Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Computer Is Badly Infected


  • This topic is locked This topic is locked

#1
Black_Blood

Black_Blood

    New Member

  • Member
  • Pip
  • 7 posts
Hello, every one,

My computer is badly infected,

I am explaining the behavior of the virus what I have observed,

First of all,
when I boot my comp., at the password input field only the "1" , "m" and the "bksp" key is working, not others,

but the "bksp" key is working oppositely,
it is not deleting the characters from the end, but inserting some characters (i.e. I don't know which),

Thanks to my finger print sensor, without it I will be unable to logon to my computer at that situation.

My comp. starts normally, after startup when i press the "1" key (i.e. some times automatically) the virus starts visible working,

when I select an icon on my desktop with a mouse click or any other way it keeps selected even if I click on an empty space of my desktop,
and if I select an another icon the both keeps selected,

if I re-click on a pre-selected icon then it is deselected if not only one Icon is selected.

the "Esc" key is working like "WinKey", it is opening the start menu,

some times, when the chrome, firefox etc. are in focus the "f" key is working like "ctrl+f" , the "WinKey+r" is working like "F5" or "ctrl+r", the "o" key executing the open file dialog box like ctrl+o etc.

some times the virus corrupts the left and right arrow keys, they then works like some one have holed down the "ctrl" key, it's happens with "bksp" and "del" keys also,

the "bksp" delets the complete word from the right and the "del" key from the left,

When I "Shift Left Click" the folder or internet explorer etc. quick lunch icon on my task-bar, an UAC prompt pops-up and most importantly if I click "NO" on the UAC prompt the most keys usually starts working properly some times accept the "Esc" key and arrow keys,

but, the keyes get screwed again after pressing the "1" key,(i.e. some times automatically) [i am copy pasting the chr 1 for typing]

in the BOIS, boot menu (i.e. F8 key windows start-up(i.e I don't know the proper name)), etc. the enter key is not working, so I cannot make any change there.

the virus works in safe mode also.

I have done a full scan with a fully updated AVG Internet security 2011 but nothing found,

(I am using a laptop (Acer Aspire 4736) so I can not tel about numpad keyes)

-:The OTL LOG:-

OTL logfile created on: 8/7/2011 4:40:55 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\INDRAJIT\Documents\Downloads\Programs\OTL
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 67.78% Memory free
5.86 Gb Paging File | 4.45 Gb Available in Paging File | 75.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 15.77 Gb Free Space | 20.18% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 1.05 Gb Free Space | 1.34% Space Free | Partition Type: NTFS
Drive E: | 74.22 Gb Total Space | 27.81 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive F: | 67.60 Gb Total Space | 27.79 Gb Free Space | 41.11% Space Free | Partition Type: NTFS

Computer Name: INDRAJIT-PC | User Name: INDRAJIT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/06 19:11:14 | 000,797,607 | ---- | M] () -- C:\Windows\MyCMDToolsDir\BigMath\SLPrmtKill_1.1.exe
PRC - [2011/08/04 21:12:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\INDRAJIT\My Documents\Downloads\Programs\OTL\OTL.exe
PRC - [2011/05/07 22:54:51 | 003,220,912 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/04/28 19:20:28 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:33:04 | 000,580,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcfgex.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/01/13 20:35:12 | 000,091,136 | ---- | M] () -- C:\Program Files\BSNL 3G Data Card\BSNL 3G\Resource\MCtlSuc.exe
PRC - [2009/10/15 14:21:52 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/07/14 06:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/13 11:21:26 | 002,344,224 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/04/13 11:21:26 | 000,791,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/04/13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/03/25 15:29:10 | 003,441,152 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\BASVC.exe
PRC - [2009/03/25 15:28:58 | 003,346,944 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
PRC - [2008/08/26 11:32:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/08/04 21:12:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\INDRAJIT\My Documents\Downloads\Programs\OTL\OTL.exe
MOD - [2009/07/14 06:33:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (TWYCEUQMKX)
SRV - File not found [Disabled | Stopped] -- -- (ADGOYHVMWQ)
SRV - File not found [Disabled | Stopped] -- -- (A)
SRV - [2011/08/03 01:37:19 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/07/07 08:37:29 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/14 04:48:43 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/29 09:00:00 | 001,200,128 | ---- | M] (Southsoftware.com) [Auto | Stopped] -- C:\Users\INDRAJIT\Desktop\Down7\Soft7\All CMD TOOLS\Advanced Task Scheduler Professional\advschedulerpro\advscheduler_prosvc.exe -- (advschedulerpro)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/03/25 15:29:10 | 003,441,152 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008/08/26 11:32:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/01/06 17:06:22 | 000,005,632 | ---- | M] (Sysinternals) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\myfault.sys -- (MYFAULT)
DRV - [2010/12/18 05:19:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/29 13:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/04/12 14:14:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/12/14 16:03:28 | 000,106,880 | R--- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbvoice.sys -- (HSPADataCardusbvoice)
DRV - [2009/12/14 16:03:28 | 000,106,880 | R--- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2009/12/14 16:03:28 | 000,106,880 | R--- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2009/12/14 16:03:28 | 000,106,880 | R--- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2009/09/02 09:59:42 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 06:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 06:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 06:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 04:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 04:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 03:32:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/02/22 05:57:40 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/01/20 14:06:34 | 001,205,312 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/24 12:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/07/10 17:55:24 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/05/30 13:44:42 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/03/12 17:22:34 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007/04/27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/"
FF - prefs.js..extensions.enabledItems: {E6C93316-271E-4b3d-8D7E-FE11B4350AEB}:2.1.24
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:6.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.6
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.7
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: {992791ee-61dc-7b98-a8fd-dc49b7deeee9}:3.4.6
FF - prefs.js..extensions.enabledItems: {896b34a4-c83f-4ea7-8ef0-51ed7220ac94}:1.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.FilmFanatic.com/Plugin: C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll (Fun Web Products, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2011/07/08 23:45:48 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\INDRAJIT\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\INDRAJIT\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/06 16:43:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/10 14:09:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/10 14:09:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/24 18:42:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\INDRAJIT\AppData\Roaming\IDM\idmmzcc3 [2011/05/24 14:25:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\INDRAJIT\AppData\Roaming\IDM\idmmzcc3 [2011/05/24 14:25:20 | 000,000,000 | ---D | M]

