• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
lokesh

c: windows system32 alka958.dll error

28 posts in this topic

Hi

 

I have been receiving this error whenever I try to open a media player or sound recorder . Its ready like :

c: windows sytem32 alka958.dll error is either not designed to woek on windows or contains an error.

 

Please find the results of the logfile ( got the logfile after using hijackthis ), i have been unbale to attach it.Please help .

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:33:34, on 23-02-2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

 

Running processes:

C:\windows\system32\Dwm.exe

C:\windows\system32\taskhost.exe

C:\windows\Explorer.EXE

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Lokesh\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ostpl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: (no name) - {8EC7B16F-B16F-8EC7-6FB1-C78E6FB1C78E} - c:\windows\system32\alka958.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: http://*.alipay.com

O15 - Trusted Zone: http://*.alisoft.com

O15 - Trusted Zone: http://*.taobao.com

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe

O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe

O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe

O23 - Service: Spiceworks (spiceworks) - Unknown owner - C:\Users\Lokesh\Desktop\Spiceworks\httpd\bin\spiceworks-httpd.exe (file missing)

 

--

End of file - 8965 bytes

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi , I'm duckfeet and will be helping you. Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps.

 

 

Please download Malwarebytes' Anti-Malware from Here or

here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

----

 

 

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information.

 

dds_scr.gif

Download DDS and save it to your desktop from here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two logs:
  • DDS.txt
  • Attach.txt

Save both reports to your desktop.

 

Please post the contents of the DDS.txt log in your next reply. We need it to diagnose and fix malware problems - we may ask for Attach.txt later.

 

----------

 

 

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

 

----

 

 

In your next reply, also include the MBAM log, and DDS.txt, and let me know what problems remain.

Share this post


Link to post
Share on other sites

Thanks for the instructions . Please have a look.

 

I have attached the DDS.txt and New folder.zip with log files.

 

But the problem persists ie. the same error message is there . Even when I saved the logiles on the desktop ( so that they can be attached here ) after performing the antimalaware quick scan the same error message win32 appeared though after clicking ok , I was able to save the log files on my desktop.

 

What is troubling that this error message ( bad image ) keeps on appearing , when I try to save a sound file ( by using the voice recorder) in the sytem but by clicking ok , I am eventually able to save the sound.

 

Please advice.

DDS.txt

New folder.zip

 

EDIT: Most of our helpers will not download files that they did not specifically request... As you might guess, many malware criminals would love to infect their computers... We allow plenty of room in a post to copy/paste your logs, so please use it rather than attaching a file unless asked... Please read the instructions at the top of each forum and our FAQ... Thank you...

Edited by Budfred

Share this post


Link to post
Share on other sites

Hello lokesh, as Budfred pointed out, please copy/paste the results of scans in your reply, rather than adding them as attachments, unless requested. In any case, I was able to view the DDS log, and first I need you to:

 

Please download TDSSKiller.zip from here and extract it (right click on => "Extract here").

 

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply, along with a fresh DDS log, also pasted in your next reply.

Edited by duckfeet

Share this post


Link to post
Share on other sites

Hi

 

I am extremely sorry for the late reply . Thanks for your time. Please have a look at the following scan results

(TDSSKiller) & DDS results too :

 

2011/03/05 14:32:33.0937 1304 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30

2011/03/05 14:32:34.0761 1304 ================================================================================

2011/03/05 14:32:34.0761 1304 SystemInfo:

2011/03/05 14:32:34.0761 1304

2011/03/05 14:32:34.0761 1304 OS Version: 6.1.7600 ServicePack: 0.0

2011/03/05 14:32:34.0761 1304 Product type: Workstation

2011/03/05 14:32:34.0761 1304 ComputerName: LOKESH-PC

2011/03/05 14:32:34.0761 1304 UserName: Lokesh

2011/03/05 14:32:34.0761 1304 Windows directory: C:\windows

2011/03/05 14:32:34.0762 1304 System windows directory: C:\windows

2011/03/05 14:32:34.0762 1304 Processor architecture: Intel x86

2011/03/05 14:32:34.0762 1304 Number of processors: 2

2011/03/05 14:32:34.0762 1304 Page size: 0x1000

2011/03/05 14:32:34.0762 1304 Boot type: Normal boot

2011/03/05 14:32:34.0762 1304 ================================================================================

2011/03/05 14:32:35.0124 1304 Initialize success

2011/03/05 14:32:55.0147 4144 ================================================================================

2011/03/05 14:32:55.0147 4144 Scan started

2011/03/05 14:32:55.0147 4144 Mode: Manual;

2011/03/05 14:32:55.0147 4144 ================================================================================

2011/03/05 14:32:56.0043 4144 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys

2011/03/05 14:32:56.0121 4144 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys

2011/03/05 14:32:56.0160 4144 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys

2011/03/05 14:32:56.0219 4144 ACPIVPC (87114efedeb94af49323ca61f344716d) C:\windows\system32\DRIVERS\AcpiVpc.sys

2011/03/05 14:32:56.0259 4144 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

2011/03/05 14:32:56.0298 4144 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

2011/03/05 14:32:56.0351 4144 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

2011/03/05 14:32:56.0400 4144 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys

2011/03/05 14:32:56.0446 4144 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys

2011/03/05 14:32:56.0472 4144 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

2011/03/05 14:32:56.0501 4144 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys

2011/03/05 14:32:56.0523 4144 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys

2011/03/05 14:32:56.0546 4144 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys

2011/03/05 14:32:56.0576 4144 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

2011/03/05 14:32:56.0613 4144 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

2011/03/05 14:32:56.0643 4144 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys

2011/03/05 14:32:56.0672 4144 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

2011/03/05 14:32:56.0701 4144 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys

2011/03/05 14:32:56.0736 4144 ApfiltrService (0f83cb9bcb247869bcad28026b8f134b) C:\windows\system32\DRIVERS\Apfiltr.sys

2011/03/05 14:32:56.0766 4144 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys

2011/03/05 14:32:56.0811 4144 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

2011/03/05 14:32:56.0841 4144 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

2011/03/05 14:32:56.0878 4144 Aspi32 (20d04091eba710f6988f710507d85868) C:\windows\system32\drivers\Aspi32.sys

2011/03/05 14:32:56.0905 4144 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

2011/03/05 14:32:56.0947 4144 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys

2011/03/05 14:32:57.0006 4144 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys

2011/03/05 14:32:57.0036 4144 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\windows\system32\DRIVERS\AVGIDSEH.Sys

2011/03/05 14:32:57.0061 4144 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys

2011/03/05 14:32:57.0096 4144 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\windows\system32\DRIVERS\AVGIDSShim.Sys

2011/03/05 14:32:57.0140 4144 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\windows\system32\DRIVERS\avgldx86.sys

2011/03/05 14:32:57.0187 4144 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\windows\system32\DRIVERS\avgmfx86.sys

2011/03/05 14:32:57.0227 4144 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\windows\system32\DRIVERS\avgrkx86.sys

2011/03/05 14:32:57.0270 4144 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\windows\system32\DRIVERS\avgtdix.sys

2011/03/05 14:32:57.0325 4144 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

2011/03/05 14:32:57.0385 4144 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\windows\system32\DRIVERS\b57nd60x.sys

2011/03/05 14:32:57.0424 4144 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

2011/03/05 14:32:57.0538 4144 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

2011/03/05 14:32:57.0616 4144 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys

2011/03/05 14:32:57.0684 4144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

2011/03/05 14:32:57.0721 4144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

2011/03/05 14:32:57.0793 4144 Bridge0 (b35bb97b6dd9913093579f5c83962636) C:\windows\system32\drivers\WDBridge.sys

2011/03/05 14:32:57.0836 4144 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

2011/03/05 14:32:57.0912 4144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

2011/03/05 14:32:57.0986 4144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

2011/03/05 14:32:58.0018 4144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

2011/03/05 14:32:58.0055 4144 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys

2011/03/05 14:32:58.0105 4144 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

2011/03/05 14:32:58.0145 4144 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

2011/03/05 14:32:58.0191 4144 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys

2011/03/05 14:32:58.0278 4144 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys

2011/03/05 14:32:58.0328 4144 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys

2011/03/05 14:32:58.0362 4144 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys

2011/03/05 14:32:58.0399 4144 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys

2011/03/05 14:32:58.0418 4144 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys

2011/03/05 14:32:58.0490 4144 Cam5607 (58db523a2a714e57ad715bfde8a22a5a) C:\windows\system32\Drivers\BisonC07.sys

2011/03/05 14:32:58.0586 4144 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

2011/03/05 14:32:58.0628 4144 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys

2011/03/05 14:32:58.0655 4144 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

2011/03/05 14:32:58.0701 4144 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

2011/03/05 14:32:58.0729 4144 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

2011/03/05 14:32:58.0766 4144 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys

2011/03/05 14:32:58.0802 4144 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys

2011/03/05 14:32:58.0849 4144 CnxtHdAudService (7c47786b58ae503777dbd12fae20ed42) C:\windows\system32\drivers\CHDRT32.sys

2011/03/05 14:32:58.0895 4144 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

2011/03/05 14:32:58.0939 4144 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys

2011/03/05 14:32:58.0979 4144 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

2011/03/05 14:32:59.0036 4144 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys

2011/03/05 14:32:59.0063 4144 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

2011/03/05 14:32:59.0092 4144 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

2011/03/05 14:32:59.0135 4144 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

2011/03/05 14:32:59.0195 4144 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys

2011/03/05 14:32:59.0330 4144 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

2011/03/05 14:32:59.0476 4144 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

2011/03/05 14:32:59.0527 4144 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys

2011/03/05 14:32:59.0584 4144 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

2011/03/05 14:32:59.0622 4144 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

2011/03/05 14:32:59.0678 4144 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

2011/03/05 14:32:59.0725 4144 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

2011/03/05 14:32:59.0757 4144 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

2011/03/05 14:32:59.0790 4144 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

2011/03/05 14:32:59.0834 4144 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

2011/03/05 14:32:59.0876 4144 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

2011/03/05 14:32:59.0923 4144 fssfltr (8e307583e6b45f1accf762fe22a61c0d) C:\windows\system32\DRIVERS\fssfltr.sys

2011/03/05 14:32:59.0952 4144 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

2011/03/05 14:32:59.0998 4144 funfrm (f626f291e3f56e8969e35945552feca3) C:\windows\system32\drivers\funfrm.sys

2011/03/05 14:33:00.0051 4144 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys

2011/03/05 14:33:00.0119 4144 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

2011/03/05 14:33:00.0165 4144 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

2011/03/05 14:33:00.0201 4144 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys

2011/03/05 14:33:00.0253 4144 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys

2011/03/05 14:33:00.0280 4144 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

2011/03/05 14:33:00.0308 4144 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

2011/03/05 14:33:00.0338 4144 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

2011/03/05 14:33:00.0374 4144 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys

2011/03/05 14:33:00.0423 4144 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys

2011/03/05 14:33:00.0460 4144 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys

2011/03/05 14:33:00.0488 4144 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys

2011/03/05 14:33:00.0511 4144 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys

2011/03/05 14:33:00.0557 4144 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

2011/03/05 14:33:00.0599 4144 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys

2011/03/05 14:33:00.0744 4144 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys

2011/03/05 14:33:00.0918 4144 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

2011/03/05 14:33:00.0960 4144 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys

2011/03/05 14:33:00.0997 4144 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

2011/03/05 14:33:01.0040 4144 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

2011/03/05 14:33:01.0080 4144 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys

2011/03/05 14:33:01.0116 4144 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

2011/03/05 14:33:01.0169 4144 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

2011/03/05 14:33:01.0219 4144 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys

2011/03/05 14:33:01.0259 4144 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys

2011/03/05 14:33:01.0294 4144 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\windows\system32\DRIVERS\k57nd60x.sys

2011/03/05 14:33:01.0338 4144 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

2011/03/05 14:33:01.0364 4144 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys

2011/03/05 14:33:01.0403 4144 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys

2011/03/05 14:33:01.0444 4144 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys

2011/03/05 14:33:01.0499 4144 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

2011/03/05 14:33:01.0536 4144 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

2011/03/05 14:33:01.0575 4144 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

2011/03/05 14:33:01.0607 4144 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

