:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2010/12/04 13:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer

[2010/11/30 21:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Investintech.com Inc

[2010/11/30 21:16:53 | 000,000,000 | ---D | C] -- C:\Users\Bijay\Documents\dilli

[2010/11/30 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Bijay\Desktop\New folder

[2010/11/30 16:01:46 | 000,000,000 | ---D | C] -- C:\Users\Bijay\windows

[2010/11/29 06:51:54 | 000,000,000 | ---D | C] -- C:\Users\Bijay\Desktop\physics HW

[2010/11/17 19:28:36 | 000,000,000 | ---D | C] -- C:\Users\Bijay\Documents\DVD Creator

[2010/11/17 19:28:03 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71u.dll

[2010/11/17 19:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft

========== Files - Modified Within 30 Days ==========

[2010/12/08 21:15:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/12/08 20:57:04 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/08 20:57:04 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/08 20:52:45 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/12/08 20:51:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/08 20:51:54 | 1559,339,008 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/08 08:34:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/12/08 08:24:57 | 000,001,223 | ---- | M] () -- C:\CF-Submit.htm

[2010/12/08 08:11:32 | 003,986,268 | R--- | M] () -- C:\Users\Bijay\Desktop\ComboFix.exe

[2010/12/08 07:57:44 | 001,230,433 | ---- | M] () -- C:\Users\Bijay\Desktop\tdsskiller.zip

[2010/12/07 18:02:39 | 000,296,448 | ---- | M] () -- C:\iiujgmqj.exe

[2010/12/07 17:50:53 | 000,807,250 | ---- | M] () -- C:\Users\Bijay\Desktop\CCleaner.zip

[2010/12/07 17:24:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bijay\Desktop\OTL.exe

[2010/12/07 12:25:56 | 000,069,939 | ---- | M] () -- C:\Users\Bijay\Desktop\Activate Sound in SafeMode.zip

[2010/12/06 20:31:34 | 000,001,240 | ---- | M] () -- C:\Users\Bijay\Desktop\Revo Uninstaller.lnk

[2010/12/06 17:41:34 | 000,009,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/06 17:41:34 | 000,009,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/04 14:02:36 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

[2010/12/04 14:01:05 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/12/04 13:34:03 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk

[2010/12/04 13:19:13 | 003,094,696 | ---- | M] () -- C:\Users\Bijay\Desktop\TeamViewerQS.exe

[2010/12/02 12:29:14 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bijay\Desktop\TDSSKiller.exe

[2010/12/02 11:34:12 | 000,132,597 | ---- | M] () -- C:\Users\Bijay\Desktop\Flash_Disinfector.exe

[2010/11/30 22:10:45 | 003,710,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/11/30 21:27:47 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Able2Extract.lnk

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/29 08:23:15 | 000,000,162 | -H-- | M] () -- C:\Users\Bijay\Desktop\~$ya Raj dai.doc

[2010/11/21 21:38:31 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010/11/17 19:28:26 | 000,001,196 | ---- | M] () -- C:\Users\Bijay\Desktop\Aimersoft DVD Creator.lnk

[2010/11/09 08:16:53 | 001,286,656 | ---- | M] () -- C:\Users\Bijay\Documents\subhams pokemon powerpoint.ppt

========== Files Created - No Company Name ==========

[2010/12/08 08:20:11 | 000,001,223 | ---- | C] () -- C:\CF-Submit.htm

[2010/12/08 07:57:40 | 001,230,433 | ---- | C] () -- C:\Users\Bijay\Desktop\tdsskiller.zip

[2010/12/07 19:53:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/12/07 19:53:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/12/07 19:53:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2010/12/07 19:53:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/12/07 19:53:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/12/07 19:46:30 | 003,986,268 | R--- | C] () -- C:\Users\Bijay\Desktop\ComboFix.exe

[2010/12/07 18:02:39 | 000,296,448 | ---- | C] () -- C:\iiujgmqj.exe

[2010/12/07 17:50:52 | 000,807,250 | ---- | C] () -- C:\Users\Bijay\Desktop\CCleaner.zip

[2010/12/07 12:25:52 | 000,069,939 | ---- | C] () -- C:\Users\Bijay\Desktop\Activate Sound in SafeMode.zip

[2010/12/06 20:31:34 | 000,001,240 | ---- | C] () -- C:\Users\Bijay\Desktop\Revo Uninstaller.lnk

[2010/12/04 14:02:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/12/04 14:01:05 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/12/04 13:34:03 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk

[2010/12/04 13:18:56 | 003,094,696 | ---- | C] () -- C:\Users\Bijay\Desktop\TeamViewerQS.exe

[2010/12/02 11:34:11 | 000,132,597 | ---- | C] () -- C:\Users\Bijay\Desktop\Flash_Disinfector.exe

[2010/11/30 21:27:47 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Able2Extract.lnk

[2010/11/29 08:23:15 | 000,000,162 | -H-- | C] () -- C:\Users\Bijay\Desktop\~$ya Raj dai.doc

[2010/11/17 19:28:26 | 000,001,196 | ---- | C] () -- C:\Users\Bijay\Desktop\Aimersoft DVD Creator.lnk

[2010/08/03 18:28:03 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to DVD.INI

[2010/08/03 17:42:01 | 000,003,584 | ---- | C] () -- C:\Users\Bijay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/07/17 11:41:13 | 000,000,137 | ---- | C] () -- C:\Users\Bijay\AppData\Roaming\default.rss

[2010/06/24 16:44:12 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI

[2010/03/07 16:41:31 | 000,002,080 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini

[2010/03/06 11:39:51 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/02/24 22:09:33 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI

[2010/02/18 08:54:46 | 000,083,471 | ---- | C] () -- C:\Windows\VGAsetup.ini

[2010/02/17 23:17:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/13 23:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll

[2009/05/06 14:44:02 | 000,074,240 | ---- | C] () -- C:\Windows\System32\CovH264ToAvi.dll

[2009/05/06 08:28:58 | 000,651,372 | ---- | C] () -- C:\Windows\System32\RM_DVRNET_DLL.dll

[2009/05/06 08:28:58 | 000,229,442 | ---- | C] () -- C:\Windows\System32\winpubf.dll

[2009/05/06 08:28:58 | 000,196,608 | ---- | C] () -- C:\Windows\System32\nvrfs.dll

[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll

[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008/11/06 16:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

< End of report >

Link to post
Share on other sites

Ok everything seems to be running fine and fast btw this is a dual boot system

i have xp pro installed on drive d: have we cleaned tht as well??

And I have 2 usbs tht need cleaning im 100% sure they contain viruses that run automatically. As soon as the usbs are inserted into a pc the virus automatically transfers to all harddrives in the pc and copies itself... is there anyway to clean up those drives without reinfecting the computer.

BTW Thank You so much for your help so far you have been absolutely amzing. I really appreciate it.

Link to post
Share on other sites

Both drivers were scanned with Eset.

Evidence here:

D:\Documents and Settings\XP Professional\Wii\Wii Apps\WBFS_pack_Volkrex@wiiso\WBFS\wbfs_inteligent_gui_v6.exe Win32/Packed.Autoit.E.Gen application deleted - quarantined

E:\Software\WinRar\WinRar_Setup+KeyGen.rar a variant of Win32/Keygen.AI application deleted - quarantined

Please insert the usb drives as Autorun is now disabled then do not open them but rather right click on the drives and choose scan with Avast.

Let me know if it has a problem with doing that.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.