[2011/01/24 04:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Extensions
[2011/01/24 04:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/06 17:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions
[2011/06/28 19:50:51 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2011/06/28 19:50:55 | 000,000,000 | ---D | M] (Chickenfoot) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}
[2011/03/26 11:31:44 | 000,000,000 | ---D | M] (TryAgain) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{992791ee-61dc-7b98-a8fd-dc49b7deeee9}
[2011/07/10 00:25:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/28 19:50:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/06/28 19:50:50 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011/05/23 03:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/06/10 10:41:51 | 000,000,000 | ---D | M] (Always on Top) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}
[2011/07/11 17:00:01 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011/05/27 17:34:39 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/12/18 06:03:08 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/05/23 03:05:36 | 000,000,000 | ---D | M] ("Personas Interactive") -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\[email protected]
[2010/12/21 18:10:54 | 000,000,000 | ---D | M] (HTML5 Extension for Windows Media Player Plug-in) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\[email protected]
[2011/08/06 17:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\staged-xpis
[2011/07/06 16:03:35 | 000,000,000 | ---D | M] (Hide IP Easy) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\[email protected]
[2011/06/28 19:50:45 | 000,000,000 | ---D | M] (Tab Scope) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\[email protected]
[2011/05/23 03:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\INDRAJIT\AppData\Roaming\Mozilla\Firefox\Profiles\s18rior1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/07/08 23:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/27 01:17:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/08 23:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/26 01:45:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/14 13:34:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/06 16:43:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/05/31 21:26:42 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2011/05/24 14:25:20 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\INDRAJIT\APPDATA\ROAMING\IDM\IDMMZCC3
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/25 01:33:39 | 000,000,886 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AVG.Tray.2011] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MCtlSuc] C:\Program Files\BSNL 3G Data Card\BSNL 3G\Resource\MCtlSuc.exe ()
O4 - HKLM..\Run: [Orbit] C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O4 - HKLM..\Run: [SLPrmtKil_Run] C:\Windows\MyCMDToolsDir\BigMath\SLPrmtKill_1.1.exe ()
O4 - HKCU..\Run: [Avro Keyboard] C:\Program Files\Avro Keyboard\Avro Keyboard.exe (OmicronLab)
O4 - HKCU..\Run: [Easy-Hide-IP] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [ISUSPM] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\INDRAJIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\INDRAJIT\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\INDRAJIT\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/12 20:05:46 | 000,000,026 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/30 13:41:15 | 000,000,026 | ---- | M] () - C:\AUTOEXEC.SYD -- [ NTFS ]
O33 - MountPoints2\{28a06fc2-2197-11e0-b7a3-00235af3704b}\Shell - "" = AutoRun
O33 - MountPoints2\{28a06fc2-2197-11e0-b7a3-00235af3704b}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{6080c669-2149-11e0-ad2d-00235af3704b}\Shell - "" = AutoRun
O33 - MountPoints2\{6080c669-2149-11e0-ad2d-00235af3704b}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\autorun.exe
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\autorun.exe
O33 - MountPoints2\P\Shell - "" = AutoRun
O33 - MountPoints2\P\Shell\AutoRun\command - "" = P:\autorun.exe
O33 - MountPoints2\Q\Shell - "" = AutoRun
O33 - MountPoints2\Q\Shell\AutoRun\command - "" = Q:\autorun.exe
O33 - MountPoints2\R\Shell - "" = AutoRun
O33 - MountPoints2\R\Shell\AutoRun\command - "" = R:\autorun.exe
O33 - MountPoints2\S\Shell - "" = AutoRun
O33 - MountPoints2\S\Shell\AutoRun\command - "" = S:\autorun.exe
O33 - MountPoints2\T\Shell - "" = AutoRun
O33 - MountPoints2\T\Shell\AutoRun\command - "" = T:\autorun.exe
O33 - MountPoints2\U\Shell - "" = AutoRun
O33 - MountPoints2\U\Shell\AutoRun\command - "" = U:\autorun.exe
O33 - MountPoints2\V\Shell - "" = AutoRun
O33 - MountPoints2\V\Shell\AutoRun\command - "" = V:\autorun.exe
O33 - MountPoints2\W\Shell - "" = AutoRun
O33 - MountPoints2\W\Shell\AutoRun\command - "" = W:\autorun.exe
O33 - MountPoints2\X\Shell - "" = AutoRun
O33 - MountPoints2\X\Shell\AutoRun\command - "" = X:\autorun.exe
O33 - MountPoints2\Y\Shell - "" = AutoRun
O33 - MountPoints2\Y\Shell\AutoRun\command - "" = Y:\autorun.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 04:32:17 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nufsoft
[2011/08/07 04:32:16 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\Documents\Nufsoft
[2011/08/07 04:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nufsoft
[2011/08/07 01:19:19 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\Documents\Graboid
[2011/08/07 00:46:05 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Local\Graboid_Inc
[2011/08/07 00:46:04 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Local\Graboid
[2011/08/07 00:46:01 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Local\Geckofx
[2011/08/07 00:45:48 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graboid Video
[2011/08/07 00:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video
[2011/08/07 00:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2011/07/29 03:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/07/25 02:18:48 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/07/21 22:01:49 | 000,014,368 | ---- | C] (DaloozaSoft) -- C:\Users\INDRAJIT\Desktop\AU3_Spy.exe
[2011/07/19 23:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Game Downloader
[2011/07/19 23:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Game Downloader
[2011/07/17 02:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/07/17 02:52:49 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metacafe
[2011/07/17 02:52:44 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Roaming\Metacafe
[2011/07/17 02:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Metacafe
[2011/07/17 02:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metacafe
[2011/07/17 02:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\Metacafe
[2011/07/16 21:40:37 | 005,548,544 | ---- | C] (Xequte Software) -- C:\Windows\xdclock.scr
[2011/07/16 21:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Clock Screen Saver
[2011/07/16 20:50:22 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2011/07/16 20:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenSavers
[2011/07/15 15:40:31 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Local\Chromium
[2011/07/13 20:25:41 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\Documents\AutoHotkey
[2011/07/13 20:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SciTE4AutoHotkey
[2011/07/12 00:44:45 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Local\Clavier+
[2011/07/12 00:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clavier+
[2011/07/10 18:38:27 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\Documents\BWMonitor
[2011/07/10 16:58:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Lightworks
[2011/07/10 16:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Lightworks
[2011/07/10 03:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2011/07/10 03:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\cladgenius.com
[2011/07/10 03:10:15 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2011/07/10 03:09:58 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLADGenius
[2011/07/10 03:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLADGenius
[2011/07/10 03:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\CLADGenius
[2011/07/10 02:45:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\{ff878a7966bfba18aa9ce7748175a6b9}
[2011/07/10 02:45:26 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfetch
[2011/07/10 02:45:21 | 000,000,000 | ---D | C] -- C:\Windows\Cyberfetch
[2011/07/10 02:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberfetch
[2011/07/10 01:30:26 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Roaming\TeraCopy
[2011/07/10 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Local\DVDVideoSoft_Ltd
[2011/07/10 00:25:43 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/07/10 00:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/07/10 00:24:11 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Roaming\DVDVideoSoft
[2011/07/10 00:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/07/10 00:23:33 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\Documents\DVDVideoSoft
[2011/07/10 00:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/07/09 20:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit
[2011/07/09 20:07:44 | 000,000,000 | ---D | C] -- C:\Users\INDRAJIT\AppData\Roaming\Subtitle Edit
[2011/07/09 20:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Subtitle Edit
[2011/07/09 17:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Goheer
[2011/07/09 09:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011/07/09 09:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/07/08 23:45:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/07/08 23:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/07/08 23:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/07 04:38:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-264050191-1187288900-871412891-1000UA.job
[2011/08/07 04:32:20 | 000,907,972 | ---- | M] () -- C:\Windows\Ace Pro Screensaver Creator Uninstaller.exe
[2011/08/07 03:50:02 | 000,013,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 03:50:02 | 000,013,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/07 03:49:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 02:51:56 | 000,002,388 | ---- | M] () -- C:\Users\INDRAJIT\Desktop\Google Chrome.lnk
[2011/08/07 00:45:49 | 000,001,244 | ---- | M] () -- C:\Users\INDRAJIT\Desktop\Graboid Video.lnk