2011/03/05 14:33:01.0645 4144 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

2011/03/05 14:33:01.0670 4144 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

2011/03/05 14:33:01.0706 4144 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

2011/03/05 14:33:01.0737 4144 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

2011/03/05 14:33:01.0767 4144 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

2011/03/05 14:33:01.0800 4144 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

2011/03/05 14:33:01.0834 4144 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

2011/03/05 14:33:01.0858 4144 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

2011/03/05 14:33:01.0891 4144 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys

2011/03/05 14:33:01.0931 4144 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys

2011/03/05 14:33:01.0959 4144 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

2011/03/05 14:33:01.0988 4144 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys

2011/03/05 14:33:02.0037 4144 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys

2011/03/05 14:33:02.0059 4144 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys

2011/03/05 14:33:02.0094 4144 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys

2011/03/05 14:33:02.0135 4144 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys

2011/03/05 14:33:02.0178 4144 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys

2011/03/05 14:33:02.0242 4144 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

2011/03/05 14:33:02.0288 4144 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

2011/03/05 14:33:02.0329 4144 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys

2011/03/05 14:33:02.0370 4144 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

2011/03/05 14:33:02.0403 4144 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

2011/03/05 14:33:02.0437 4144 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

2011/03/05 14:33:02.0470 4144 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

2011/03/05 14:33:02.0502 4144 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys

2011/03/05 14:33:02.0527 4144 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

2011/03/05 14:33:02.0549 4144 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

2011/03/05 14:33:02.0578 4144 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

2011/03/05 14:33:02.0619 4144 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

2011/03/05 14:33:02.0661 4144 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys

2011/03/05 14:33:02.0703 4144 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

2011/03/05 14:33:02.0731 4144 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

2011/03/05 14:33:02.0763 4144 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys

2011/03/05 14:33:02.0794 4144 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys

2011/03/05 14:33:02.0825 4144 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys

2011/03/05 14:33:02.0855 4144 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

2011/03/05 14:33:02.0895 4144 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys

2011/03/05 14:33:03.0114 4144 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\windows\system32\DRIVERS\NETw5s32.sys

2011/03/05 14:33:03.0413 4144 netw5v32 (af1ae2e42b03395560b1cde03230205c) C:\windows\system32\DRIVERS\netw5v32.sys

2011/03/05 14:33:03.0577 4144 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

2011/03/05 14:33:03.0618 4144 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

2011/03/05 14:33:03.0645 4144 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

2011/03/05 14:33:03.0706 4144 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys

2011/03/05 14:33:03.0765 4144 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

2011/03/05 14:33:03.0803 4144 NVHDA (d2f4c4b22969236382ca853b8daa2d4e) C:\windows\system32\drivers\nvhda32v.sys

2011/03/05 14:33:04.0070 4144 nvlddmkm (64c6ba9af2c21edd20a3dff1f71ea80e) C:\windows\system32\DRIVERS\nvlddmkm.sys

2011/03/05 14:33:04.0301 4144 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys

2011/03/05 14:33:04.0340 4144 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys

2011/03/05 14:33:04.0386 4144 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys

2011/03/05 14:33:04.0410 4144 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys

2011/03/05 14:33:04.0462 4144 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

2011/03/05 14:33:04.0503 4144 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys

2011/03/05 14:33:04.0533 4144 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

2011/03/05 14:33:04.0570 4144 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys

2011/03/05 14:33:04.0612 4144 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys

2011/03/05 14:33:04.0648 4144 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

2011/03/05 14:33:04.0676 4144 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

2011/03/05 14:33:04.0718 4144 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

2011/03/05 14:33:04.0830 4144 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

2011/03/05 14:33:04.0867 4144 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

2011/03/05 14:33:04.0918 4144 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

2011/03/05 14:33:04.0995 4144 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

2011/03/05 14:33:05.0100 4144 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

2011/03/05 14:33:05.0158 4144 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

2011/03/05 14:33:05.0195 4144 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

2011/03/05 14:33:05.0233 4144 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

2011/03/05 14:33:05.0264 4144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

2011/03/05 14:33:05.0300 4144 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

2011/03/05 14:33:05.0331 4144 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

2011/03/05 14:33:05.0366 4144 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys

2011/03/05 14:33:05.0399 4144 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

2011/03/05 14:33:05.0433 4144 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys

2011/03/05 14:33:05.0459 4144 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

2011/03/05 14:33:05.0496 4144 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

2011/03/05 14:33:05.0532 4144 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys

2011/03/05 14:33:05.0565 4144 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys

2011/03/05 14:33:05.0621 4144 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

2011/03/05 14:33:05.0664 4144 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

2011/03/05 14:33:05.0710 4144 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys

2011/03/05 14:33:05.0777 4144 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys

2011/03/05 14:33:05.0812 4144 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys

2011/03/05 14:33:05.0867 4144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

2011/03/05 14:33:05.0921 4144 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

2011/03/05 14:33:05.0962 4144 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

2011/03/05 14:33:05.0999 4144 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

2011/03/05 14:33:06.0050 4144 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys

2011/03/05 14:33:06.0083 4144 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys

2011/03/05 14:33:06.0116 4144 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys

2011/03/05 14:33:06.0149 4144 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

2011/03/05 14:33:06.0200 4144 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys

2011/03/05 14:33:06.0238 4144 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

2011/03/05 14:33:06.0283 4144 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

2011/03/05 14:33:06.0319 4144 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

2011/03/05 14:33:06.0370 4144 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

2011/03/05 14:33:06.0435 4144 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys

2011/03/05 14:33:06.0486 4144 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys

2011/03/05 14:33:06.0529 4144 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys

2011/03/05 14:33:06.0576 4144 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

2011/03/05 14:33:06.0608 4144 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys

2011/03/05 14:33:06.0709 4144 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys

2011/03/05 14:33:06.0794 4144 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys

2011/03/05 14:33:06.0820 4144 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys

2011/03/05 14:33:06.0858 4144 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys

2011/03/05 14:33:06.0886 4144 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys

2011/03/05 14:33:06.0926 4144 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys

2011/03/05 14:33:06.0958 4144 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys

2011/03/05 14:33:07.0018 4144 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys

2011/03/05 14:33:07.0054 4144 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys

2011/03/05 14:33:07.0092 4144 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

2011/03/05 14:33:07.0131 4144 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys

2011/03/05 14:33:07.0178 4144 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys

2011/03/05 14:33:07.0210 4144 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys

2011/03/05 14:33:07.0244 4144 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

2011/03/05 14:33:07.0289 4144 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys

2011/03/05 14:33:07.0347 4144 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys

2011/03/05 14:33:07.0388 4144 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys

2011/03/05 14:33:07.0419 4144 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys

2011/03/05 14:33:07.0447 4144 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys

2011/03/05 14:33:07.0507 4144 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

2011/03/05 14:33:07.0554 4144 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

2011/03/05 14:33:07.0591 4144 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS

2011/03/05 14:33:07.0627 4144 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys

2011/03/05 14:33:07.0673 4144 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys

2011/03/05 14:33:07.0721 4144 USB_NDIS_51 (ec60e98c94701f4f26a0772ff1e89972) C:\windows\system32\DRIVERS\bcmndis.sys

2011/03/05 14:33:07.0777 4144 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys

2011/03/05 14:33:07.0811 4144 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

2011/03/05 14:33:07.0840 4144 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

2011/03/05 14:33:07.0887 4144 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys

2011/03/05 14:33:07.0911 4144 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys

2011/03/05 14:33:07.0935 4144 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

2011/03/05 14:33:07.0977 4144 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys

2011/03/05 14:33:08.0007 4144 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys

2011/03/05 14:33:08.0038 4144 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

2011/03/05 14:33:08.0066 4144 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys

2011/03/05 14:33:08.0115 4144 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

2011/03/05 14:33:08.0145 4144 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\System32\drivers\vwifibus.sys

2011/03/05 14:33:08.0178 4144 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

2011/03/05 14:33:08.0218 4144 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys

2011/03/05 14:33:08.0273 4144 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

2011/03/05 14:33:08.0304 4144 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

2011/03/05 14:33:08.0323 4144 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

2011/03/05 14:33:08.0381 4144 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

2011/03/05 14:33:08.0420 4144 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

2011/03/05 14:33:08.0478 4144 wdmirror (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\windows\system32\DRIVERS\WDMirror.sys

2011/03/05 14:33:08.0526 4144 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

2011/03/05 14:33:08.0570 4144 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys

2011/03/05 14:33:08.0598 4144 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

2011/03/05 14:33:08.0686 4144 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys

2011/03/05 14:33:08.0740 4144 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

2011/03/05 14:33:08.0808 4144 wsvd (baedc491374defd5e76336901d6d397d) C:\windows\system32\DRIVERS\wsvd.sys

2011/03/05 14:33:08.0855 4144 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys

2011/03/05 14:33:08.0880 4144 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys

2011/03/05 14:33:08.0968 4144 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/03/05 14:33:08.0972 4144 ================================================================================

2011/03/05 14:33:08.0972 4144 Scan finished

2011/03/05 14:33:08.0972 4144 ================================================================================

2011/03/05 14:33:08.0985 4136 Detected object count: 1

2011/03/05 14:33:31.0848 4136 \HardDisk0 - will be cured after reboot

2011/03/05 14:33:31.0850 4136 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/03/05 14:33:36.0208 3160 Deinitialize success

 

 

The fresh DDS file is as follows :

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Lokesh at 14:43:13.39 on 05-03-2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3067.2118 [GMT 5.5:30]

 

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\nvvsvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe

C:\windows\System32\IgrsSvcs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskhost.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\windows\system32\conhost.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Mozilla Firefox\firefox.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\windows\system32\NOTEPAD.EXE

C:\windows\System32\svchost.exe -k WerSvcGroup

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\Users\Lokesh\Downloads\dds.scr

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = about:blank

mStart Page = hxxp://lenovo.live.com/

mSearchAssistant = hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - ALOT Toolbar Helper

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: : {8ec7b16f-b16f-8ec7-6fb1-c78e6fb1c78e} - c:\windows\system32\alka958.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live

 

\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.0.2156.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} -

TB: @c:\program files\msn toolbar\platform\6.0.2156.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform

 

\6.0.2156.0\npwinext.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion

 

\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer

 

\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer

 

\skypeieplugin.dll

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\lokesh\appdata\roaming\mozilla\firefox\profiles\5ygird6s.default\

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official

FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ostpl&q=

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - component: c:\users\lokesh\appdata\roaming\mozilla\firefox\profiles\5ygird6s.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components

 

\RadioWMPCoreGecko19.dll

FF - component: c:\users\lokesh\appdata\roaming\mozilla\firefox\profiles\5ygird6s.default\extensions\engine@conduit.com\components

 

\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdbplug.dll

FF - plugin: c:\program files\msn toolbar\platform\6.0.2156.0\npwinext.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox

 

\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

 

============= SERVICES / DRIVERS ===============

 

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]

R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-10-3 54800]

R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]

R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-10-3 21520]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15

 

6114816]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-10-3 66080]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2009-10-3 11792]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010

 

-3-18 130384]

S2 spiceworks;spiceworks;"c:\users\lokesh\desktop\spiceworks\httpd\bin\spiceworks-httpd.exe" -k runservice --> c:\users\lokesh\desktop\spiceworks\httpd\bin

 

\spiceworks-httpd.exe [?]