[2011/08/07 00:45:22 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/08/07 00:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-INDRAJIT-PC_INDRAJIT.job
[2011/08/06 20:49:19 | 000,725,130 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/06 20:49:19 | 000,145,116 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/06 20:49:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/06 18:33:42 | 000,207,360 | ---- | M] () -- C:\Users\INDRAJIT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/06 15:54:10 | 127,161,113 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/08/06 15:49:08 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-264050191-1187288900-871412891-1000Core.job
[2011/08/06 11:49:47 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/08/06 11:49:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/06 11:49:37 | 2360,848,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/03 01:30:21 | 000,659,282 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/07/31 22:12:48 | 000,002,426 | ---- | M] () -- C:\Users\INDRAJIT\Desktop\ScreenRes_View.bat
[2011/07/31 16:34:40 | 000,007,051 | ---- | M] () -- C:\Users\INDRAJIT\Desktop\MButton.ahk
[2011/07/28 00:06:11 | 000,000,218 | ---- | M] () -- C:\Users\INDRAJIT\.recently-used.xbel
[2011/07/27 13:15:18 | 000,311,551 | ---- | M] () -- C:\Users\INDRAJIT\AppData\Local\census.cache
[2011/07/27 13:15:00 | 000,176,334 | ---- | M] () -- C:\Users\INDRAJIT\AppData\Local\ars.cache
[2011/07/27 00:14:06 | 000,119,494 | ---- | M] () -- C:\Users\INDRAJIT\Desktop\AVG_Full_Scan_Overview.csv
[2011/07/25 04:11:26 | 000,000,020 | ---- | M] () -- C:\Users\INDRAJIT\defogger_reenable
[2011/07/25 02:19:15 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/07/25 01:33:39 | 000,000,886 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/17 02:52:01 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Metacafe.lnk
[2011/07/16 21:40:38 | 000,001,633 | ---- | M] () -- C:\Windows\unins000.dat
[2011/07/16 21:40:29 | 000,667,978 | ---- | M] () -- C:\Windows\unins000.exe
[2011/07/16 14:22:21 | 000,001,827 | ---- | M] () -- C:\Users\INDRAJIT\Desktop\Locker+Unlocker+Takeown_Registry.reg
[2011/07/16 01:11:14 | 000,003,320 | ---- | M] () -- C:\Users\INDRAJIT\Desktop\My_gmail_Contacts_List.csv
[2011/07/14 16:47:28 | 000,002,513 | ---- | M] () -- C:\Users\INDRAJIT\Desktop\Gmail.lnk
[2011/07/13 20:24:59 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\SciTE4AutoHotkey.lnk
[2011/07/12 17:40:08 | 000,001,163 | ---- | M] () -- C:\Users\INDRAJIT\Desktop\BSNL 3G.lnk
[2011/07/10 20:18:09 | 000,156,871 | ---- | M] () -- C:\Users\INDRAJIT\Desktop\Firfox_bookmarks_backup2011-07-10.json
[2011/07/09 06:40:31 | 003,894,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/08 23:46:38 | 000,001,207 | ---- | M] () -- C:\Users\INDRAJIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/07 04:32:17 | 000,907,972 | ---- | C] () -- C:\Windows\Ace Pro Screensaver Creator Uninstaller.exe
[2011/08/07 00:45:49 | 000,001,244 | ---- | C] () -- C:\Users\INDRAJIT\Desktop\Graboid Video.lnk
[2011/08/07 00:45:22 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/08/03 02:33:19 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro Extended.lnk
[2011/08/03 02:33:19 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2011/08/03 02:33:19 | 000,002,252 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 3D Reviewer.lnk
[2011/07/31 16:34:15 | 000,007,051 | ---- | C] () -- C:\Users\INDRAJIT\Desktop\MButton.ahk
[2011/07/28 00:06:11 | 000,000,218 | ---- | C] () -- C:\Users\INDRAJIT\.recently-used.xbel
[2011/07/27 13:15:17 | 000,311,551 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Local\census.cache
[2011/07/27 13:15:00 | 000,176,334 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Local\ars.cache
[2011/07/27 00:14:06 | 000,119,494 | ---- | C] () -- C:\Users\INDRAJIT\Desktop\AVG_Full_Scan_Overview.csv
[2011/07/25 04:11:06 | 000,000,020 | ---- | C] () -- C:\Users\INDRAJIT\defogger_reenable
[2011/07/17 02:52:01 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Metacafe.lnk
[2011/07/16 21:40:37 | 000,667,978 | ---- | C] () -- C:\Windows\unins000.exe
[2011/07/16 21:40:37 | 000,001,633 | ---- | C] () -- C:\Windows\unins000.dat
[2011/07/16 01:11:57 | 000,003,320 | ---- | C] () -- C:\Users\INDRAJIT\Desktop\My_gmail_Contacts_List.csv
[2011/07/15 21:47:11 | 000,000,730 | ---- | C] () -- C:\Users\INDRAJIT\Desktop\Take Ownership__right click manu.reg
[2011/07/15 15:33:55 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-264050191-1187288900-871412891-1000UA.job
[2011/07/15 15:33:54 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-264050191-1187288900-871412891-1000Core.job
[2011/07/14 16:47:28 | 000,002,513 | ---- | C] () -- C:\Users\INDRAJIT\Desktop\Gmail.lnk
[2011/07/13 20:24:59 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\SciTE4AutoHotkey.lnk
[2011/07/12 17:40:08 | 000,001,163 | ---- | C] () -- C:\Users\INDRAJIT\Desktop\BSNL 3G.lnk
[2011/07/10 20:18:08 | 000,156,871 | ---- | C] () -- C:\Users\INDRAJIT\Desktop\Firfox_bookmarks_backup2011-07-10.json
[2011/07/08 23:46:38 | 000,001,207 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/07/08 23:37:12 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/07/06 02:57:00 | 000,002,544 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
[2011/07/06 02:57:00 | 000,001,248 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
[2011/07/06 02:28:15 | 000,000,062 | ---- | C] () -- C:\Windows\MyProg.ini
[2011/07/01 23:34:15 | 000,000,132 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/06/06 20:40:02 | 000,000,281 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Roaming\Network Meter_Settings.ini
[2011/05/18 02:15:51 | 000,000,049 | ---- | C] () -- C:\ProgramData\Keyboard Shortcut.ini
[2011/03/26 23:53:08 | 000,000,235 | ---- | C] () -- C:\Windows\Caligari.ini
[2011/03/23 01:26:36 | 000,000,050 | ---- | C] () -- C:\Windows\exescript.INI
[2011/02/15 20:01:51 | 000,000,089 | ---- | C] () -- C:\Windows\sme.INI
[2011/02/12 01:54:09 | 000,000,088 | RHS- | C] () -- C:\ProgramData\401713ACE3.sys
[2011/02/12 01:54:08 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/02/07 22:55:46 | 000,000,000 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Roaming\downloads.m3u
[2011/02/06 06:13:17 | 000,000,000 | ---- | C] () -- C:\Windows\WINAT.INI
[2011/02/04 21:27:58 | 000,000,132 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/02/01 17:12:47 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ctrldll.dll
[2011/02/01 17:12:47 | 000,032,768 | ---- | C] () -- C:\Windows\System32\rmctrl.exe
[2011/01/31 16:51:15 | 000,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2011/01/24 03:16:09 | 000,000,000 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Roaming\.googlewebacchosts
[2011/01/19 03:23:36 | 000,028,826 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Roaming\UserTile.png
[2011/01/13 19:26:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\srvsec.exe
[2011/01/13 19:26:07 | 000,049,152 | ---- | C] () -- C:\Windows\System32\CheckTCP.exe
[2011/01/13 19:26:07 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Sleep.exe
[2011/01/13 19:26:07 | 000,040,960 | ---- | C] () -- C:\Windows\System32\FileReplace.exe
[2011/01/13 19:26:07 | 000,032,768 | ---- | C] () -- C:\Windows\System32\logofdel.exe
[2011/01/08 05:22:02 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2010/12/28 18:13:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/12/26 03:38:30 | 000,015,535 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Roaming\MWCS.Dr_Batcher.Settings.xml
[2010/12/23 07:07:00 | 000,015,360 | ---- | C] () -- C:\Windows\System32\SOON.EXE
[2010/12/21 04:09:18 | 000,000,241 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Roaming\default.rss
[2010/11/16 17:26:14 | 000,000,000 | ---- | C] () -- C:\Windows\WaterIllusion.ini
[2010/09/02 00:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/06 22:20:27 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/08/05 18:34:56 | 000,007,639 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Local\Resmon.ResmonCfg
[2010/08/05 03:00:03 | 000,173,292 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010/08/05 03:00:03 | 000,001,016 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/08/05 03:00:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010/08/05 03:00:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010/08/05 03:00:03 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/08/05 03:00:03 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/08/05 02:15:28 | 000,207,360 | ---- | C] () -- C:\Users\INDRAJIT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/09 15:21:02 | 000,066,560 | ---- | C] () -- C:\Windows\System32\ntrights.exe
[2009/10/05 15:09:42 | 001,658,973 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2009/10/05 15:09:42 | 000,122,880 | ---- | C] () -- C:\Windows\System32\PtSSE2.dll
[2009/10/05 15:09:42 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/19 23:34:13 | 000,001,846 | ---- | C] () -- C:\Windows\System32\swfdown.sys
[2009/07/14 10:27:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:03:53 | 003,894,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 07:35:48 | 000,725,130 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 07:35:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 07:35:48 | 000,145,116 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 07:35:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 07:35:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 07:34:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 05:49:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 05:25:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 05:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 03:39:19 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/07/14 03:39:19 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/07/14 03:39:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/14 03:39:19 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/06/11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/09/11 17:31:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/09/09 15:08:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll
[2008/09/09 15:08:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/05/22 00:16:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008/03/12 17:22:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