S2 yjazgyzq;Microsoft ACPI Control Method Battery Monitor;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]

S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2009-10-3 63240]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-3 29472]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-21 39264]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]

S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2009-10-3 414984]

S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2009-10-3 472328]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-3

 

4231680]

S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k

 

IgrsSvcs [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-2 171520]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]

S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-22 81704]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

 

=============== Created Last 30 ================

 

2011-03-04 06:09:47 -------- d-----w- c:\program files\TT111-V4

2011-02-28 08:04:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-28 08:04:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-19 12:43:25 -------- d-----w- c:\users\lokesh\appdata\roaming\OpenCandy

2011-02-15 12:58:04 1409 ----a-w- c:\windows\_C090C50.FOT

2011-02-15 12:55:01 1409 ----a-w- c:\windows\_FF299EF.FOT

2011-02-15 12:55:01 1409 ----a-w- c:\windows\_90297E7.FOT

2011-02-15 12:55:01 1409 ----a-w- c:\windows\_4F16793.FOT

2011-02-15 12:55:01 1409 ----a-w- c:\windows\_181171E.FOT

2011-02-15 12:51:35 -------- d-----w- c:\program files\R1Demo

2011-02-05 09:08:28 -------- d-----w- c:\users\lokesh\appdata\roaming\BitZipper

2011-02-05 08:27:06 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

 

==================== Find3M ====================

 

2011-02-01 06:59:00 20 ----a-w- c:\windows\system32\ALKA958.DLL

2011-01-29 08:43:25 31728 ----a-w- c:\windows\dbrmdwb.exe

2011-01-29 08:43:25 26 ----a-w- c:\windows\dbrmdwb.bat

2011-01-29 08:43:25 245840 ----a-w- c:\windows\system32\DNLEng.dll

2011-01-29 08:43:25 2327704 ----a-w- c:\windows\dbplugin.ocx

2011-01-29 08:43:25 2179072 ----a-w- c:\windows\npdbplug.dll

2011-01-29 08:43:00 894616 ----a-w- c:\windows\dbplugin.exe

2010-12-24 08:58:49 1658880 ----a-w- c:\windows\system32\CX32EP19.dll

2010-12-24 08:58:39 167936 ----a-w- c:\windows\system32\CNCFMSh.EXE

2010-12-24 08:58:38 98304 ----a-w- c:\windows\system32\CNC320I.DLL

2010-12-24 08:58:38 274432 ----a-w- c:\windows\system32\CNC320L.DLL

2010-12-24 08:58:38 192512 ----a-w- c:\windows\system32\CNC320O.DLL

2010-12-24 08:58:38 1331200 ----a-w- c:\windows\system32\CNC320C.DLL

2010-12-24 08:58:21 188416 ----a-w- c:\windows\system32\BisonR07.dll

2010-12-24 08:58:21 184320 ----a-w- c:\windows\system32\BisonCoi.dll

2010-12-24 08:58:19 1044480 ----a-w- c:\windows\system32\3DImageRenderer.dll

2010-12-24 08:58:18 360448 ----a-w- c:\windows\system\BisonC07.dll

2010-12-24 08:58:18 135168 ----a-w- c:\windows\system\BisonV07.dll

2010-12-24 08:57:58 626688 ----a-w- c:\windows\msvcr80.dll

2010-12-24 08:55:51 57344 ----a-w- c:\windows\AsfHelper.dll

2010-12-17 06:28:33 733184 ----a-w- c:\windows\system32\alka958.dll.bak

2010-12-17 06:28:33 0 ----a-w- c:\windows\system32\alkA958.tmp

 

============= FINISH: 14:43:46.15 ===============

Share this post


Link to post
Share on other sites
I am extremely sorry for the late reply . Thanks for your time. Please have a look at the following scan results

(TDSSKiller) & DDS results too :

No problem. TDSSKiller did find and remove the rootkit. :) You still have some questionable programs installed, which I mentioned, and also, I need you to run ComboFix, but this means you will need to uninstall AVG while we complete these fixes. After than, you can reinstall AVG, or install one of the other recommended anitvirus programs--I recommend Avira, Avast, or Microsoft Security Essentials, but in any case, temporarily, you will have to uninstall AVG. After running ComboFix, let me know if you are still getting the pop-up error messages.

 

----

 

 

You have a questionable toolbar installed. These toolbars either have tracking functionality, pop-ups, or deliver ads they don't warn you about. They may also have fairly loose privacy policies. I suggest you go to Start->Control Panel-> Programs and Features and remove:

  • Alot Toolbar

 

----

 

I see you are using the P2P file sharing program utorrent.

 

Although once considered fairly safe, Peer to Peer (P2P) file sharing programs are now seen as a security risk which can make your computer susceptible to malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks. The best way to reduce the risk of infection is to not use any P2P applications.

 

See:

http://www.betanews....Afee/1210193904

http://www.fbi.gov/s...peer/oeertopeer

http://www.itpro.co....0-000-computers

 

----

 

Trusted Zone Warning:

These sites are in your trusted zone:

alipay.com

alisoft.com

taobao.com

 

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that,If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone. Open Internet Explorer, go to Tools >> Internet Options >> Security >> Trusted Sites >> Sites to remove them...See Security-zones-adding-or-removing-websites if you have questions on this procedure.

 

----

 

Download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

how-to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Please go here to see a list of programs that should be disabled.

 

Do not mouseclick ComboFix's window while it's running! That may cause it to stall

 

Note!:

Due to recent changes in AVG antivirus and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

 

If AVG will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. The AVG uninstaller can be downloaded from here: http://www.appremover.com.

 

------

 

Let me know if you removed the programs I suggested, and then post the C:\ComboFix.txt log, and let me know what problems remain.

Share this post


Link to post
Share on other sites

Hi

 

Thanks for your prompt attention and all the detailed instructions that you have given. I had carried out all the steps accordingly and yes , the results have been positive .

I am not getting the win32 alka958.dll error message now , a big thanks to you for solving this problem. There is just a minor problem that still persists ie.

if I try try to close the internet explorer window I still get the message pop up though the window does close after doing the following :

 

The message reads like this :

 

A website wants to open webcontent using this program on your computer .

Name : windows live messenger companion

Publisher : microsoft corporation

 

I usually click ' don't allow ' ( as the message states it will open the program outside my protected mode ) and

check the box next to it ' do not show this warning again ' but this pop up reappears the next time when I work on net.

 

Also , I wanted to know if I need to uninstall combifix now in order to reintall AVG anti-virus .

 

Once again , thanks for all the effort that you have put in al this while. I am really grateful. I hope you can also solve the remaining problem for me.

 

So , please consider the following log results :

 

 

ComboFix 11-03-05.01 - Lokesh 06-03-2011 15:04:36.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3067.2302 [GMT 5.5:30]

Running from: c:\users\Lokesh\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\users\Lokesh\AppData\Roaming\Local

c:\users\Lokesh\AppData\Roaming\Local\Temp\DDM\Settings\.ddr

c:\users\Lokesh\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Lokesh\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Lokesh\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\users\Lokesh\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\get_video.ddp

c:\windows\keys.ini

c:\windows\system32\ALKA958.DLL

c:\windows\Tasks\At1.job

.

----- BITS: Possible infected sites -----

.

hxxp://liveupdate.symantecliveupdate.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\Service_yjazgyzq

.

.

((((((((((((((((((((((((( Files Created from 2011-02-06 to 2011-03-06 )))))))))))))))))))))))))))))))

.

.

2011-03-06 09:39 . 2011-03-06 09:42 -------- d-----w- c:\users\Lokesh\AppData\Local\temp

2011-03-06 09:39 . 2011-03-06 09:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-03-06 09:39 . 2011-03-06 09:39 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-03-06 09:39 . 2011-03-06 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-06 09:04 . 2011-03-06 09:04 -------- d-----w- c:\users\Lokesh\AppData\Roaming\uTorrent

2011-03-05 13:13 . 2011-03-05 13:13 -------- d-----w- C:\5e6edd20a42239d112e476da72e7f6

2011-03-05 13:12 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-03-05 11:02 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll

2011-03-05 11:02 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-05 11:02 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-05 11:02 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-03-05 11:02 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-03-05 11:02 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-03-05 11:02 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll

2011-03-05 11:02 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-03-04 06:09 . 2011-03-04 06:09 -------- d-----w- c:\program files\TT111-V4

2011-02-28 08:04 . 2010-12-20 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-28 08:04 . 2010-12-20 12:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-19 12:43 . 2011-02-19 14:13 -------- d-----w- c:\users\Lokesh\AppData\Roaming\OpenCandy

2011-02-18 11:04 . 2011-02-24 20:05 -------- d-----w- c:\users\Lokesh\AppData\Roaming\vlc

2011-02-15 12:58 . 2011-02-15 12:58 1409 ----a-w- c:\windows\_C090C50.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_FF299EF.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_90297E7.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_4F16793.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_181171E.FOT

2011-02-15 12:51 . 2011-02-15 12:51 -------- d-----w- c:\program files\R1Demo

2011-02-05 09:08 . 2011-02-05 09:13 -------- d-----w- c:\users\Lokesh\AppData\Roaming\BitZipper

2011-02-05 08:27 . 2011-02-05 08:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-02-05 08:25 . 2011-02-05 08:25 -------- d-----w- c:\program files\Apple Software Update

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-18 09:39 . 2010-01-06 11:01 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-02-18 09:39 . 2010-01-06 11:01 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-01-29 08:43 . 2011-01-29 08:43 31728 ----a-w- c:\windows\dbrmdwb.exe

2011-01-29 08:43 . 2011-01-29 08:43 26 ----a-w- c:\windows\dbrmdwb.bat

2011-01-29 08:43 . 2011-01-29 08:43 245840 ----a-w- c:\windows\system32\DNLEng.dll

2011-01-29 08:43 . 2011-01-29 08:43 2327704 ----a-w- c:\windows\dbplugin.ocx

2011-01-29 08:43 . 2011-01-29 08:43 2179072 ----a-w- c:\windows\npdbplug.dll

2011-01-29 08:43 . 2011-01-29 08:43 894616 ----a-w- c:\windows\dbplugin.exe

2010-12-24 08:59 . 2010-06-14 08:43 57344 ----a-w- c:\windows\system32\ZipperBoy.ocx

2010-12-24 08:59 . 2010-06-14 08:43 94208 ----a-w- c:\windows\system32\Unzdll.dll

2010-12-24 08:59 . 2009-10-03 11:47 258048 ----a-w- c:\windows\system32\UCI32A41.dll

2010-12-24 08:59 . 1999-01-05 11:00 225280 ----a-w- c:\windows\system32\VSFLEX3.OCX

2010-12-24 08:59 . 2010-11-12 06:46 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9O.DLL

2010-12-24 08:59 . 2009-10-03 11:55 1171456 ----a-w- c:\windows\system32\PicNotify.dll

2010-12-24 08:59 . 2009-09-02 00:55 7360512 ----a-w- c:\windows\system32\RtsUStoricon.dll

2010-12-24 08:59 . 2009-09-02 00:55 270336 ----a-w- c:\windows\system32\RtsUStor.dll

2010-12-24 08:59 . 1998-09-16 22:50 151552 ----a-w- c:\windows\system32\RDOCURS.DLL

2010-12-24 08:59 . 2009-07-27 18:39 221184 ----a-w- c:\windows\system32\oemdspif.dll

2010-12-24 08:59 . 2009-10-03 11:45 10387456 ----a-w- c:\windows\system32\nvoglv32.dll

2010-12-24 08:59 . 2009-07-27 18:39 143360 ----a-w- c:\windows\system32\nvshext.dll

2010-12-24 08:59 . 2009-10-03 11:45 151552 ----a-w- c:\windows\system32\nvcohda.dll

2010-12-24 08:59 . 2009-10-03 11:45 155648 ----a-w- c:\windows\system32\nvcod1510.dll

2010-12-24 08:59 . 2009-10-03 11:45 155648 ----a-w- c:\windows\system32\nvcod.dll

2010-12-24 08:59 . 2009-09-15 13:49 2756608 ----a-w- c:\windows\system32\NETw5r32.dll

2010-12-24 08:59 . 2009-09-15 13:48 675840 ----a-w- c:\windows\system32\NETw5c32.dll

2010-12-24 08:59 . 2010-06-14 08:43 430080 ----a-w- c:\windows\system32\Msrepl35.dll

2010-12-24 08:59 . 2010-06-14 08:43 262144 ----a-w- c:\windows\system32\msrd2x35.dll

2010-12-24 08:59 . 2006-07-24 10:50 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2010-12-24 08:59 . 1999-01-22 12:16 65536 ----a-w- c:\windows\system32\MSRTEDIT.DLL

2010-12-24 08:59 . 1998-09-16 22:50 393216 ----a-w- c:\windows\system32\MSRDO20.DLL

2010-12-24 08:59 . 1998-08-09 04:37 94208 ----a-w- c:\windows\system32\MSSTKPRP.DLL

2010-12-24 08:59 . 2010-06-14 08:43 77824 ----a-w- c:\windows\system32\msbind.dll

2010-12-24 08:59 . 2010-06-14 08:43 299008 ----a-w- c:\windows\system32\MSDBRPTR.DLL