========== LOP Check ==========

[2011/05/08 04:49:11 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Acapela Group
[2011/06/19 00:17:01 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\AnvSoft
[2011/02/09 17:22:24 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Ashampoo
[2011/07/07 08:35:10 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Autodesk
[2011/06/16 23:13:19 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\AVG10
[2011/05/23 03:12:53 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\AVG9
[2011/02/12 03:25:25 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Avid
[2010/08/05 16:17:10 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Axialis
[2011/06/12 12:48:35 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\BitTorrent
[2011/03/27 00:57:43 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\BitZipper
[2011/02/11 16:30:43 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/18 13:38:33 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\DAEMON Tools Pro
[2011/01/06 12:55:42 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Dev-Cpp
[2011/08/06 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\DMCache
[2011/07/10 01:16:09 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\DVDVideoSoft
[2011/07/10 00:25:43 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/21 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\EgisTec
[2011/06/03 01:01:43 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\enchant
[2010/12/22 14:41:13 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\ESET
[2011/06/12 02:51:32 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\EurekaLog
[2011/07/28 00:06:11 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\gedit
[2011/06/06 04:59:42 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\GetRightToGo
[2011/06/01 01:42:11 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\GrabPro
[2011/07/03 15:02:41 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\gtk-2.0
[2011/07/06 03:17:41 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\HideIPEasy
[2011/07/17 01:01:42 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\IDM
[2011/02/09 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\JP Software
[2010/12/25 21:04:04 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Likno Software
[2011/03/26 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Lingoes
[2011/06/16 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Logia
[2011/07/16 17:11:15 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Maxthon3
[2011/07/19 23:19:46 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Metacafe
[2011/05/30 20:04:17 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Nokia
[2011/05/04 18:15:12 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Notepad++
[2011/03/27 01:19:21 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\OpenOffice.org
[2011/08/07 02:54:49 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Orbit
[2011/02/12 03:25:12 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\PACE Anti-Piracy
[2011/05/30 19:54:22 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\PC Suite
[2011/03/12 01:31:33 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\PeerNetworking
[2011/05/31 21:26:52 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\ProgSense
[2011/01/14 04:08:56 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Safrad
[2011/02/10 04:42:57 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/09 20:17:00 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Subtitle Edit
[2010/12/30 04:19:48 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Subversion
[2011/07/15 10:50:37 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\TeraCopy
[2011/01/08 04:15:49 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Thinstall
[2011/01/24 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Thunderbird
[2011/08/07 02:53:56 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\uTorrent
[2010/08/05 02:15:24 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Win7codecs
[2011/03/27 00:27:28 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Wings3D
[2010/08/05 02:48:17 | 000,000,000 | ---D | M] -- C:\Users\INDRAJIT\AppData\Roaming\Xilisoft
[2011/07/06 15:48:50 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/06/21 14:51:25 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:BFE23423
@Alternate Data Stream - 1067 bytes -> C:\Users\INDRAJIT\Cookies:O8eGR2OprCGUC0gcQ5wYzGwB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:8DEC8FEC

< End of report >


Can any one tell me how to remove the virus
Please help me

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Black_Blood and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (TWYCEUQMKX)
    SRV - File not found [Disabled | Stopped] -- -- (ADGOYHVMWQ)
    SRV - File not found [Disabled | Stopped] -- -- (A)
    O33 - MountPoints2\{28a06fc2-2197-11e0-b7a3-00235af3704b}\Shell - "" = AutoRun
    O33 - MountPoints2\{28a06fc2-2197-11e0-b7a3-00235af3704b}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\{6080c669-2149-11e0-ad2d-00235af3704b}\Shell - "" = AutoRun
    O33 - MountPoints2\{6080c669-2149-11e0-ad2d-00235af3704b}\Shell\AutoRun\command - "" = J:\AutoRun.exe
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe
    O33 - MountPoints2\J\Shell - "" = AutoRun
    O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup.exe
    O33 - MountPoints2\K\Shell - "" = AutoRun
    O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe
    O33 - MountPoints2\L\Shell - "" = AutoRun
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe
    O33 - MountPoints2\M\Shell - "" = AutoRun
    O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe
    O33 - MountPoints2\N\Shell - "" = AutoRun
    O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\autorun.exe
    O33 - MountPoints2\O\Shell - "" = AutoRun
    O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\autorun.exe
    O33 - MountPoints2\P\Shell - "" = AutoRun
    O33 - MountPoints2\P\Shell\AutoRun\command - "" = P:\autorun.exe
    O33 - MountPoints2\Q\Shell - "" = AutoRun
    O33 - MountPoints2\Q\Shell\AutoRun\command - "" = Q:\autorun.exe
    O33 - MountPoints2\R\Shell - "" = AutoRun
    O33 - MountPoints2\R\Shell\AutoRun\command - "" = R:\autorun.exe
    O33 - MountPoints2\S\Shell - "" = AutoRun
    O33 - MountPoints2\S\Shell\AutoRun\command - "" = S:\autorun.exe
    O33 - MountPoints2\T\Shell - "" = AutoRun
    O33 - MountPoints2\T\Shell\AutoRun\command - "" = T:\autorun.exe
    O33 - MountPoints2\U\Shell - "" = AutoRun
    O33 - MountPoints2\U\Shell\AutoRun\command - "" = U:\autorun.exe
    O33 - MountPoints2\V\Shell - "" = AutoRun
    O33 - MountPoints2\V\Shell\AutoRun\command - "" = V:\autorun.exe
    O33 - MountPoints2\W\Shell - "" = AutoRun
    O33 - MountPoints2\W\Shell\AutoRun\command - "" = W:\autorun.exe
    O33 - MountPoints2\X\Shell - "" = AutoRun
    O33 - MountPoints2\X\Shell\AutoRun\command - "" = X:\autorun.exe
    O33 - MountPoints2\Y\Shell - "" = AutoRun
    O33 - MountPoints2\Y\Shell\AutoRun\command - "" = Y:\autorun.exe
    O33 - MountPoints2\Z\Shell - "" = AutoRun
    O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\autorun.exe
    [2011/02/12 01:54:09 | 000,000,088 | RHS- | C] () -- C:\ProgramData\401713ACE3.sys
    [2011/02/12 01:54:08 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    @Alternate Data Stream - 1067 bytes -> C:\Users\INDRAJIT\Cookies:O8eGR2OprCGUC0gcQ5wYzGwB

    :Files
    C:\Windows\Tasks\At*.job

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.


Step 3


Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 4

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 5

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
Black_Blood

Black_Blood

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hllow, maliprog, thank you vary vary much for your reply,

I have done everything what you instructed to do except the GMER because I found it takes really vary long time, I have attempted 3 times to scane with it,

on the last attempt, I started scan with it at 1:00 am 10/8/11 (Indian standard time - IST) after approx. 10 hour I found it slows down my comp. vary hugely

and it is taking approx. 1 second par file and a huge amount of file is still in there to be scanned, at approx. 1:35 I decided to stop it and save and post what is have scanned till now because of your time limit of reply.

first of all the OTL Fix Log



All processes killed
========== OTL ==========
Service TWYCEUQMKX stopped successfully!
Service TWYCEUQMKX deleted successfully!
Service ADGOYHVMWQ stopped successfully!
Service ADGOYHVMWQ deleted successfully!
Service A stopped successfully!
Service A deleted successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28a06fc2-2197-11e0-b7a3-00235af3704b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28a06fc2-2197-11e0-b7a3-00235af3704b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28a06fc2-2197-11e0-b7a3-00235af3704b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28a06fc2-2197-11e0-b7a3-00235af3704b}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6080c669-2149-11e0-ad2d-00235af3704b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6080c669-2149-11e0-ad2d-00235af3704b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6080c669-2149-11e0-ad2d-00235af3704b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6080c669-2149-11e0-ad2d-00235af3704b}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
File M:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\ not found.
File N:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O\ not found.
File O:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\ not found.
File P:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Q\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Q\ not found.
File Q:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\R\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\R\ not found.
File R:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S\ not found.
File S:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\T\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\T\ not found.
File T:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\U\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\U\ not found.
File U:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\V\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\V\ not found.
File V:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\W\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\W\ not found.
File W:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\ not found.
File X:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Y\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Y\ not found.
File Y:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ not found.
File Z:\autorun.exe not found.
C:\ProgramData\401713ACE3.sys moved successfully.
C:\ProgramData\KGyGaAvL.sys moved successfully.
Unable to delete ADS C:\Users\INDRAJIT\Cookies:O8eGR2OprCGUC0gcQ5wYzGwB .
========== FILES ==========
C:\Windows\Tasks\At1.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: INDRAJIT
->Temp folder emptied: 908749658 bytes
->Temporary Internet Files folder emptied: 186655192 bytes
->Java cache emptied: 723468 bytes
->FireFox cache emptied: 100916687 bytes
->Google Chrome cache emptied: 242314208 bytes
->Apple Safari cache emptied: 2513920 bytes
->Flash cache emptied: 73720 bytes

User: Other
->Temp folder emptied: 84933 bytes
->Temporary Internet Files folder emptied: 128424 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3653405 bytes
->Flash cache emptied: 56502 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10486053 bytes
RecycleBin emptied: 20246267 bytes

Total Files Cleaned = 1,408.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: INDRAJIT
->Flash cache emptied: 0 bytes

User: Other
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08082011_185646

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
Black_Blood

Black_Blood

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The GMER Result log


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-11 13:37:50
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: git4j6n9.exe; Driver: C:\Users\INDRAJIT\AppData\Local\Temp\kxloikob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xC3CA07A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xC3CA0848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xC3CA08E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xC3CA0980]

INT 0x52 ? AAA192D8
INT 0x61 ? ACF1B7D8
INT 0x62 ? AB5F0A58
INT 0x71 ? ACF1BA58
INT 0x72 ? AAA19558
INT 0x82 ? AB5F0558
INT 0x92 ? AAA19A58
INT 0xA2 ? AB5F07D8
INT 0xB0 ? AB5F0CD8
INT 0xB1 ? AAA19CD8
INT 0xB2 ? ACF1B558