2010-12-24 08:59 . 1999-03-03 05:35 81920 ----a-w- c:\windows\system32\MDT2FW95.DLL

2010-12-24 08:59 . 1998-06-16 20:38 53248 ----a-w- c:\windows\system32\MFC42ENU.DLL

2010-12-24 08:59 . 2009-10-03 11:54 77824 ----a-w- c:\windows\system32\ILU.dll

2010-12-24 08:59 . 2009-10-03 11:54 32768 ----a-w- c:\windows\system32\ILUT.dll

2010-12-24 08:59 . 2009-07-13 23:46 16384 ----a-w- c:\windows\system32\iscsilog.dll

2010-12-24 08:59 . 2009-07-13 22:09 2531328 ----a-w- c:\windows\system32\igd10umd32.dll

2010-12-24 08:59 . 2009-07-13 22:09 3805184 ----a-w- c:\windows\system32\igdumd32.dll

2010-12-24 08:59 . 1998-09-22 03:56 32768 ----a-w- c:\windows\system32\IMESHARE.DLL

2010-12-24 08:58 . 2009-07-13 23:51 8192 ----a-w- c:\windows\system32\drivers\umpass.sys

2010-12-24 08:58 . 2009-07-13 23:51 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2010-12-24 08:58 . 2009-07-13 23:51 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2010-12-24 08:58 . 2009-07-14 02:05 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys

2010-12-24 08:58 . 2009-07-13 23:46 12288 ----a-w- c:\windows\system32\drivers\MTConfig.sys

2010-12-24 08:58 . 2009-07-13 23:45 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys

2010-12-24 08:58 . 2009-07-13 23:30 65536 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys

2010-12-24 08:58 . 2009-06-10 21:17 430080 ----a-w- c:\windows\system32\drivers\bxvbdx.sys

2010-12-24 08:58 . 2009-10-03 11:47 1658880 ----a-w- c:\windows\system32\CX32EP19.dll

2010-12-24 08:58 . 2010-11-12 06:46 167936 ----a-w- c:\windows\system32\CNCFMSh.EXE

2010-12-24 08:58 . 2010-11-12 06:46 98304 ----a-w- c:\windows\system32\CNC320I.DLL

2010-12-24 08:58 . 2010-11-12 06:46 274432 ----a-w- c:\windows\system32\CNC320L.DLL

2010-12-24 08:58 . 2010-11-12 06:46 192512 ----a-w- c:\windows\system32\CNC320O.DLL

2010-12-24 08:58 . 2010-11-12 06:46 1331200 ----a-w- c:\windows\system32\CNC320C.DLL

2010-12-24 08:58 . 2009-10-03 11:53 184320 ----a-w- c:\windows\system32\BisonCoi.dll

2010-12-24 08:58 . 2009-10-03 11:53 188416 ----a-w- c:\windows\system32\BisonR07.dll

2010-12-24 08:58 . 2009-10-03 11:54 1044480 ----a-w- c:\windows\system32\3DImageRenderer.dll

2010-12-24 08:58 . 2009-10-03 11:53 360448 ----a-w- c:\windows\system\BisonC07.dll

2010-12-24 08:58 . 2009-10-03 11:53 135168 ----a-w- c:\windows\system\BisonV07.dll

2010-12-24 08:57 . 2009-10-03 11:54 626688 ----a-w- c:\windows\msvcr80.dll

2010-12-24 08:55 . 2009-10-03 11:54 57344 ----a-w- c:\windows\AsfHelper.dll

2010-12-17 06:28 . 2010-12-17 06:28 733184 ----a-w- c:\windows\system32\alka958.dll.bak

2010-12-17 06:28 . 2010-12-17 06:28 0 ----a-w- c:\windows\system32\alkA958.tmp

.

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Apoint2K\Apoint .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\DivX\DivX Plus Web Player\DDmService .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Lenovo\Energy Management\Energy Management .exe
c:\program files\Lenovo\Energy Management\utility .exe
c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu .exe
c:\program files\Lenovo\VeriFace\PManage .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\QuickTime\QTTask .exe
</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2009-10-03 11:54 1410312 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [N/A]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-27 13797920]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 spiceworks;spiceworks;c:\users\Lokesh\Desktop\Spiceworks\httpd\bin\spiceworks-httpd.exe [x]

R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]

R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]

R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]

R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 funfrm;funfrm; [x]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]

S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP

.

Contents of the 'Scheduled Tasks' folder

.

2010-12-28 c:\windows\Tasks\Install_NSS.job

- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://lenovo.live.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Lokesh\AppData\Roaming\Mozilla\Firefox\Profiles\5ygird6s.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,93,a7,a5,25,13,b6,4c,98,f1,79,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,93,a7,a5,25,13,b6,4c,98,f1,79,\

.

[HKEY_USERS\S-1-5-21-1859245121-1411811974-1986287310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1859245121-1411811974-1986287310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2268)

c:\windows\system32\IcnOvrly.dll

c:\program files\Lenovo\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Lenovo\Bluetooth Software\btwdins.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\taskhost.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-03-06 15:14:35 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-06 09:44

.

Pre-Run: 237,101,727,744 bytes free

Post-Run: 236,812,619,776 bytes free

.

- - End Of File - - FC061294960E108C571EC4120A3A70B7

Share this post


Link to post
Share on other sites
Thanks for your prompt attention and all the detailed instructions that you have given. I had carried out all the steps accordingly and yes , the results have been positive .

I am not getting the win32 alka958.dll error message now , a big thanks to you for solving this problem. There is just a minor problem that still persists ie.

if I try try to close the internet explorer window I still get the message pop up though the window does close after doing the following :

 

The message reads like this :

 

A website wants to open webcontent using this program on your computer .

Name : windows live messenger companion

Publisher : microsoft corporation

 

I usually click ' don't allow ' ( as the message states it will open the program outside my protected mode ) and

check the box next to it ' do not show this warning again ' but this pop up reappears the next time when I work on net.

 

Also , I wanted to know if I need to uninstall combifix now in order to reintall AVG anti-virus .

 

Once again , thanks for all the effort that you have put in al this while. I am really grateful. I hope you can also solve the remaining problem for me.

 

Hello: Well done!, and ComboFix did find more malware...but please don't uninstall ComboFix--or reinstall AVG--until we are done, as I will need to go over your logs today, and we may need to run ComboFix again to clean up remnants and some other things I've seen. I'll get back to you later after going over other logs I also have to reply to. I'll check on what we can do about that pop-up message too. Thankyou. thumbup.gif

Share this post


Link to post
Share on other sites

  • Make sure that combofix.exe is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

 

killall::

 

RenV::

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe

c:\program files\Apoint2K\Apoint .exe

c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe

c:\program files\Common Files\Java\Java Update\jusched .exe

c:\program files\DivX\DivX Plus Web Player\DDmService .exe

c:\program files\DivX\DivX Update\DivXUpdate .exe

c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe

c:\program files\Lenovo\Energy Management\Energy Management .exe

c:\program files\Lenovo\Energy Management\utility .exe

c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu .exe

c:\program files\Lenovo\VeriFace\PManage .exe

c:\program files\Malwarebytes' Anti-Malware\mbam .exe

c:\program files\QuickTime\QTTask .exe

 

 

Reglock::

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

[HKEY_USERS\S-1-5-21-1859245121-1411811974-1986287310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

[HKEY_USERS\S-1-5-21-1859245121-1411811974-1986287310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

 

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

CFScriptB-4.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply. Let me know how your computer is running now.

Share this post


Link to post
Share on other sites

Please have a look at the following :

 

 

ComboFix 11-03-05.01 - Lokesh 07-03-2011 12:04:07.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3067.2268 [GMT 5.5:30]

Running from: c:\users\Lokesh\Desktop\ComboFix.exe

Command switches used :: .txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))

.

.

2011-03-07 06:39 . 2011-03-07 06:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-03-07 06:39 . 2011-03-07 06:39 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-03-07 06:39 . 2011-03-07 06:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-07 06:25 . 2011-02-23 04:05 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DB758E1-0419-4724-8AB1-A6B290811C2A}\mpengine.dll

2011-03-06 09:39 . 2011-03-07 06:39 -------- d-----w- c:\users\Lokesh\AppData\Local\temp

2011-03-06 09:04 . 2011-03-06 09:04 -------- d-----w- c:\users\Lokesh\AppData\Roaming\uTorrent

2011-03-05 13:13 . 2011-03-05 13:13 -------- d-----w- C:\5e6edd20a42239d112e476da72e7f6

2011-03-05 13:12 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-03-05 11:02 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll

2011-03-05 11:02 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-05 11:02 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-05 11:02 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-03-05 11:02 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-03-05 11:02 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-03-05 11:02 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll

2011-03-05 11:02 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-03-04 06:09 . 2011-03-04 06:09 -------- d-----w- c:\program files\TT111-V4

2011-02-28 08:04 . 2010-12-20 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-28 08:04 . 2010-12-20 12:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-19 12:43 . 2011-02-19 14:13 -------- d-----w- c:\users\Lokesh\AppData\Roaming\OpenCandy

2011-02-18 11:04 . 2011-03-06 10:14 -------- d-----w- c:\users\Lokesh\AppData\Roaming\vlc

2011-02-15 12:58 . 2011-02-15 12:58 1409 ----a-w- c:\windows\_C090C50.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_FF299EF.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_90297E7.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_4F16793.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_181171E.FOT

2011-02-15 12:51 . 2011-02-15 12:51 -------- d-----w- c:\program files\R1Demo

2011-02-05 09:08 . 2011-02-05 09:13 -------- d-----w- c:\users\Lokesh\AppData\Roaming\BitZipper

2011-02-05 08:27 . 2011-02-05 08:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-02-05 08:25 . 2011-02-05 08:25 -------- d-----w- c:\program files\Apple Software Update

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-18 09:39 . 2010-01-06 11:01 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-02-18 09:39 . 2010-01-06 11:01 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-02-02 11:41 . 2010-02-11 10:01 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-29 08:43 . 2011-01-29 08:43 31728 ----a-w- c:\windows\dbrmdwb.exe

2011-01-29 08:43 . 2011-01-29 08:43 26 ----a-w- c:\windows\dbrmdwb.bat

2011-01-29 08:43 . 2011-01-29 08:43 245840 ----a-w- c:\windows\system32\DNLEng.dll

2011-01-29 08:43 . 2011-01-29 08:43 2327704 ----a-w- c:\windows\dbplugin.ocx

2011-01-29 08:43 . 2011-01-29 08:43 2179072 ----a-w- c:\windows\npdbplug.dll

2011-01-29 08:43 . 2011-01-29 08:43 894616 ----a-w- c:\windows\dbplugin.exe

2010-12-24 08:59 . 2010-06-14 08:43 57344 ----a-w- c:\windows\system32\ZipperBoy.ocx

2010-12-24 08:59 . 2010-06-14 08:43 94208 ----a-w- c:\windows\system32\Unzdll.dll

2010-12-24 08:59 . 2009-10-03 11:47 258048 ----a-w- c:\windows\system32\UCI32A41.dll

2010-12-24 08:59 . 1999-01-05 11:00 225280 ----a-w- c:\windows\system32\VSFLEX3.OCX

2010-12-24 08:59 . 2010-11-12 06:46 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9O.DLL

2010-12-24 08:59 . 2009-10-03 11:55 1171456 ----a-w- c:\windows\system32\PicNotify.dll

2010-12-24 08:59 . 2009-09-02 00:55 7360512 ----a-w- c:\windows\system32\RtsUStoricon.dll

2010-12-24 08:59 . 2009-09-02 00:55 270336 ----a-w- c:\windows\system32\RtsUStor.dll

2010-12-24 08:59 . 1998-09-16 22:50 151552 ----a-w- c:\windows\system32\RDOCURS.DLL

2010-12-24 08:59 . 2009-07-27 18:39 221184 ----a-w- c:\windows\system32\oemdspif.dll

2010-12-24 08:59 . 2009-10-03 11:45 10387456 ----a-w- c:\windows\system32\nvoglv32.dll

2010-12-24 08:59 . 2009-07-27 18:39 143360 ----a-w- c:\windows\system32\nvshext.dll

2010-12-24 08:59 . 2009-10-03 11:45 151552 ----a-w- c:\windows\system32\nvcohda.dll