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD E2E94579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E2EB8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 E2EC09E8 4 Bytes [A0, 07, CA, C3]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 E2EC0CB8 4 Bytes [48, 08, CA, C3] {DEC EAX; OR DL, CL; RET }
.text ntkrnlpa.exe!RtlSidHashLookup + 7BD E2EC0CBD 3 Bytes [08, CA, C3] {OR DL, CL; RET }
.text ntkrnlpa.exe!RtlSidHashLookup + 82C E2EC0D2C 4 Bytes [80, 09, CA, C3] {OR BYTE [ECX], 0xca; RET }
PAGE peauth.sys C3CC002C 102 Bytes JMP 8577158A
PAGE spsys.sys![email protected]@3PADA + 4F90 C5AA4000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys![email protected]@3PADA + 50B3 C5AA4123 629 Bytes [F5, A9, C5, FE, 05, 34, F5, ...]
PAGE spsys.sys![email protected]@3PADA + 5329 C5AA4399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys![email protected]@3PADA + 538F C5AA43FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys![email protected]@3PADA + 543B C5AA44AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [71AE250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [71AE2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [71AC5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [71AC56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [71AD8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [71AD4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [71AD50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [71AD51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [71AD66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [71AD82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [71AD8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [71AD907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [71ADE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3888] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [71AD4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556fafb96
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xB2 0xAF 0x19 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xAD 0x9F 0x10 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x8F 0x77 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xE4 0xB3 0xB7 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556fafb96 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xB2 0xAF 0x19 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xAD 0x9F 0x10 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x8F 0x77 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xE4 0xB3 0xB7 0x3D ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\[email protected]:catalog:LastCatalogCrawlId 212
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\213
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 6
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 213
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\My All Drawings & Datas\My All Softwares\Recent_Down\AcerArcadeDe\x200bluxeVista\x200b-v2.0\x200b.5105\Arcade Deluxe\setup.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\Soft7\eset anti_virus_and_anti_spyware\ESET NOD32 Antivirus & ESET Smart Security v.4.2.67.10 Final \xae\ESET Uninstaller\ESETUninstaller.exe 1

---- Files - GMER 1.0.15 ----

File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\BOLLYWOOD SEX. Nude Bollywood Stars and Indian models sex and porn pictures\BOLLYWOOD SEX. Nude Bollywood Stars and Indian models sex and porn pictures_files\piclist_data\netError.css 2452 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\GSSSM_rltlngRelatedlanguages.gif 418 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\ac.js 25604 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\bing_logo_white.png 712 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\branding.css 17744 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\branding.js 6429 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\close.png 287 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\CorporatePromoSpot.css 3200 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\CorporatePromoSpot.js 12054 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\CPS_IE_icon.png 1593 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\default.css 65704 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\default.gif 43 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\default.js 24724 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\gsfx_brnd_ms_logo_sml_blk.png 1479 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\help_icon_48x48.png 75395 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\IE8_BG-img.png 13101 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\IE8_btn-up.png 1298 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\IE8_close-btn_up.png 210 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\Information.png 2779 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\jquery-1.2.6.js 58737 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\kb.js 26648 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\njs.gif 67 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\onepix.gif 43 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\override.css 632 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\search.js 21979 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\ss_live_button.png 548 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\stickypanel.css 2278 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\stickypanel.js 2942 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\survey.js 49201 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\surveycookieutil.js 1651 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\surveytrigger.css 485 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\surveytrigger.js 13182 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\uparrow.gif 827 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\wtCore.js 12299 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\wtInit.js 577 bytes
File E:\###-my_all_created_C_files_destination\###_My_All_desktop_Bak\Down7\BOOKS\Books.vista\DEP\A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003_files\XmlContent.css 33962 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#5
Black_Blood

Black_Blood

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The TDSSKiller Rport:-


2011/08/10 12:45:10.0218 4940 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/10 12:45:10.0252 4940 ================================================================================
2011/08/10 12:45:10.0252 4940 SystemInfo:
2011/08/10 12:45:10.0252 4940
2011/08/10 12:45:10.0252 4940 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/10 12:45:10.0252 4940 Product type: Workstation
2011/08/10 12:45:10.0252 4940 ComputerName: INDRAJIT-PC
2011/08/10 12:45:10.0252 4940 UserName: INDRAJIT
2011/08/10 12:45:10.0252 4940 Windows directory: C:\Windows
2011/08/10 12:45:10.0252 4940 System windows directory: C:\Windows
2011/08/10 12:45:10.0252 4940 Processor architecture: Intel x86
2011/08/10 12:45:10.0252 4940 Number of processors: 2
2011/08/10 12:45:10.0252 4940 Page size: 0x1000
2011/08/10 12:45:10.0252 4940 Boot type: Normal boot
2011/08/10 12:45:10.0252 4940 ================================================================================
2011/08/10 12:45:11.0678 4940 Initialize success
2011/08/10 12:45:30.0425 4996 ================================================================================
2011/08/10 12:45:30.0425 4996 Scan started
2011/08/10 12:45:30.0425 4996 Mode: Manual;
2011/08/10 12:45:30.0425 4996 ================================================================================
2011/08/10 12:45:31.0207 4996 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/10 12:45:31.0278 4996 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/10 12:45:31.0322 4996 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/10 12:45:31.0398 4996 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/10 12:45:31.0432 4996 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/10 12:45:31.0468 4996 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/10 12:45:31.0547 4996 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/08/10 12:45:31.0641 4996 AgereSoftModem (724262247645120a28c2743b7278a91a) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/08/10 12:45:31.0710 4996 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/10 12:45:31.0762 4996 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/10 12:45:31.0841 4996 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\drivers\AlfaFF.sys
2011/08/10 12:45:31.0907 4996 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/10 12:45:31.0942 4996 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/08/10 12:45:31.0972 4996 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/10 12:45:32.0015 4996 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/10 12:45:32.0055 4996 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/10 12:45:32.0100 4996 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/10 12:45:32.0146 4996 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/10 12:45:32.0183 4996 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/10 12:45:32.0223 4996 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/08/10 12:45:32.0283 4996 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/10 12:45:32.0325 4996 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/10 12:45:32.0407 4996 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/10 12:45:32.0440 4996 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/10 12:45:32.0480 4996 ATSWPDRV (73742099982cf514512e1941f2862c33) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2011/08/10 12:45:32.0605 4996 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2011/08/10 12:45:32.0655 4996 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/10 12:45:32.0691 4996 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/08/10 12:45:32.0712 4996 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/10 12:45:32.0744 4996 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/08/10 12:45:32.0816 4996 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/08/10 12:45:32.0857 4996 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/08/10 12:45:32.0934 4996 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/08/10 12:45:32.0989 4996 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/08/10 12:45:33.0085 4996 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/10 12:45:33.0142 4996 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/10 12:45:33.0204 4996 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/10 12:45:33.0251 4996 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/10 12:45:33.0312 4996 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/10 12:45:33.0341 4996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/10 12:45:33.0371 4996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/10 12:45:33.0409 4996 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/10 12:45:33.0454 4996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/10 12:45:33.0485 4996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/10 12:45:33.0510 4996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/10 12:45:33.0577 4996 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/10 12:45:33.0605 4996 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/10 12:45:33.0634 4996 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/10 12:45:33.0694 4996 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/08/10 12:45:33.0757 4996 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/10 12:45:33.0809 4996 btwaudio (f97a9c093e79bf117d9f26f2d31dca5e) C:\Windows\system32\drivers\btwaudio.sys
2011/08/10 12:45:33.0849 4996 btwavdt (143c4c1ee6d131eca8b4ab5f80b3f910) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/08/10 12:45:33.0905 4996 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/08/10 12:45:33.0954 4996 btwrchid (97cf6c5d3b443344497f1f53e5d0ed50) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/10 12:45:34.0004 4996 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/10 12:45:34.0049 4996 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/10 12:45:34.0095 4996 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/10 12:45:34.0145 4996 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/10 12:45:34.0192 4996 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/10 12:45:34.0224 4996 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/10 12:45:34.0259 4996 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/10 12:45:34.0322 4996 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/10 12:45:34.0375 4996 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/10 12:45:34.0429 4996 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/10 12:45:34.0499 4996 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/08/10 12:45:34.0555 4996 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/08/10 12:45:34.0586 4996 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/10 12:45:34.0632 4996 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/10 12:45:34.0699 4996 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/10 12:45:34.0746 4996 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/10 12:45:34.0837 4996 eamonm (73ce42907cf42bfb91bcd27fe7c7a7af) C:\Windows\system32\DRIVERS\eamonm.sys
2011/08/10 12:45:34.0982 4996 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/10 12:45:35.0132 4996 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/10 12:45:35.0171 4996 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/10 12:45:35.0221 4996 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/10 12:45:35.0256 4996 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/10 12:45:35.0306 4996 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/10 12:45:35.0351 4996 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/10 12:45:35.0379 4996 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/10 12:45:35.0407 4996 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/10 12:45:35.0445 4996 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/10 12:45:35.0479 4996 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/10 12:45:35.0504 4996 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/10 12:45:35.0555 4996 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/10 12:45:35.0605 4996 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/10 12:45:35.0671 4996 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/10 12:45:35.0725 4996 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/08/10 12:45:35.0780 4996 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/10 12:45:35.0812 4996 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/10 12:45:35.0852 4996 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/10 12:45:35.0900 4996 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/10 12:45:35.0952 4996 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/10 12:45:36.0012 4996 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/10 12:45:36.0071 4996 HSPADataCardusbmdm (69cfe473434102d3fb12dbc7fda0d2a7) C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys
2011/08/10 12:45:36.0109 4996 HSPADataCardusbnmea (69cfe473434102d3fb12dbc7fda0d2a7) C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys
2011/08/10 12:45:36.0189 4996 HSPADataCardusbser (69cfe473434102d3fb12dbc7fda0d2a7) C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys
2011/08/10 12:45:36.0240 4996 HSPADataCardusbvoice (69cfe473434102d3fb12dbc7fda0d2a7) C:\Windows\system32\DRIVERS\HSPADataCardusbvoice.sys
2011/08/10 12:45:36.0307 4996 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/08/10 12:45:36.0386 4996 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/08/10 12:45:36.0424 4996 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/10 12:45:36.0487 4996 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/10 12:45:36.0541 4996 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/08/10 12:45:36.0735 4996 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/10 12:45:36.0909 4996 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/10 12:45:36.0966 4996 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2011/08/10 12:45:37.0039 4996 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/10 12:45:37.0080 4996 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/10 12:45:37.0125 4996 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/10 12:45:37.0155 4996 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/10 12:45:37.0190 4996 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/10 12:45:37.0235 4996 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/10 12:45:37.0267 4996 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/10 12:45:37.0307 4996 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/10 12:45:37.0360 4996 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/10 12:45:37.0401 4996 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/10 12:45:37.0432 4996 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/10 12:45:37.0469 4996 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/10 12:45:37.0522 4996 L1C (f1a0fecbf3b510006abbbc2fd6b7a7c1) C:\Windows\system32\DRIVERS\L1C60x86.sys
2011/08/10 12:45:37.0594 4996 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/10 12:45:37.0649 4996 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/10 12:45:37.0684 4996 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/10 12:45:37.0724 4996 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/10 12:45:37.0744 4996 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/10 12:45:37.0782 4996 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/10 12:45:37.0822 4996 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/10 12:45:37.0857 4996 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/10 12:45:37.0915 4996 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/10 12:45:37.0956 4996 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/10 12:45:37.0985 4996 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/10 12:45:38.0025 4996 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/10 12:45:38.0052 4996 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/08/10 12:45:38.0095 4996 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/10 12:45:38.0135 4996 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/10 12:45:38.0189 4996 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/10 12:45:38.0237 4996 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/10 12:45:38.0269 4996 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/10 12:45:38.0305 4996 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/10 12:45:38.0337 4996 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/10 12:45:38.0357 4996 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/10 12:45:38.0414 4996 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/10 12:45:38.0435 4996 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/10 12:45:38.0461 4996 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/10 12:45:38.0526 4996 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/10 12:45:38.0552 4996 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/10 12:45:38.0581 4996 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/10 12:45:38.0615 4996 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/10 12:45:38.0647 4996 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/10 12:45:38.0685 4996 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/10 12:45:38.0722 4996 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/10 12:45:38.0752 4996 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/10 12:45:38.0820 4996 MYFAULT (db9706482eba73c4981cd718089b830d) C:\Windows\system32\drivers\myfault.sys
2011/08/10 12:45:38.0879 4996 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/10 12:45:38.0944 4996 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/08/10 12:45:39.0004 4996 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/10 12:45:39.0045 4996 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/10 12:45:39.0084 4996 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/10 12:45:39.0112 4996 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/10 12:45:39.0147 4996 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/08/10 12:45:39.0172 4996 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/10 12:45:39.0200 4996 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/10 12:45:39.0409 4996 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/08/10 12:45:39.0587 4996 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/10 12:45:39.0630 4996 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/10 12:45:39.0667 4996 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/10 12:45:39.0734 4996 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/08/10 12:45:39.0792 4996 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/10 12:45:39.0844 4996 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/08/10 12:45:39.0881 4996 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/08/10 12:45:39.0904 4996 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/10 12:45:39.0947 4996 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/10 12:45:40.0014 4996 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/10 12:45:40.0036 4996 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/08/10 12:45:40.0064 4996 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/10 12:45:40.0149 4996 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/08/10 12:45:40.0184 4996 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/10 12:45:40.0221 4996 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/10 12:45:40.0260 4996 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/10 12:45:40.0306 4996 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/10 12:45:40.0425 4996 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/10 12:45:40.0465 4996 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/10 12:45:40.0534 4996 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/10 12:45:40.0606 4996 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/10 12:45:40.0694 4996 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/10 12:45:40.0737 4996 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/10 12:45:40.0777 4996 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/10 12:45:40.0835 4996 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/10 12:45:40.0881 4996 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/10 12:45:40.0925 4996 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/10 12:45:40.0974 4996 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/10 12:45:41.0010 4996 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/10 12:45:41.0035 4996 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/10 12:45:41.0064 4996 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/10 12:45:41.0105 4996 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/08/10 12:45:41.0151 4996 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/10 12:45:41.0180 4996 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/10 12:45:41.0221 4996 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/08/10 12:45:41.0280 4996 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/08/10 12:45:41.0349 4996 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/10 12:45:41.0436 4996 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/08/10 12:45:41.0507 4996 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/10 12:45:41.0564 4996 RSUSBSTOR (f9541f3b59da30423f2f76ef443c07fc) C:\Windows\system32\Drivers\RtsUStor.sys
2011/08/10 12:45:41.0600 4996 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/08/10 12:45:41.0654 4996 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/10 12:45:41.0727 4996 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/08/10 12:45:41.0749 4996 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/10 12:45:41.0816 4996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/10 12:45:41.0907 4996 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\Windows\System32\Drivers\SENTINEL.SYS
2011/08/10 12:45:41.0945 4996 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/10 12:45:41.0976 4996 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/10 12:45:42.0017 4996 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/10 12:45:42.0077 4996 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/10 12:45:42.0096 4996 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/10 12:45:42.0141 4996 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/10 12:45:42.0166 4996 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/10 12:45:42.0211 4996 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/08/10 12:45:42.0239 4996 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/10 12:45:42.0274 4996 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/10 12:45:42.0326 4996 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/10 12:45:42.0394 4996 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/10 12:45:42.0492 4996 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/08/10 12:45:42.0594 4996 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2011/08/10 12:45:42.0637 4996 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/10 12:45:42.0667 4996 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/10 12:45:42.0721 4996 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/10 12:45:42.0765 4996 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/08/10 12:45:42.0795 4996 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/08/10 12:45:42.0825 4996 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/10 12:45:42.0929 4996 SynTP (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/10 12:45:43.0004 4996 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/08/10 12:45:43.0096 4996 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/10 12:45:43.0144 4996 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/10 12:45:43.0179 4996 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/08/10 12:45:43.0209 4996 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/08/10 12:45:43.0245 4996 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/10 12:45:43.0272 4996 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/10 12:45:43.0342 4996 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/10 12:45:43.0390 4996 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/10 12:45:43.0421 4996 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/10 12:45:43.0464 4996 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/10 12:45:43.0516 4996 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/10 12:45:43.0561 4996 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/10 12:45:43.0597 4996 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/10 12:45:43.0679 4996 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/10 12:45:43.0711 4996 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/10 12:45:43.0750 4996 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/10 12:45:43.0779 4996 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/10 12:45:43.0812 4996 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/10 12:45:43.0839 4996 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/10 12:45:43.0870 4996 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/10 12:45:43.0894 4996 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/10 12:45:43.0945 4996 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/10 12:45:43.0997 4996 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/10 12:45:44.0034 4996 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/10 12:45:44.0064 4996 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/10 12:45:44.0105 4996 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/10 12:45:44.0174 4996 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/08/10 12:45:44.0206 4996 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/10 12:45:44.0240 4996 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/10 12:45:44.0279 4996 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/08/10 12:45:44.0309 4996 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/08/10 12:45:44.0339 4996 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/10 12:45:44.0367 4996 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/10 12:45:44.0404 4996 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/10 12:45:44.0460 4996 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/10 12:45:44.0497 4996 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/08/10 12:45:44.0550 4996 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/10 12:45:44.0587 4996 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/10 12:45:44.0602 4996 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/10 12:45:44.0659 4996 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/10 12:45:44.0705 4996 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/10 12:45:44.0792 4996 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/10 12:45:44.0831 4996 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/10 12:45:44.0925 4996 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/10 12:45:44.0982 4996 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/10 12:45:45.0034 4996 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/08/10 12:45:45.0081 4996 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/10 12:45:45.0151 4996 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/10 12:45:45.0162 4996 Boot (0x1200) (28b68433bb074d5d6d30252c9ea59c52) \Device\Harddisk0\DR0\Partition0
2011/08/10 12:45:45.0199 4996 Boot (0x1200) (31b52450fb3a5333555b1ce0434784ca) \Device\Harddisk0\DR0\Partition1
2011/08/10 12:45:45.0231 4996 Boot (0x1200) (b99262aea4f162f6a7fa78cd21ec234f) \Device\Harddisk0\DR0\Partition2
2011/08/10 12:45:45.0257 4996 Boot (0x1200) (dbb92786d3d21c44460ce1b6f8b74fe5) \Device\Harddisk0\DR0\Partition3
2011/08/10 12:45:45.0264 4996 ================================================================================
2011/08/10 12:45:45.0265 4996 Scan finished
2011/08/10 12:45:45.0265 4996 ================================================================================
2011/08/10 12:45:45.0277 3324 Detected object count: 0
2011/08/10 12:45:45.0279 3324 Actual detected object count: 0
2011/08/10 12:48:27.0570 3776 Deinitialize success
  • 0