2010-12-24 08:59 . 2009-10-03 11:45 155648 ----a-w- c:\windows\system32\nvcod1510.dll

2010-12-24 08:59 . 2009-10-03 11:45 155648 ----a-w- c:\windows\system32\nvcod.dll

2010-12-24 08:59 . 2009-09-15 13:49 2756608 ----a-w- c:\windows\system32\NETw5r32.dll

2010-12-24 08:59 . 2009-09-15 13:48 675840 ----a-w- c:\windows\system32\NETw5c32.dll

2010-12-24 08:59 . 2010-06-14 08:43 430080 ----a-w- c:\windows\system32\Msrepl35.dll

2010-12-24 08:59 . 2010-06-14 08:43 262144 ----a-w- c:\windows\system32\msrd2x35.dll

2010-12-24 08:59 . 2006-07-24 10:50 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2010-12-24 08:59 . 1999-01-22 12:16 65536 ----a-w- c:\windows\system32\MSRTEDIT.DLL

2010-12-24 08:59 . 1998-09-16 22:50 393216 ----a-w- c:\windows\system32\MSRDO20.DLL

2010-12-24 08:59 . 1998-08-09 04:37 94208 ----a-w- c:\windows\system32\MSSTKPRP.DLL

2010-12-24 08:59 . 2010-06-14 08:43 77824 ----a-w- c:\windows\system32\msbind.dll

2010-12-24 08:59 . 2010-06-14 08:43 299008 ----a-w- c:\windows\system32\MSDBRPTR.DLL

2010-12-24 08:59 . 1999-03-03 05:35 81920 ----a-w- c:\windows\system32\MDT2FW95.DLL

2010-12-24 08:59 . 1998-06-16 20:38 53248 ----a-w- c:\windows\system32\MFC42ENU.DLL

2010-12-24 08:59 . 2009-10-03 11:54 77824 ----a-w- c:\windows\system32\ILU.dll

2010-12-24 08:59 . 2009-10-03 11:54 32768 ----a-w- c:\windows\system32\ILUT.dll

2010-12-24 08:59 . 2009-07-13 23:46 16384 ----a-w- c:\windows\system32\iscsilog.dll

2010-12-24 08:59 . 2009-07-13 22:09 2531328 ----a-w- c:\windows\system32\igd10umd32.dll

2010-12-24 08:59 . 2009-07-13 22:09 3805184 ----a-w- c:\windows\system32\igdumd32.dll

2010-12-24 08:59 . 1998-09-22 03:56 32768 ----a-w- c:\windows\system32\IMESHARE.DLL

2010-12-24 08:58 . 2009-07-13 23:51 8192 ----a-w- c:\windows\system32\drivers\umpass.sys

2010-12-24 08:58 . 2009-07-13 23:51 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2010-12-24 08:58 . 2009-07-13 23:51 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2010-12-24 08:58 . 2009-07-14 02:05 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys

2010-12-24 08:58 . 2009-07-13 23:46 12288 ----a-w- c:\windows\system32\drivers\MTConfig.sys

2010-12-24 08:58 . 2009-07-13 23:45 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys

2010-12-24 08:58 . 2009-07-13 23:30 65536 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys

2010-12-24 08:58 . 2009-06-10 21:17 430080 ----a-w- c:\windows\system32\drivers\bxvbdx.sys

2010-12-24 08:58 . 2009-10-03 11:47 1658880 ----a-w- c:\windows\system32\CX32EP19.dll

2010-12-24 08:58 . 2010-11-12 06:46 167936 ----a-w- c:\windows\system32\CNCFMSh.EXE

2010-12-24 08:58 . 2010-11-12 06:46 98304 ----a-w- c:\windows\system32\CNC320I.DLL

2010-12-24 08:58 . 2010-11-12 06:46 274432 ----a-w- c:\windows\system32\CNC320L.DLL

2010-12-24 08:58 . 2010-11-12 06:46 192512 ----a-w- c:\windows\system32\CNC320O.DLL

2010-12-24 08:58 . 2010-11-12 06:46 1331200 ----a-w- c:\windows\system32\CNC320C.DLL

2010-12-24 08:58 . 2009-10-03 11:53 184320 ----a-w- c:\windows\system32\BisonCoi.dll

2010-12-24 08:58 . 2009-10-03 11:53 188416 ----a-w- c:\windows\system32\BisonR07.dll

2010-12-24 08:58 . 2009-10-03 11:54 1044480 ----a-w- c:\windows\system32\3DImageRenderer.dll

2010-12-24 08:58 . 2009-10-03 11:53 360448 ----a-w- c:\windows\system\BisonC07.dll

2010-12-24 08:58 . 2009-10-03 11:53 135168 ----a-w- c:\windows\system\BisonV07.dll

2010-12-24 08:57 . 2009-10-03 11:54 626688 ----a-w- c:\windows\msvcr80.dll

2010-12-24 08:55 . 2009-10-03 11:54 57344 ----a-w- c:\windows\AsfHelper.dll

2010-12-17 06:28 . 2010-12-17 06:28 733184 ----a-w- c:\windows\system32\alka958.dll.bak

2010-12-17 06:28 . 2010-12-17 06:28 0 ----a-w- c:\windows\system32\alkA958.tmp

.

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Apoint2K\Apoint .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\DivX\DivX Plus Web Player\DDmService .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Lenovo\Energy Management\Energy Management .exe
c:\program files\Lenovo\Energy Management\utility .exe
c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu .exe
c:\program files\Lenovo\VeriFace\PManage .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\QuickTime\QTTask .exe
</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2009-10-03 11:54 1410312 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [N/A]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-27 13797920]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 spiceworks;spiceworks;c:\users\Lokesh\Desktop\Spiceworks\httpd\bin\spiceworks-httpd.exe [x]

R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]

R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]

R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]

R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 funfrm;funfrm; [x]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]

S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://lenovo.live.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Lokesh\AppData\Roaming\Mozilla\Firefox\Profiles\5ygird6s.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,93,a7,a5,25,13,b6,4c,98,f1,79,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,93,a7,a5,25,13,b6,4c,98,f1,79,\

.

[HKEY_USERS\S-1-5-21-1859245121-1411811974-1986287310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1859245121-1411811974-1986287310-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2532)

c:\windows\system32\IcnOvrly.dll

.

Completion time: 2011-03-07 12:10:57

ComboFix-quarantined-files.txt 2011-03-07 06:40

ComboFix2.txt 2011-03-06 09:44

.

Pre-Run: 237,368,373,248 bytes free

Post-Run: 237,175,574,528 bytes free

.

- - End Of File - - 36624A852C39B81B8BF7FF86ECDC012F

Share this post


Link to post
Share on other sites

No. Didn't work right :( ...when you save all the code in the Code Box: You know: open Notepad, and then save as Combofix.txt to your Desktop. Then drag it over to the ComboFix.exe. It looks like maybe you didn't save it correctly: the name isn't there in the log. Well, you could try it again, no worries...I've got to get to bed, got some course in the morning, but I'll check it again tomorrow afternoon. We'll get it :)

 

Share this post


Link to post
Share on other sites

I am reposting the log file , I am sorry to have bothered you with the wrong log. Thanks for all your guidance and patience.

I hope I have done it correctly this time , kindly have a look :

 

 

ComboFix 11-03-06.05 - Lokesh 07-03-2011 17:37:11.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3067.2153 [GMT 5.5:30]

Running from: c:\users\Lokesh\Desktop\ComboFix.exe

Command switches used :: c:\users\Lokesh\Desktop\CFScript.txt.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\LogFiles\HTTPERR\httperr1.log

c:\windows\system32\LogFiles\Scm\0363f05a-09e4-4d8d-b265-e2bf20a8f5e2

c:\windows\system32\LogFiles\Scm\05ee699f-ab25-42d8-8781-558c5d1d2fad

c:\windows\system32\LogFiles\Scm\071d41b6-8806-4eb0-b661-6cb67be6e86e

c:\windows\system32\LogFiles\Scm\082bfbc7-1e7b-478a-8edb-85f28b80970f

c:\windows\system32\LogFiles\Scm\0d9b5d92-3a22-486d-a887-3aa21597cf27

c:\windows\system32\LogFiles\Scm\0e12083c-0335-49db-9542-ba1ec6d83ecc

c:\windows\system32\LogFiles\Scm\0e4f00d3-057a-4b2d-ab7d-dc401fc4c133

c:\windows\system32\LogFiles\Scm\18e6d428-d26c-4169-bedf-3b5bddc952f6

c:\windows\system32\LogFiles\Scm\1ec9510d-a439-4950-9399-b6399edf9ea7

c:\windows\system32\LogFiles\Scm\2375f586-1009-41fb-b54e-30d8af2b781d

c:\windows\system32\LogFiles\Scm\24fa84a0-e087-48ec-bc51-2b9c4c815d78

c:\windows\system32\LogFiles\Scm\28c66de1-98e0-4ef4-88ce-6b17feb6b4ac

c:\windows\system32\LogFiles\Scm\2bd05ba6-988d-4bd3-a9cd-9a39f80af524

c:\windows\system32\LogFiles\Scm\2c59ecaf-3a27-4640-9f4b-519b05bdd70f

c:\windows\system32\LogFiles\Scm\367f930a-a3db-4112-b1f1-50e92a171c88

c:\windows\system32\LogFiles\Scm\3a7cd133-4b28-4520-8eee-c6d3f58dbd1b

c:\windows\system32\LogFiles\Scm\3f688e78-2bc3-4a29-bb80-46d50ba99bbb

c:\windows\system32\LogFiles\Scm\4040e761-8758-4007-b2fe-142b24bf4b16

c:\windows\system32\LogFiles\Scm\4359b058-937c-4d93-a654-bcfd4b6f56c5

c:\windows\system32\LogFiles\Scm\4e20c4ad-95c6-4f6d-81b8-a0aa1fec4f36

c:\windows\system32\LogFiles\Scm\50fb5a03-0e1e-48de-b8a1-bee9d7d2cd0f

c:\windows\system32\LogFiles\Scm\5b184694-64c3-4633-94c5-945b3fa561d6

c:\windows\system32\LogFiles\Scm\5c297d51-2f95-4f19-9df9-f1dc0520051b

c:\windows\system32\LogFiles\Scm\5c2c622f-70e9-4194-a7da-033e827365ad

c:\windows\system32\LogFiles\Scm\5c5ae20e-1f54-4c3f-99dd-7dcec29d77a2

c:\windows\system32\LogFiles\Scm\60158c7a-6808-42cd-95ee-afd9a57925db

c:\windows\system32\LogFiles\Scm\6084d118-f128-4f14-bafa-4103cfbf3d01

c:\windows\system32\LogFiles\Scm\6375cc1c-d975-48d2-9cd5-63db19b10d4a

c:\windows\system32\LogFiles\Scm\64caae2d-ae84-4f95-950c-b91f025f0941

c:\windows\system32\LogFiles\Scm\654a07b0-f34a-434f-b10d-936e8514500d

c:\windows\system32\LogFiles\Scm\656d1047-2fa6-483c-a14a-093924019025

c:\windows\system32\LogFiles\Scm\6aef0c98-2cb4-4b67-8c70-4c977c7355cc

c:\windows\system32\LogFiles\Scm\6b7ac694-8d6d-481b-9dd8-2a3a741ada6d

c:\windows\system32\LogFiles\Scm\6d126255-a73f-41e0-a250-26efddabd874

c:\windows\system32\LogFiles\Scm\6db9f107-be08-42ec-9231-7f18b986607e

c:\windows\system32\LogFiles\Scm\6e11f480-2d1a-4a41-ad18-35c565a8f462

c:\windows\system32\LogFiles\Scm\731e9c62-95b5-4c8c-ab64-4cc591c9ff5b

c:\windows\system32\LogFiles\Scm\73259f86-29d6-42ff-b1e7-634f6e40d4f8

c:\windows\system32\LogFiles\Scm\74c9b178-d596-4681-b9d4-73b1d2e17d25

c:\windows\system32\LogFiles\Scm\75456eaa-e268-4952-9713-b446740372ff

c:\windows\system32\LogFiles\Scm\7d3c7871-a917-4ef0-82e8-5f0a96423051

c:\windows\system32\LogFiles\Scm\80c6501e-59e2-4634-93f4-aeff9d45ed98

c:\windows\system32\LogFiles\Scm\8905ecd8-016f-4dc2-90e6-a5f1fa6a841a

c:\windows\system32\LogFiles\Scm\9334c323-f100-4656-9ba0-e4aa69c0f9c2

c:\windows\system32\LogFiles\Scm\9b75c702-ea13-406a-badb-6c588ee4375b

c:\windows\system32\LogFiles\Scm\9efacbe6-a797-4905-a0c6-014cd3000dbb

c:\windows\system32\LogFiles\Scm\9f54b95f-5096-4803-ae61-e9b3ac5b616d

c:\windows\system32\LogFiles\Scm\a1cfa52f-06f2-418d-addb-cd6456d66f43

c:\windows\system32\LogFiles\Scm\a2c9b910-57ec-448c-8727-a0fbe54d032e

c:\windows\system32\LogFiles\Scm\a2cfb6f3-b3ae-4971-8e29-c415be22d2e5

c:\windows\system32\LogFiles\Scm\a2ebf925-3d2a-4c42-97e2-e8368e9eb70f

c:\windows\system32\LogFiles\Scm\a316e645-1c56-45a6-bd6a-7dca79778090

c:\windows\system32\LogFiles\Scm\a4b4591c-7ac9-4afb-9ea6-18fe1d70be31

c:\windows\system32\LogFiles\Scm\a6394592-54ce-4e93-8d64-1a068f462632

c:\windows\system32\LogFiles\Scm\a9a939a8-e1fd-4cd2-9136-5b8198e43829

c:\windows\system32\LogFiles\Scm\ab771a9f-fb0f-4fa1-8b5f-48186615901e

c:\windows\system32\LogFiles\Scm\aba196bd-7b3a-444e-b5cd-05c9b49b84ed

c:\windows\system32\LogFiles\Scm\adc1534e-1871-4190-bf4e-a487163c6996

c:\windows\system32\LogFiles\Scm\aee13f46-3958-43af-9eee-207e960e740c

c:\windows\system32\LogFiles\Scm\b3bc114c-9cc2-41d9-ba90-ad5c3839bef7

c:\windows\system32\LogFiles\Scm\b975a5f0-1de3-421f-863d-2c52b95aaa92

c:\windows\system32\LogFiles\Scm\b9bee219-c29e-4310-819c-147a5a0e045e

c:\windows\system32\LogFiles\Scm\bba67ad0-4ba0-4b44-827b-ff419b70c057

c:\windows\system32\LogFiles\Scm\c90440a0-6d8f-423f-8f42-83eef05ce708

c:\windows\system32\LogFiles\Scm\c9cff927-fd52-4d01-a304-705673e0812f

c:\windows\system32\LogFiles\Scm\cbb7b578-d956-419b-942e-d6e5b1a6e269

c:\windows\system32\LogFiles\Scm\cc1c3d43-3b15-4426-9bfa-f025e4abf92a

c:\windows\system32\LogFiles\Scm\d109f0db-e2d0-463c-bf46-11436f713069

c:\windows\system32\LogFiles\Scm\d21f6024-191f-4454-bbbc-09a650da2549

c:\windows\system32\LogFiles\Scm\d622195c-d680-4fea-9c56-59660c7c9e94

c:\windows\system32\LogFiles\Scm\d832eef8-e38f-43f3-99de-67f3f178c36c

c:\windows\system32\LogFiles\Scm\d8bb5b7f-d0ca-4f67-a3d7-73e1d05f63da

c:\windows\system32\LogFiles\Scm\de7a8fb4-fb32-4dcb-9103-1ec5ed62637f

c:\windows\system32\LogFiles\Scm\de8699d2-8a05-42f7-8a85-5162af47d26a

c:\windows\system32\LogFiles\Scm\de8bae53-2809-4f75-85ef-427d364b9b2c

c:\windows\system32\LogFiles\Scm\e2acc704-4155-483e-b35f-3875d587269f

c:\windows\system32\LogFiles\Scm\e6f3a527-8b0b-43fa-94eb-584032761924

c:\windows\system32\LogFiles\Scm\e79b2998-8f63-451a-a56d-26edc0a5098a

c:\windows\system32\LogFiles\Scm\e8164c0d-216c-4b6b-9eb8-31bf958b8014

c:\windows\system32\LogFiles\Scm\f1369a11-e983-4458-b390-712efa1cba44

c:\windows\system32\LogFiles\Scm\f93c7104-998a-4a38-b935-775a3138b3c3

c:\windows\system32\LogFiles\Scm\ffb8486a-9861-4b82-be38-c7f8fb1b6605

c:\windows\system32\LogFiles\WUDF\101224175409198-000040.rsc_tmp

c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl

c:\windows\system32\LogFiles . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))

.

.

2011-03-07 12:11 . 2011-03-07 12:13 -------- d-----w- c:\users\Lokesh\AppData\Local\temp

2011-03-07 12:11 . 2011-03-07 12:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-03-07 12:11 . 2011-03-07 12:11 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-03-07 12:11 . 2011-03-07 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-07 06:25 . 2011-02-23 04:05 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DB758E1-0419-4724-8AB1-A6B290811C2A}\mpengine.dll

2011-03-06 09:04 . 2011-03-06 09:04 -------- d-----w- c:\users\Lokesh\AppData\Roaming\uTorrent

2011-03-05 13:13 . 2011-03-05 13:13 -------- d-----w- C:\5e6edd20a42239d112e476da72e7f6

2011-03-05 13:12 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-03-05 11:02 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll

2011-03-05 11:02 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-05 11:02 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-05 11:02 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-03-05 11:02 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-03-05 11:02 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-03-05 11:02 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll

2011-03-05 11:02 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-03-04 06:09 . 2011-03-04 06:09 -------- d-----w- c:\program files\TT111-V4

2011-02-28 08:04 . 2010-12-20 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-28 08:04 . 2010-12-20 12:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-19 12:43 . 2011-02-19 14:13 -------- d-----w- c:\users\Lokesh\AppData\Roaming\OpenCandy

2011-02-18 11:04 . 2011-03-06 10:14 -------- d-----w- c:\users\Lokesh\AppData\Roaming\vlc

2011-02-15 12:58 . 2011-02-15 12:58 1409 ----a-w- c:\windows\_C090C50.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_FF299EF.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_90297E7.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_4F16793.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_181171E.FOT

2011-02-15 12:51 . 2011-02-15 12:51 -------- d-----w- c:\program files\R1Demo

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-18 09:39 . 2010-01-06 11:01 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-02-18 09:39 . 2010-01-06 11:01 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-02-02 11:41 . 2010-02-11 10:01 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-29 08:43 . 2011-01-29 08:43 31728 ----a-w- c:\windows\dbrmdwb.exe

2011-01-29 08:43 . 2011-01-29 08:43 26 ----a-w- c:\windows\dbrmdwb.bat

2011-01-29 08:43 . 2011-01-29 08:43 245840 ----a-w- c:\windows\system32\DNLEng.dll

2011-01-29 08:43 . 2011-01-29 08:43 2327704 ----a-w- c:\windows\dbplugin.ocx

2011-01-29 08:43 . 2011-01-29 08:43 2179072 ----a-w- c:\windows\npdbplug.dll

2011-01-29 08:43 . 2011-01-29 08:43 894616 ----a-w- c:\windows\dbplugin.exe

2010-12-24 08:59 . 2010-06-14 08:43 57344 ----a-w- c:\windows\system32\ZipperBoy.ocx

2010-12-24 08:59 . 2010-06-14 08:43 94208 ----a-w- c:\windows\system32\Unzdll.dll

2010-12-24 08:59 . 2009-10-03 11:47 258048 ----a-w- c:\windows\system32\UCI32A41.dll

2010-12-24 08:59 . 1999-01-05 11:00 225280 ----a-w- c:\windows\system32\VSFLEX3.OCX

2010-12-24 08:59 . 2010-11-12 06:46 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9O.DLL

2010-12-24 08:59 . 2009-10-03 11:55 1171456 ----a-w- c:\windows\system32\PicNotify.dll

2010-12-24 08:59 . 2009-09-02 00:55 7360512 ----a-w- c:\windows\system32\RtsUStoricon.dll

2010-12-24 08:59 . 2009-09-02 00:55 270336 ----a-w- c:\windows\system32\RtsUStor.dll

2010-12-24 08:59 . 1998-09-16 22:50 151552 ----a-w- c:\windows\system32\RDOCURS.DLL

2010-12-24 08:59 . 2009-07-27 18:39 221184 ----a-w- c:\windows\system32\oemdspif.dll

2010-12-24 08:59 . 2009-10-03 11:45 10387456 ----a-w- c:\windows\system32\nvoglv32.dll

2010-12-24 08:59 . 2009-07-27 18:39 143360 ----a-w- c:\windows\system32\nvshext.dll

2010-12-24 08:59 . 2009-10-03 11:45 151552 ----a-w- c:\windows\system32\nvcohda.dll

2010-12-24 08:59 . 2009-10-03 11:45 155648 ----a-w- c:\windows\system32\nvcod1510.dll

2010-12-24 08:59 . 2009-10-03 11:45 155648 ----a-w- c:\windows\system32\nvcod.dll

2010-12-24 08:59 . 2009-09-15 13:49 2756608 ----a-w- c:\windows\system32\NETw5r32.dll

2010-12-24 08:59 . 2009-09-15 13:48 675840 ----a-w- c:\windows\system32\NETw5c32.dll

2010-12-24 08:59 . 2010-06-14 08:43 430080 ----a-w- c:\windows\system32\Msrepl35.dll

2010-12-24 08:59 . 2010-06-14 08:43 262144 ----a-w- c:\windows\system32\msrd2x35.dll

2010-12-24 08:59 . 2006-07-24 10:50 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2010-12-24 08:59 . 1999-01-22 12:16 65536 ----a-w- c:\windows\system32\MSRTEDIT.DLL

2010-12-24 08:59 . 1998-09-16 22:50 393216 ----a-w- c:\windows\system32\MSRDO20.DLL

2010-12-24 08:59 . 1998-08-09 04:37 94208 ----a-w- c:\windows\system32\MSSTKPRP.DLL

2010-12-24 08:59 . 2010-06-14 08:43 77824 ----a-w- c:\windows\system32\msbind.dll

2010-12-24 08:59 . 2010-06-14 08:43 299008 ----a-w- c:\windows\system32\MSDBRPTR.DLL

2010-12-24 08:59 . 1999-03-03 05:35 81920 ----a-w- c:\windows\system32\MDT2FW95.DLL

2010-12-24 08:59 . 1998-06-16 20:38 53248 ----a-w- c:\windows\system32\MFC42ENU.DLL

2010-12-24 08:59 . 2009-10-03 11:54 77824 ----a-w- c:\windows\system32\ILU.dll

2010-12-24 08:59 . 2009-10-03 11:54 32768 ----a-w- c:\windows\system32\ILUT.dll

2010-12-24 08:59 . 2009-07-13 23:46 16384 ----a-w- c:\windows\system32\iscsilog.dll

2010-12-24 08:59 . 2009-07-13 22:09 2531328 ----a-w- c:\windows\system32\igd10umd32.dll

2010-12-24 08:59 . 2009-07-13 22:09 3805184 ----a-w- c:\windows\system32\igdumd32.dll

2010-12-24 08:59 . 1998-09-22 03:56 32768 ----a-w- c:\windows\system32\IMESHARE.DLL

2010-12-24 08:58 . 2009-07-13 23:51 8192 ----a-w- c:\windows\system32\drivers\umpass.sys

2010-12-24 08:58 . 2009-07-13 23:51 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2010-12-24 08:58 . 2009-07-13 23:51 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2010-12-24 08:58 . 2009-07-14 02:05 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys

2010-12-24 08:58 . 2009-07-13 23:46 12288 ----a-w- c:\windows\system32\drivers\MTConfig.sys

2010-12-24 08:58 . 2009-07-13 23:45 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys

2010-12-24 08:58 . 2009-07-13 23:30 65536 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys

2010-12-24 08:58 . 2009-06-10 21:17 430080 ----a-w- c:\windows\system32\drivers\bxvbdx.sys

2010-12-24 08:58 . 2009-10-03 11:47 1658880 ----a-w- c:\windows\system32\CX32EP19.dll

2010-12-24 08:58 . 2010-11-12 06:46 167936 ----a-w- c:\windows\system32\CNCFMSh.EXE

2010-12-24 08:58 . 2010-11-12 06:46 98304 ----a-w- c:\windows\system32\CNC320I.DLL

2010-12-24 08:58 . 2010-11-12 06:46 274432 ----a-w- c:\windows\system32\CNC320L.DLL

2010-12-24 08:58 . 2010-11-12 06:46 192512 ----a-w- c:\windows\system32\CNC320O.DLL

2010-12-24 08:58 . 2010-11-12 06:46 1331200 ----a-w- c:\windows\system32\CNC320C.DLL

2010-12-24 08:58 . 2009-10-03 11:53 184320 ----a-w- c:\windows\system32\BisonCoi.dll

2010-12-24 08:58 . 2009-10-03 11:53 188416 ----a-w- c:\windows\system32\BisonR07.dll

2010-12-24 08:58 . 2009-10-03 11:54 1044480 ----a-w- c:\windows\system32\3DImageRenderer.dll

2010-12-24 08:58 . 2009-10-03 11:53 360448 ----a-w- c:\windows\system\BisonC07.dll

2010-12-24 08:58 . 2009-10-03 11:53 135168 ----a-w- c:\windows\system\BisonV07.dll

2010-12-24 08:57 . 2009-10-03 11:54 626688 ----a-w- c:\windows\msvcr80.dll

2010-12-24 08:55 . 2009-10-03 11:54 57344 ----a-w- c:\windows\AsfHelper.dll

2010-12-17 06:28 . 2010-12-17 06:28 733184 ----a-w- c:\windows\system32\alka958.dll.bak

2010-12-17 06:28 . 2010-12-17 06:28 0 ----a-w- c:\windows\system32\alkA958.tmp

.

<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\DivX\DivX Plus Web Player\DDmService .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2009-10-03 11:54 1410312 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [N/A]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-27 13797920]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-12-24 417792]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 spiceworks;spiceworks;c:\users\Lokesh\Desktop\Spiceworks\httpd\bin\spiceworks-httpd.exe [x]

R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]

R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]

R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]

R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 funfrm;funfrm; [x]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]

S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://lenovo.live.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Lokesh\AppData\Roaming\Mozilla\Firefox\Profiles\5ygird6s.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1300)

c:\windows\system32\IcnOvrly.dll

c:\program files\Lenovo\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Lenovo\Bluetooth Software\btwdins.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-03-07 17:45:48 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-07 12:15

ComboFix2.txt 2011-03-06 09:44

.

Pre-Run: 237,304,156,160 bytes free

Post-Run: 237,241,929,728 bytes free

.

- - End Of File - - F3EAE3BADA9CD62C058668F1796398CA

Share this post


Link to post
Share on other sites
I am reposting the log file , I am sorry to have bothered you with the wrong log. Thanks for all your guidance and patience.

I hope I have done it correctly this time , kindly have a look

Perfect! smile.gif I'll get back to you later today, when I get home.

 

EDIT: There are some things on this log, I want to run by the experts on here, so give me a bit of time, to see what they think, then I'll get back to you. How is your computer running now?

Edited by duckfeet

Share this post


Link to post
Share on other sites

Hi

 

My system is running perfectly except for that minor glitch I believe. Thanks for all your effort and time . I will wait for your further advice.

Once again , a big thank you.

Share this post


Link to post
Share on other sites

Hi

 

My system is running perfectly except for that minor glitch I believe. Thanks for all your effort and time . I will wait for your further advice.

Once again , a big thank you.

 

You're welcome! :) We're getting there: First I need you to please locate and delete the following folder using Windows Explorer.

 

c:\windows\system32\LogFiles <<<<delete this folder.

 

Please empty the Recycle Bin

 

----

 

You are also going to have to uninstall Adobe and DivX, as they had become corrupted, and are causing problems. The best way to uninstall is by using Revo uninstaller. Once you have totally uninstalled these programs, you can then reinstall them again after we are finished, and you have AVG installed again. To uninstall Adobe and DivX please download and install the Freeware version of Revo Uninstaller from here. Then please run Revo Uninstaller to uninstall any Adobe and DivX programs you find.

Please click Uninstall icon to uninstall the selected program.

 

2ev563d.gif

 

Please choose Advanced.

 

aubbd2.gif

 

Then click Next and follow the prompts. Do not reboot until Revo is through.

 

Please click Select All (1.) and Delete (2.)

 

2hdphqf.gif

 

to delete all registry items, folders and files listed by Revo.

 

After you are done deleting these programs, reboot your computer.

 

----

 

 

Please run the following scan:

ESET OnlineScan

  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Make sure that the option Remove found threats is unchecked, and the option Scan unwanted applications is checked

    [*]Accept any security warnings from your browser.

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

 

Let me know what problems remain.

Edited by duckfeet

Share this post


Link to post
Share on other sites

Hi

 

I am stuck at the first step .The access to the logfiles in windows system 32 has been denied so I was unable to delete it. It states that you require permission from administraters to perform this step .

So , how am I supposed to delete it . Do I have to change the properties of the logfiles folder . Please guide.

Share this post


Link to post
Share on other sites

Hi

 

I am stuck at the first step .The access to the logfiles in windows system 32 has been denied so I was unable to delete it. It states that you require permission from administraters to perform this step .

So , how am I supposed to delete it . Do I have to change the properties of the logfiles folder . Please guide.

 

I'll see if ComboFix can do it, if not I've got some other tools we can use:

 

 

 

  • Make sure that combofix.exe is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

 

killall::

 

Folder::

c:\windows\system32\LogFiles

 

RenV::

c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe

c:\program files\DivX\DivX Plus Web Player\DDmService .exe

c:\program files\DivX\DivX Update\DivXUpdate .exe

 

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

CFScriptB-4.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Edited by duckfeet

Share this post


Link to post
Share on other sites

Please have a look at the following :

 

 

ComboFix 11-03-09.02 - Lokesh 10-03-2011 11:50:55.4.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3067.2386 [GMT 5.5:30]

Running from: c:\users\Lokesh\Desktop\ComboFix.exe

Command switches used :: c:\users\Lokesh\Desktop\CFScript.txt.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\LogFiles

c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl

c:\windows\system32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl

.

.

((((((((((((((((((((((((( Files Created from 2011-02-10 to 2011-03-10 )))))))))))))))))))))))))))))))

.

.

2011-03-10 06:26 . 2011-03-10 06:26 -------- d-----w- c:\windows\system32\Logfiles

2011-03-10 06:25 . 2011-03-10 06:26 -------- d-----w- c:\users\Lokesh\AppData\Local\temp

2011-03-10 06:25 . 2011-03-10 06:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-03-10 06:25 . 2011-03-10 06:25 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-03-10 06:25 . 2011-03-10 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-09 05:43 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 05:43 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-03-09 05:43 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-09 05:43 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 05:43 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-09 05:43 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 05:43 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 05:43 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 05:43 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-03-08 06:09 . 2011-02-23 04:05 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4FF62F3-4C47-45BB-8737-CDDEEC6FE0D5}\mpengine.dll

2011-03-06 09:04 . 2011-03-06 09:04 -------- d-----w- c:\users\Lokesh\AppData\Roaming\uTorrent

2011-03-05 13:13 . 2011-03-05 13:13 -------- d-----w- C:\5e6edd20a42239d112e476da72e7f6

2011-03-05 13:12 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-03-05 11:02 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll

2011-03-05 11:02 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-05 11:02 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-05 11:02 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-03-05 11:02 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-03-05 11:02 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-03-05 11:02 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll

2011-03-05 11:02 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-03-04 06:09 . 2011-03-04 06:09 -------- d-----w- c:\program files\TT111-V4

2011-02-28 08:04 . 2010-12-20 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-28 08:04 . 2010-12-20 12:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-19 12:43 . 2011-02-19 14:13 -------- d-----w- c:\users\Lokesh\AppData\Roaming\OpenCandy

2011-02-18 11:04 . 2011-03-08 19:31 -------- d-----w- c:\users\Lokesh\AppData\Roaming\vlc

2011-02-15 12:58 . 2011-02-15 12:58 1409 ----a-w- c:\windows\_C090C50.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_FF299EF.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_90297E7.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_4F16793.FOT

2011-02-15 12:55 . 2011-02-15 12:55 1409 ----a-w- c:\windows\_181171E.FOT

2011-02-15 12:51 . 2011-02-15 12:51 -------- d-----w- c:\program files\R1Demo

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-18 09:39 . 2010-01-06 11:01 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-02-18 09:39 . 2010-01-06 11:01 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-02-02 11:41 . 2010-02-11 10:01 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-29 08:43 . 2011-01-29 08:43 31728 ----a-w- c:\windows\dbrmdwb.exe

2011-01-29 08:43 . 2011-01-29 08:43 26 ----a-w- c:\windows\dbrmdwb.bat

2011-01-29 08:43 . 2011-01-29 08:43 245840 ----a-w- c:\windows\system32\DNLEng.dll

2011-01-29 08:43 . 2011-01-29 08:43 2327704 ----a-w- c:\windows\dbplugin.ocx

2011-01-29 08:43 . 2011-01-29 08:43 2179072 ----a-w- c:\windows\npdbplug.dll

2011-01-29 08:43 . 2011-01-29 08:43 894616 ----a-w- c:\windows\dbplugin.exe

2010-12-24 08:59 . 2010-06-14 08:43 57344 ----a-w- c:\windows\system32\ZipperBoy.ocx

2010-12-24 08:59 . 2010-06-14 08:43 94208 ----a-w- c:\windows\system32\Unzdll.dll

2010-12-24 08:59 . 2009-10-03 11:47 258048 ----a-w- c:\windows\system32\UCI32A41.dll

2010-12-24 08:59 . 1999-01-05 11:00 225280 ----a-w- c:\windows\system32\VSFLEX3.OCX

2010-12-24 08:59 . 2010-11-12 06:46 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9O.DLL

2010-12-24 08:59 . 2009-10-03 11:55 1171456 ----a-w- c:\windows\system32\PicNotify.dll

2010-12-24 08:59 . 2009-09-02 00:55 7360512 ----a-w- c:\windows\system32\RtsUStoricon.dll

2010-12-24 08:59 . 2009-09-02 00:55 270336 ----a-w- c:\windows\system32\RtsUStor.dll

2010-12-24 08:59 . 1998-09-16 22:50 151552 ----a-w- c:\windows\system32\RDOCURS.DLL

2010-12-24 08:59 . 2009-07-27 18:39 221184 ----a-w- c:\windows\system32\oemdspif.dll

2010-12-24 08:59 . 2009-10-03 11:45 10387456 ----a-w- c:\windows\system32\nvoglv32.dll

2010-12-24 08:59 . 2009-07-27 18:39 143360 ----a-w- c:\windows\system32\nvshext.dll

2010-12-24 08:59 . 2009-10-03 11:45 151552 ----a-w- c:\windows\system32\nvcohda.dll

2010-12-24 08:59 . 2009-10-03 11:45 155648 ----a-w- c:\windows\system32\nvcod1510.dll

2010-12-24 08:59 . 2009-10-03 11:45 155648 ----a-w- c:\windows\system32\nvcod.dll

2010-12-24 08:59 . 2009-09-15 13:49 2756608 ----a-w- c:\windows\system32\NETw5r32.dll

2010-12-24 08:59 . 2009-09-15 13:48 675840 ----a-w- c:\windows\system32\NETw5c32.dll

2010-12-24 08:59 . 2010-06-14 08:43 430080 ----a-w- c:\windows\system32\Msrepl35.dll

2010-12-24 08:59 . 2010-06-14 08:43 262144 ----a-w- c:\windows\system32\msrd2x35.dll

2010-12-24 08:59 . 2006-07-24 10:50 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2010-12-24 08:59 . 1999-01-22 12:16 65536 ----a-w- c:\windows\system32\MSRTEDIT.DLL

2010-12-24 08:59 . 1998-09-16 22:50 393216 ----a-w- c:\windows\system32\MSRDO20.DLL

2010-12-24 08:59 . 1998-08-09 04:37 94208 ----a-w- c:\windows\system32\MSSTKPRP.DLL

2010-12-24 08:59 . 2010-06-14 08:43 77824 ----a-w- c:\windows\system32\msbind.dll

2010-12-24 08:59 . 2010-06-14 08:43 299008 ----a-w- c:\windows\system32\MSDBRPTR.DLL

2010-12-24 08:59 . 1999-03-03 05:35 81920 ----a-w- c:\windows\system32\MDT2FW95.DLL

2010-12-24 08:59 . 1998-06-16 20:38 53248 ----a-w- c:\windows\system32\MFC42ENU.DLL

2010-12-24 08:59 . 2009-10-03 11:54 77824 ----a-w- c:\windows\system32\ILU.dll

2010-12-24 08:59 . 2009-10-03 11:54 32768 ----a-w- c:\windows\system32\ILUT.dll

2010-12-24 08:59 . 2009-07-13 23:46 16384 ----a-w- c:\windows\system32\iscsilog.dll

2010-12-24 08:59 . 2009-07-13 22:09 2531328 ----a-w- c:\windows\system32\igd10umd32.dll

2010-12-24 08:59 . 2009-07-13 22:09 3805184 ----a-w- c:\windows\system32\igdumd32.dll

2010-12-24 08:59 . 1998-09-22 03:56 32768 ----a-w- c:\windows\system32\IMESHARE.DLL

2010-12-24 08:58 . 2009-07-13 23:51 8192 ----a-w- c:\windows\system32\drivers\umpass.sys

2010-12-24 08:58 . 2009-07-13 23:51 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2010-12-24 08:58 . 2009-07-13 23:51 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2010-12-24 08:58 . 2009-07-14 02:05 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys

2010-12-24 08:58 . 2009-07-13 23:46 12288 ----a-w- c:\windows\system32\drivers\MTConfig.sys

2010-12-24 08:58 . 2009-07-13 23:45 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys

2010-12-24 08:58 . 2009-07-13 23:30 65536 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys

2010-12-24 08:58 . 2009-06-10 21:17 430080 ----a-w- c:\windows\system32\drivers\bxvbdx.sys

2010-12-24 08:58 . 2009-10-03 11:47 1658880 ----a-w- c:\windows\system32\CX32EP19.dll

2010-12-24 08:58 . 2010-11-12 06:46 167936 ----a-w- c:\windows\system32\CNCFMSh.EXE

2010-12-24 08:58 . 2010-11-12 06:46 98304 ----a-w- c:\windows\system32\CNC320I.DLL

2010-12-24 08:58 . 2010-11-12 06:46 274432 ----a-w- c:\windows\system32\CNC320L.DLL

2010-12-24 08:58 . 2010-11-12 06:46 192512 ----a-w- c:\windows\system32\CNC320O.DLL

2010-12-24 08:58 . 2010-11-12 06:46 1331200 ----a-w- c:\windows\system32\CNC320C.DLL

2010-12-24 08:58 . 2009-10-03 11:53 184320 ----a-w- c:\windows\system32\BisonCoi.dll

2010-12-24 08:58 . 2009-10-03 11:53 188416 ----a-w- c:\windows\system32\BisonR07.dll

2010-12-24 08:58 . 2009-10-03 11:54 1044480 ----a-w- c:\windows\system32\3DImageRenderer.dll

2010-12-24 08:58 . 2009-10-03 11:53 360448 ----a-w- c:\windows\system\BisonC07.dll

2010-12-24 08:58 . 2009-10-03 11:53 135168 ----a-w- c:\windows\system\BisonV07.dll

2010-12-24 08:57 . 2009-10-03 11:54 626688 ----a-w- c:\windows\msvcr80.dll

2010-12-24 08:55 . 2009-10-03 11:54 57344 ----a-w- c:\windows\AsfHelper.dll

2010-12-17 06:28 . 2010-12-17 06:28 733184 ----a-w- c:\windows\system32\alka958.dll.bak

2010-12-17 06:28 . 2010-12-17 06:28 0 ----a-w- c:\windows\system32\alkA958.tmp

.

<pre>
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\DivX\DivX Plus Web Player\DDmService .exe
</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2009-10-03 11:54 1410312 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [N/A]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-27 13797920]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-12-24 417792]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 spiceworks;spiceworks;c:\users\Lokesh\Desktop\Spiceworks\httpd\bin\spiceworks-httpd.exe [x]

R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]

R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]

R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]

R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 funfrm;funfrm; [x]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]

S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://lenovo.live.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Lokesh\AppData\Roaming\Mozilla\Firefox\Profiles\5ygird6s.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3416)

c:\windows\system32\IcnOvrly.dll

c:\program files\Lenovo\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Lenovo\Bluetooth Software\btwdins.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-03-10 11:59:43 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-10 06:29

ComboFix2.txt 2011-03-06 09:44

.

Pre-Run: 237,466,968,064 bytes free

Post-Run: 237,383,806,976 bytes free

.

- - End Of File - - 84E48848CD0FD42A1E41DB3C0C776515

Share this post


Link to post
Share on other sites

That did the removals: You will still have to uninstall Adobe, and DivX. And then you can re-install them both. Your logs though, look clean. When you finish the uninstalls, please run the ESET scan, and post the results and let me know how your computer is running now.

Share this post


Link to post
Share on other sites

That did the removals: You will still have to uninstall Adobe, and DivX. And then you can re-install them both. Your logs though, look clean. When you finish the uninstalls, please run the ESET scan, and post the results and let me know how your computer is running now.

 

 

Thanks for your continued support. I have uninstalled adobe and divx . Please have a look at the following results of ESET scan :

 

 

D:\LOKESH-PC\Backup Set 2010-03-15 150231\Backup Files 2010-05-09 190001\Backup files 1.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-03-15 150231\Backup Files 2010-05-16 200505\Backup files 1.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-05-23 231800\Backup Files 2010-05-23 231800\Backup files 1.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-07-11 190002\Backup Files 2010-07-11 190002\Backup files 1.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-08-22 190002\Backup Files 2010-08-22 190002\Backup files 2.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-10-04 113922\Backup Files 2010-10-04 113922\Backup files 2.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-10-04 113922\Backup Files 2010-10-12 105034\Backup files 1.zip multiple threats

Share this post


Link to post
Share on other sites

Thanks for your continued support. I have uninstalled adobe and divx . Please have a look at the following results of ESET scan :

 

 

D:\LOKESH-PC\Backup Set 2010-03-15 150231\Backup Files 2010-05-09 190001\Backup files 1.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-03-15 150231\Backup Files 2010-05-16 200505\Backup files 1.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-05-23 231800\Backup Files 2010-05-23 231800\Backup files 1.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-07-11 190002\Backup Files 2010-07-11 190002\Backup files 1.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-08-22 190002\Backup Files 2010-08-22 190002\Backup files 2.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-10-04 113922\Backup Files 2010-10-04 113922\Backup files 2.zip Win32/PSW.QQTen.NBB trojan

D:\LOKESH-PC\Backup Set 2010-10-04 113922\Backup Files 2010-10-12 105034\Backup files 1.zip multiple threats

 

Yep, we're getting there: I'd just delete these folders. They are backup folders you have created, and unless you need them for some reason, just navigate to them and delete them. Let me know if you have problems doing this, and I can make a batch file that will do this...other than that though, your logs look good...let me know how your computer is running now, and I can give you some closing suggestions and instructions.

Share this post


Link to post
Share on other sites

Hi

 

I have manually deleted all the trojans but the pop up messages still continue. I hope there still might be some solution to tha problem.

So , if it can solved it would be great.

Share this post


Link to post
Share on other sites
I have manually deleted all the trojans but the pop up messages still continue. I hope there still might be some solution to that problem.

So , if it can solved it would be great.

 

When you say : "but the pop up messages still continue. " is this what you are referring to:

 

if I try try to close the internet explorer window I still get the message pop up though the window does close after doing the following :

 

The message reads like this :

 

A website wants to open webcontent using this program on your computer .

Name : windows live messenger companion

Publisher : microsoft corporation

 

I usually click ' don't allow ' ( as the message states it will open the program outside my protected mode ) and

check the box next to it ' do not show this warning again ' but this pop up reappears the next time when I work on net.

 

IF so, start with this:

 

Windows Live Messenger Companion is an extension to Internet Explorer included with Windows Live Messenger. The first thing I'd do would be to open Internet Explorer, click on Tools->Manage Add-Ons->Toolbars and Extensions, and see if you can uninstall, or at least disable this WLMC, and see if that helps...I'll keep researching this, but I first need to know if this is the problem you are referring to. If it is, and the above doesn't work, you'll need to uninstall Windows Live Messenger, and see if *that* solves your problem, and sort of work backwords like that, until we find what is causing this...now you've had several problems on here--including a serious rootkit--so I"m not totally ruling out some hidden malware we've not seen, but I"d start with this. Let me know if it's something else you are referring to.

Share this post


Link to post
Share on other sites

Hi

 

Ya ,It has actually worked . I disabled WLMC from toolbars & extensions and now the pop up msgs have gone.

I think the system is running perfectly now. Thanks for all that effort & time that you invested in answering all my queries and providing constant guidance .

Its been wonderful acting on it and the results are fabulous.

So , now I think I am ready for the final steps : should I uninstall combofix and revouninstaller now and install AVG.

 

Thank you !

Share this post


Link to post
Share on other sites
Hi

 

Ya ,It has actually worked . I disabled WLMC from toolbars & extensions and now the pop up msgs have gone.

I think the system is running perfectly now. Thanks for all that effort & time that you invested in answering all my queries and providing constant guidance .

Its been wonderful acting on it and the results are fabulous.

So , now I think I am ready for the final steps : should I uninstall combofix and revouninstaller now and install AVG.

 

Thank you !

 

You're welcome! I"m really happy to hear that we got these pop-up problems: I was so excited about the malware we were finding, that I'd forgotten about those pop-ups. I'm glad you reminded me, and that we were able to solve that, too. On the Revo: I kind of like keeping it around for uninstalling stuff, as it gets rid of everything, but it's your choice. These final steps will get rid of most stuff, and yes, if you wish to keep AVG as your antivirus, you can re-install it now.

 

The following will implement some cleanup procedures as well as reset System Restore points:

 

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: (If you don't have the 'Run' box, type 'Run' in the 'Search' box, then click on 'Run'")

 

ComboFix /Uninstall

 

(Be sure to leave the space between "ComboFix" and "/Uninstall")

 

------

 

To remove all of the tools we used and the files and folders they created, please do the following:

Please download OTC.exe by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Remove any other tools we have installed for the purpose of this fix.

 

------

 

Please enable Automatic Updates under Start > All Programs > Windows Update. See:

Windows Updates

 

-------

 

Make sure your security programs are re-enabled: For instructions on re-enabling firewalls or other anti-malware programs, please go here

 

AVG includes protection against viruses, spyware and other forms of malicious software. You always want to have one--but only one!--antivirus and antispyware program running in real-time mode. Most reputable antivirus programs now also have some form of antispyware protection, so it is important to ensure no other antivirus/antispyware programs are running real-time protection at the same time as this can cause conflicts, false positives, and lessen the effectiveness of each.

 

The free edition of MBAM is also a passive protector and can be used to regularly scan the computer.

----

Make sure your programs are up to date - because older versions may contain Security Leaks.

To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

 

----

 

Malware steals passwords! If you haven't changed all your passwords yet, I strongly recommend you do it now. Please create strong passwords and use a different one for every site. You can store all passwords in a KeePass.

 

----

 

Routers get infected too. To prevent this see:

How to Secure a Wireless Router

Every router is different, so to get more details and tutorials for your own router, just use google to find the info.

For example, if you have a linksys router, google: How to secure a linksys router.

 

----

 

Be very careful of 'rogue' and 'scareware' programs. These are fake security programs that mimic legitimate ones. Whether it is a popup saying you have malware, or a real infection that has a bogus 'antivirus' or 'security' name attached, these are simply attempts by online criminals to get your money. There are endless variations on these schemes. Don't click *anywhere* on security popups that you did not install yourself. If you are unsure--or have been infected--close your browser, and seek help in a security forum you trust.

See: Fake infection warnings

 

----

 

For much more useful information see:

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Share this post


Link to post
Share on other sites

Hi

 

I have carried out all steps and reinstalled AVG and now my sytem is working perfectly fine.

Thanks for all your help and expert advice. I hope now my system will run perfectly fine in future too will all the valuable tips

that you have provided. Thank you very much.

Share this post


Link to post
Share on other sites

Hi

 

I have carried out all steps and reinstalled AVG and now my sytem is working perfectly fine.

Thanks for all your help and expert advice. I hope now my system will run perfectly fine in future too will all the valuable tips

that you have provided. Thank you very much.

 

You are very welcome! Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0