#6
Black_Blood

Black_Blood

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The aswMBR.exe Log:-


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-10 13:02:27
-----------------------------
13:02:27.795 OS Version: Windows 6.1.7600
13:02:27.795 Number of processors: 2 586 0x170A
13:02:27.798 ComputerName: INDRAJIT-PC UserName: INDRAJIT
13:02:29.155 Initialize success
13:28:52.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:28:52.761 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11
13:28:54.802 Disk 0 MBR read successfully
13:28:54.808 Disk 0 MBR scan
13:28:54.812 Disk 0 Windows 7 default MBR code
13:28:54.820 Disk 0 scanning sectors +625121280
13:28:54.892 Disk 0 scanning C:\Windows\system32\drivers
13:29:02.862 Service scanning
13:29:04.695 Modules scanning
13:29:10.468 Disk 0 trace - called modules:
13:29:10.491 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
13:29:10.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xaaf21030]
13:29:10.501 3 CLASSPNP.SYS[b099659e] -> nt!IofCallDriver -> [0xaaa2a938]
13:29:10.506 5 ACPI.sys[b04ad3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xaae17908]
13:29:10.514 Scan finished successfully
13:29:42.971 Disk 0 MBR has been saved successfully to "C:\Users\INDRAJIT\Documents\Downloads\Programs\OTL_G2G\aswMBR.exe_G2G\MBR.dat"
13:29:42.984 The log file has been saved successfully to "C:\Users\INDRAJIT\Documents\Downloads\Programs\OTL_G2G\aswMBR.exe_G2G\aswMBR.txt"

Edited by Black_Blood, 11 August 2011 - 02:42 AM.

  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Black_Blood,

Before we continue can you tell me how is your system now and problems you have.
  • 0

#8
Black_Blood

Black_Blood

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, maliprog,
My system working better then before (i.e. better then the viral time),
Now I can type the password in windows login password prompt,
I am using keyboard to type the "1" key without any problem,
All keys are working well in BOIS, boot menu etc.

But some new problems are arriving,

I found that some times the show hidden files and folder and hide extensions for known file types check boxes in the folder options dlg. is automatically checked.

If I uncheck them, they become rechecked, sometimes immediately and sometimes not.

The file right click menu is changed to XP style like ashy background with blue highlight.

Some times (vary oftenly) right click menu do not appears, and cursor blinks vary fast when typing in somewhere.
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Black_Blood,

OK. Main infection is cleaned. Let's see if anything is left. Be aware that Dr.Web sometimes takes long time to finish the scan, depending on system speed and number of files.

Step 1

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Complete scan sometimes takes up to 3 hours to finish so please be patient.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Step 3

Please don't forget to include these items in your reply:

  • Malwarebytes log
  • Dr.Web log
It would be helpful if you could post each log in separate post
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP