TechSpot

Need help resolving with Google redirect malware

By technobrat
May 19, 2011
  1. I have done with 7 steps and attached the log files below. My google results in firefox browser redirects me to spam websites. IE opens with spam sites often. Windows Security Center is turned off ( I even tried to turn on using services.msc, but it gets off after some time). Hope I found some trojans in malware's scan.

    ********************************************************************************
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6612

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    19-05-2011 01:03:14
    mbam-log-2011-05-19 (01-03-14).txt

    Scan type: Quick scan
    Objects scanned: 156225
    Time elapsed: 5 minute(s), 1 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 8

    Memory Processes Infected:
    c:\Users\Shravan\AppData\Local\Temp\Yq1.exe (Trojan.Downloader) -> 2100 -> Unloaded process successfully.
    c:\Users\Shravan\AppData\Local\Temp\Yq2.exe (Trojan.Downloader) -> 2248 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SNJQ66R8MU (Trojan.Downloader) -> Value: SNJQ66R8MU -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Shravan\AppData\Local\Temp\Yq1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Shravan\AppData\Local\Temp\Yq2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\System32\msdtcuiul.dll (Trojan.Agent.GGEP) -> Quarantined and deleted successfully.
    c:\Users\Shravan\AppData\Local\Temp\Yq0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Yruqaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

    ********************************************************************************
    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-19 11:40:18
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320JI rev.2SS00_08
    Running: jw7q9cib.exe; Driver: C:\Users\Shravan\AppData\Local\Temp\pwddrpoc.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308E579 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A6C47000 114 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 5003 A6C47073 175 Bytes [A6, 32, C0, EB, 02, B0, 01, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A6C47123 629 Bytes [25, C4, A6, FE, 05, 34, 25, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 5329 A6C47399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 538F A6C473FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
    PAGE ...

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW] [70ADB0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000008a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c38f603 0x43 0x0B 0xDC 0xBA ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@001ca40b52df 0x1D 0x38 0x83 0x4C ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c9ce9e1 0x15 0x0F 0xB3 0xF8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@0025e75056d3 0xD1 0x76 0xA5 0x62 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???t??????R??????????????d???????????????????????????????????????????t??????????*6to4mp?????? ???????t???????????t??????????N????????????r??? 2??t??????????????\Device\LanmanRedirector??????4??t??????????Microsoft Windows Network?????N??t?????????e????@%systemroot%\system32\wkssvc.dll,-102????????F??t?????????????????t?????t??????????????????????????t?????????????????????????????????????????P??t????????h?????\SystemRoot\system32\DRIVERS\MegaSR.sys??????????t??????p???SCSI Miniport?????P??t???????????d??megasr.inf_x86_neutral_30b367f92ca46598??????t?t?t?t?t?tev???????v??@%SystemRoot%\system32\drivers\mountmgr.sys,-101????system32\DRIVERS\msahci.sys???????N??????????????d??System32\Drivers\mup.sys????????????????????????????????????????????@%SystemRoot%\system32\FirewallAPI.dll,-23093?????8??t????????h?????????????????????%SystemRoot%\System32\ntlanman.dll??????? ???????t???????????t????????0?B??? ???????????? B??t??????????????%SystemRoot%\System32\wkssvc.dll?????????????????????????????????????????????????d?
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ???v????????????????????????????????????????????????????? ???????u?????????????9??????"??????????e??\SystemRoot\system32\DRIVERS\parport.sys????@%SystemRoot%\system32\drivers\partmgr.sys,-100???????????????2???????????h?????system32\DRIVERS\rdbss.sys????????b??v?????????e??????^??v?????????n??????<??u????????h??????????U??????????*isatap?????????????????????????????LegacyDriver?6??????????????????????????????11??????????????????????????????????????????????????????????????t???????????????????????????????? ???????u?????u?? ????:??????.????? ???????????? ??k???????????????????????9?????9?9???????6???????????????????????????????????e??????????????????text?9???????m????????????e???????????????????????????6??u??????p???????????????????????? ????????????????????????????????????????????????????????t????????????????????????t????????????????t????v?v?v?????????????????????t????????????????????????????????? ???????u?????u???????:??X????????? ???????????@%SystemRoot%\system32\drivers\partmgr.sys,-101????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???{??????4??????????t?????????????{?????????l??? ???????y?????z?????w????????(????? ???????e?????????????????????????????????????????????????l??{?????????h????? ???????{???????????w????????0?l????????g????????????????????s???????l??{?????????h?????{??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|????????*6to4mp?????ssmdrv??????? ???????*?????O\0??????????%systemroot%\system32\LogFiles\Firewall\pfirewall.log??????????????????e????????????????????????????? ???????y?????w????????????????????????????????????? ???????{?????{???????'????????????????????????? ???????{???????????w?'?????????????????'??? ???{??????????????V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|??????? ???{???'?????'?'??V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\S
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???y?u???????????????v???y???????????.???e???????????????????????????v??COM6?????????????????????????????????\??????\L??????????????????????????????????????????????? ???????t?????t?????????????????????????s??NDIS????? ???????t???????????t????????(???????1?????????????????????????????????????????????????????? ???????t???????????e????????(????????1????????????????t????????????????????????????t?t1????u??? ???????t???????????t????????(???????????????????????????????????????????????????????xu1????u?t?u?u????? ???????t???????????t?,??????(?????????????????????????????????????????????????????? ???????t???????????t????????(???????6?????????????????????????????????G??????????????????????t1??t???t???t???t6? u???????????????????????????????e?????u??????????????? ???????t?????t?????s????????(?????????????? ?????? u???????????t????????B???????1??????!????????????????????????e?????????????????????????????????????????????????????????? ???????t???????????u????????B????? ??????????????????????????????????e???????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ???yta??????????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|????????????????t?????6??|????????h??????????????????????????????h??????????????????Microsoft????????y??????????????Type?h???????????????|?|?|???????y???<???????????;???????u????N?????????????????????????????????6-21-2006????????????????y??????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|??????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|?????????y???<?
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???{?????????l??? ???????y?????z?????w????????(????? ???????e?????????????????????????????????????????????????l??{?????????h????? ???????{???????????w????????0?l????????g????????????????????s???????l??{?????????h?????{??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|????????*6to4mp?????ssmdrv??????? ???????*?????O\0??????????%systemroot%\system32\LogFiles\Firewall\pfirewall.log??????????????????e????????????????????????????? ???????y?????w????????????????????????????????????? ???????{?????{???????'????????????????????????? ???????{???????????w?'?????????????????'??? ???{??????????????V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|??????? ???{???'?????'?'??V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\System32\svchost.exe|Svc=AxInstSV
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c38f603 0x43 0x0B 0xDC 0xBA ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@001ca40b52df 0x1D 0x38 0x83 0x4C ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c9ce9e1 0x15 0x0F 0xB3 0xF8 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@0025e75056d3 0xD1 0x76 0xA5 0x62 ...
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???s????????????e2??Type?????????????????????s???????s?????s????45000????g?j?j?j?????k????f??s?????????e???????????l????.NT?????? ???????s?????s?????s????????????????????s??????????s???????????e??? ???????s???????????s???????????????????????????s???????????s??????????????s????s?s???????s????? ???????o?????s?????s??????????h?r???????e???????h??s?????????e????@%SystemRoot%\system32\drivers\filetrace.sys,-10001???????4??s??????p???FSFilter Activity Monitor??????s??????>??s????????h?????system32\drivers\filetrace.sys????????h??s?????????n????@%SystemRoot%\system32\drivers\filetrace.sys,-10000?????FltMgr??????????????????????????????????????t????????s?????????????????????g?????????????????????s?s?s?s?s?s?s?s?s???????s???????????e??? ???????s?????s?????s?,??0?????2?????????s???????2??s???????????e??FileTrace - Top Instance????? ???????s???????????s?,????????????????????????????385000???????s??????????????s????s?s???????s????? ???????o???????????s??????????T?s?????????????????????t????????????????????s?s?s?????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???s????????????????????USB\VID_03F0&PID_171D\5&1f2a7902&0&1????? z???????????????????N??????????????????s????X??????.???t??int?????? ???????o?????s?????s????????$???m????x??????P??s?????????e????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??s????????h?????%systemroot%\system32\fxssvc.exe????????????????t??????s?????s????????????????????????????????P??s?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????s???+????????@??s???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??s??????????????NT AUTHORITY\NetworkService???????,??s???+???????+???????????????????????????s??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s???????????r?????????????????????????????????p?????????????(??????P??????????????????? ???????????????????????????? ???????o???????????s??????????J?n????c????????????????t??????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s?s??6-21-2006????????????6??5:??????????????t??????????????????????????s????????????????t?????B??s???6?????e????????????????t?????.??s?????????e??????X??????.???t??Microsoft Bluetooth HID Miniport????????????????????????????????????????? ???????o?????s?????s??????????x?z???????????????????????????????????????????????T??s????????h?????\SystemRoot\system32\DRIVERS\gagp30kx.sys?????x??s?????????e????Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms??????????s??????p???PnP Filter???????s?s?s?s?s?s?s????J??s???????????d??agp.inf_x86_neutral_a61b8b06718e8352????? ???????s???????????s?????????????? ????????????????s??????????? ???????o?????s?????s?0??????$???}?????c???????? ???????????????????? ??s?????????e????@gpapi.dll,-112??????s?s?s???????s??????p???ProfSvc_Group?????Z??s????????h?????%systemroot%\system32\svchost.exe -k netsvcs?????????????&???? ??s?????????n????@gpapi.dll,-113??????s???s??????????????? ???s??????????????LocalSystem????????? ???????????????????????????????????????????t?????,??s?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???j?s???????????????????????5???$???e???????????????????????????$???e????????????????????????????~??f????????????N??e???,????????????X??g???????0???e??????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????f?f????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000???????N??f??? ?????D?0??*isatap?-E??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ????????????? ??????????????????0???????e??????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e??????????????????????????RTL8167?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e?????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???k?s???????k???????e???????k???????????????????????????????????????f?j?k?k?????3???????????????????l?l?l???????z?????????????? ???????????????LegacyDriver????????????? P??????6?????6-4???????z???????3????X??????&???&??????M????|?|?k???????????h?k?k?k????s????????k???e??s????????k???????????????????4???????4????????????????????????N??k???4????D?? ??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????y??????s????????g???&???0??STORAGE\Volume??ag????X??l???????????????o???l?l?????f?k?k?k?????????????k??????s???? "??k???????????????????????????????????????????????????k???&???????????}???-???????????????????k??????????? ???????fa????l???????-??,?????????????????? ???????k?????k???????-???????????????????????k?&??? ???????k?????k?? ????-??"?????b???????????rdbss????????f?j?k?k?k???k??STORAGE\Volume???????k???k?????????????????????????????????????????????????????????????s????{8ECC055D-047F-11D1-A537-0000F8753ED1}???A??????????????????????mrxsmb???????????????????????????????4??????????????????????????seehcri????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???k?s??? ???????k?????k?????k?-???????????? ???????????LegacyDriver?????k??? ???????k???????????t?-????????N???????????{71a27cdd-812a-11d0-bec7-08002be2092f}???????????|???????k??????s????????????k?????????????????k?&??Volume??HJ???????????4???????????????\??????????????????????????????seehcri???????????????????s?????????????Net??t???k????:??????4?g??????:??????4?g?????????i??????s???LegacyDriver?????????k???8???????????????????????????k???0???2???k???l?l?????????????????s???k???????k???????????????????????????????????????????????3???????k???k??LegacyDriver?????k?k?k?k?????k???g?j?k?k?????k???k???k??disk????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????seehcri??????????k??????s???? ???j???????????????????????k???????????k??? ???????k?????k?????k?-???????????????????C?????????????7??????B3??? ???????k???????????k?-????????Z???????????LegacyDriver?????k???????????k?????k?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????g?h?k?k?k?k?h???????k?????????????? ??????????s@v?????????????????s?????l?l??????`??}?????????

    ---- EOF - GMER 1.0.15 ----


    ********************************************************************************.
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Shravan at 11:44:59.12 on 19-05-2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.3039.1676 [GMT 2:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Shravan\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
    TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Google Update] "c:\users\shravan\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: kuaiche.com\software
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\shravan\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\users\shravan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\shravan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Auto Shutdown: amin.eft_Shutdown@gmail.com - %profile%\extensions\amin.eft_Shutdown@gmail.com
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2011-2-2 28184]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-3 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-3 269480]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-1-3 27632]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-1-3 13224]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
    .
    =============== Created Last 30 ================
    .
    2011-05-18 22:57:07 -------- d-----w- c:\users\shravan\appdata\roaming\Malwarebytes
    2011-05-18 22:57:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-18 22:56:59 -------- d-----w- c:\progra~2\Malwarebytes
    2011-05-18 22:56:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-18 22:56:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-17 23:32:23 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
    2011-05-17 11:12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-11 13:04:18 -------- d-----w- c:\progra~2\Skype Extras
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 11:45:30.75 ===============
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot!
    Malwarebytes has removed a considerable amount of malware from the system, but there will be more entries.

    Please remove this immediately from this zone: Trusted Zone: kuaiche.com\software. This is rated as a dangerous site and should be placed in the Restricted Zone:
    1. Go to the Control Panel> Internet Options> Security tab> Trusted Sites> Sites> find, highlight and remove the domain .kuaiche.com> Apply.
    2. Go back to the Security tab> Click on Restricted sites> Sites> enter the following in the dialog box:
    Click on Apply> Okay. Close Internet Options.
    =============================================
    There is another log from DDS. It is named Attach.txt Please find it on your system and include it in your next reply.
    ==============================================
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result. Paste the log into next reply.
    ====================================================
    Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions if needed[list[
    [*] Click START> then RUN
    [*] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Download Combofix from HERE or HERE and save to the desktop
      • Double click combofix.exe & follow the prompts.
      • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
        **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
      • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
        [​IMG]
      • .Click on Yes, to continue scanning for malware
      • .If Combofix asks you to update the program, allow
      • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • .Close any open browsers.
      • .Double click combofix.exe[​IMG] & follow the prompts to run.
      • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
      Re-enable your Antivirus software.
      Notes:
      1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    • A reboot is required after disinfection.
     
  3. technobrat

    technobrat TS Rookie Topic Starter

    Hi Bobbye,

    After the first run of Malwarebytes (and also following 7 steps) I am not facing any problem with google search results redirect. But I still want to confirm that my PC is safe and secure to work. Attached the remaining scan reports as mentioned in your reply.

    1. Moved *.kuaiche.com from trusted site list to restricted site.

    2. Attach.txt
    ==========
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11-08-2010 17:10:32
    System Uptime: 19-05-2011 11:04:57 (0 hours ago)
    .
    Motherboard: Compal | | 306D
    Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 130.729 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.861 GiB free.
    E: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C053\7&151B04D5&0&001CA40B52DF_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C053\7&151B04D5&0&001CA40B52DF_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
    Service:
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Multi-Card
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#
    Manufacturer: Generic-
    Name: G:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#
    Service: WUDFRd
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Service:
    .
    Class GUID:
    Description:
    Device ID: ACPI\ENE0100\3&33FD14CA&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\ENE0100\3&33FD14CA&0
    Service:
    .
    Class GUID:
    Description:
    Device ID: USB\VID_138A&PID_0005\5&1F2A7902&0&2
    Manufacturer:
    Name:
    PNP Device ID: USB\VID_138A&PID_0005\5&1F2A7902&0&2
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{8E771503-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{8E771503-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{8E771602-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{8E771602-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP64: 06-05-2011 22:35:14 - Scheduled Checkpoint
    RP65: 14-05-2011 22:19:32 - Scheduled Checkpoint
    RP66: 17-05-2011 17:01:26 - Installed Adobe Photoshop CS2
    RP67: 18-05-2011 15:26:46 - Removed Adobe Community Help
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.4
    Adobe Shockwave Player 11.5
    Avira AntiVir Personal - Free Antivirus
    CCleaner
    Crystal Reports Basic for Visual Studio 2008
    DivX Setup
    FileZilla Client 3.3.4.1
    Foxit PDF Editor
    Foxit Reader
    Google Chrome
    Google Earth Plug-in
    Google Talk (remove only)
    Google Talk Plugin
    Google Update Helper
    Jumblo
    Malwarebytes' Anti-Malware
    MATLAB R2010b
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft Device Emulator version 3.0 - ENU
    Microsoft Document Explorer 2008
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 Tools
    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox (3.6.17)
    NVIDIA Drivers
    Picasa 3
    PVSonyDll
    RealPlayer
    RealUpgrade 1.0
    Skype™ 5.3
    Sony Ericsson Update Service
    The KMPlayer (remove only)
    Unlocker 1.9.0
    VC Runtimes MSI
    VC80CRTRedist - 8.0.50727.4053
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    VLC media player 1.1.3
    VoipDiscount
    Windows Media Player Firefox Plugin
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    WinRAR archiver
    WordWeb
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    19-05-2011 11:05:38, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 CSN5PDTS82x64
    18-05-2011 20:25:29, Error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
    18-05-2011 20:24:06, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D3AF8C6B-18F6-4A29-A070-99E1B38F2BBC} because another computer on the network has the same name. The server could not start.
    18-05-2011 15:50:43, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147024882
    18-05-2011 15:49:51, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    18-05-2011 15:49:51, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    18-05-2011 15:49:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    18-05-2011 15:49:20, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    16-05-2011 17:14:13, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.100 with the system having network hardware address 00-25-4B-94-94-A0. Network operations on this system may be disrupted as a result.
    12-05-2011 18:12:03, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    12-05-2011 01:15:26, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.100 with the system having network hardware address E0-2A-82-1F-C3-04. Network operations on this system may be disrupted as a result.
    .
    ==== End Of File ===========================

    3. TDSSKiller.exe
    ===============

    Found no infections. Attached its log file below.

    2011/05/21 13:11:51.0179 3156 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
    2011/05/21 13:11:51.0480 3156 ================================================================================
    2011/05/21 13:11:51.0480 3156 SystemInfo:
    2011/05/21 13:11:51.0480 3156
    2011/05/21 13:11:51.0480 3156 OS Version: 6.1.7600 ServicePack: 0.0
    2011/05/21 13:11:51.0480 3156 Product type: Workstation
    2011/05/21 13:11:51.0480 3156 ComputerName: SHRAVANKUMAR
    2011/05/21 13:11:51.0481 3156 UserName: Shravan
    2011/05/21 13:11:51.0481 3156 Windows directory: C:\Windows
    2011/05/21 13:11:51.0481 3156 System windows directory: C:\Windows
    2011/05/21 13:11:51.0481 3156 Processor architecture: Intel x86
    2011/05/21 13:11:51.0481 3156 Number of processors: 2
    2011/05/21 13:11:51.0481 3156 Page size: 0x1000
    2011/05/21 13:11:51.0481 3156 Boot type: Normal boot
    2011/05/21 13:11:51.0481 3156 ================================================================================
    2011/05/21 13:11:51.0980 3156 Initialize success
    2011/05/21 13:21:03.0829 3064 ================================================================================
    2011/05/21 13:21:03.0829 3064 Scan started
    2011/05/21 13:21:03.0829 3064 Mode: Manual;
    2011/05/21 13:21:03.0829 3064 ================================================================================
    2011/05/21 13:21:04.0937 3064 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/05/21 13:21:05.0056 3064 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
    2011/05/21 13:21:05.0109 3064 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/05/21 13:21:05.0167 3064 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/05/21 13:21:05.0222 3064 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/05/21 13:21:05.0283 3064 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/05/21 13:21:05.0329 3064 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/05/21 13:21:05.0409 3064 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/05/21 13:21:05.0443 3064 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/05/21 13:21:05.0490 3064 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/05/21 13:21:05.0540 3064 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/05/21 13:21:05.0575 3064 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/05/21 13:21:05.0601 3064 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/05/21 13:21:05.0643 3064 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/05/21 13:21:05.0680 3064 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/05/21 13:21:05.0732 3064 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/05/21 13:21:05.0769 3064 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/05/21 13:21:05.0804 3064 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/05/21 13:21:05.0898 3064 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/05/21 13:21:05.0970 3064 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/05/21 13:21:06.0002 3064 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/05/21 13:21:06.0114 3064 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/21 13:21:06.0156 3064 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/05/21 13:21:06.0301 3064 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/05/21 13:21:06.0477 3064 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/05/21 13:21:06.0547 3064 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/05/21 13:21:06.0634 3064 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/05/21 13:21:06.0732 3064 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2011/05/21 13:21:06.0784 3064 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/05/21 13:21:06.0834 3064 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/05/21 13:21:06.0878 3064 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/21 13:21:06.0932 3064 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/05/21 13:21:06.0968 3064 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/05/21 13:21:07.0035 3064 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/05/21 13:21:07.0078 3064 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/05/21 13:21:07.0101 3064 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/05/21 13:21:07.0133 3064 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/05/21 13:21:07.0194 3064 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/05/21 13:21:07.0237 3064 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/05/21 13:21:07.0278 3064 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/05/21 13:21:07.0330 3064 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
    2011/05/21 13:21:07.0399 3064 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/05/21 13:21:07.0450 3064 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/21 13:21:07.0514 3064 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/21 13:21:07.0556 3064 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/05/21 13:21:07.0615 3064 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/05/21 13:21:07.0666 3064 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/21 13:21:07.0707 3064 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/05/21 13:21:07.0750 3064 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/05/21 13:21:07.0816 3064 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/21 13:21:07.0866 3064 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/05/21 13:21:07.0914 3064 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/05/21 13:21:07.0971 3064 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/05/21 13:21:08.0101 3064 CSN5PDTS82 (89ca27ed0ebd13fb0ff00ddcd5b48c39) C:\Windows\system32\Drivers\CSN5PDTS82.sys
    2011/05/21 13:21:08.0228 3064 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/21 13:21:08.0276 3064 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/05/21 13:21:08.0324 3064 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/05/21 13:21:08.0408 3064 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/21 13:21:08.0456 3064 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/21 13:21:08.0611 3064 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/05/21 13:21:08.0736 3064 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/05/21 13:21:08.0788 3064 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/05/21 13:21:08.0845 3064 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/05/21 13:21:08.0893 3064 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/05/21 13:21:08.0930 3064 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/21 13:21:08.0976 3064 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/21 13:21:09.0014 3064 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/05/21 13:21:09.0055 3064 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/21 13:21:09.0103 3064 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/21 13:21:09.0165 3064 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/05/21 13:21:09.0204 3064 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/21 13:21:09.0242 3064 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/05/21 13:21:09.0293 3064 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/05/21 13:21:09.0379 3064 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
    2011/05/21 13:21:09.0425 3064 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
    2011/05/21 13:21:09.0544 3064 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/05/21 13:21:09.0607 3064 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/21 13:21:09.0655 3064 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/21 13:21:09.0677 3064 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/05/21 13:21:09.0738 3064 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/05/21 13:21:09.0784 3064 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/05/21 13:21:09.0847 3064 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/21 13:21:09.0971 3064 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
    2011/05/21 13:21:10.0024 3064 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/05/21 13:21:10.0101 3064 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/05/21 13:21:10.0147 3064 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/05/21 13:21:10.0198 3064 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/21 13:21:10.0256 3064 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/05/21 13:21:10.0302 3064 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/05/21 13:21:10.0351 3064 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/05/21 13:21:10.0398 3064 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/21 13:21:10.0427 3064 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/21 13:21:10.0471 3064 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/05/21 13:21:10.0521 3064 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/05/21 13:21:10.0579 3064 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/05/21 13:21:10.0609 3064 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/05/21 13:21:10.0652 3064 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/21 13:21:10.0730 3064 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/21 13:21:10.0783 3064 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/21 13:21:10.0825 3064 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/21 13:21:10.0863 3064 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/05/21 13:21:10.0950 3064 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/21 13:21:11.0029 3064 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/05/21 13:21:11.0070 3064 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/05/21 13:21:11.0105 3064 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/05/21 13:21:11.0161 3064 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/05/21 13:21:11.0189 3064 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/05/21 13:21:11.0269 3064 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
    2011/05/21 13:21:11.0328 3064 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/05/21 13:21:11.0373 3064 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/05/21 13:21:11.0421 3064 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/05/21 13:21:11.0489 3064 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/21 13:21:11.0530 3064 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/21 13:21:11.0577 3064 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/21 13:21:11.0616 3064 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/21 13:21:11.0655 3064 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/05/21 13:21:11.0689 3064 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/21 13:21:11.0747 3064 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/21 13:21:11.0806 3064 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/21 13:21:11.0854 3064 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/21 13:21:11.0897 3064 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/21 13:21:11.0940 3064 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/05/21 13:21:11.0982 3064 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/05/21 13:21:12.0024 3064 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/05/21 13:21:12.0061 3064 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/05/21 13:21:12.0097 3064 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/05/21 13:21:12.0166 3064 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/21 13:21:12.0204 3064 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/21 13:21:12.0243 3064 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/21 13:21:12.0288 3064 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/21 13:21:12.0329 3064 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/21 13:21:12.0405 3064 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/21 13:21:12.0441 3064 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/05/21 13:21:12.0475 3064 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/05/21 13:21:12.0543 3064 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/21 13:21:12.0631 3064 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/05/21 13:21:12.0676 3064 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/05/21 13:21:12.0717 3064 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/21 13:21:12.0749 3064 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/21 13:21:12.0788 3064 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/21 13:21:12.0829 3064 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/21 13:21:12.0874 3064 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/21 13:21:12.0913 3064 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/21 13:21:13.0004 3064 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/05/21 13:21:13.0056 3064 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/05/21 13:21:13.0096 3064 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/21 13:21:13.0166 3064 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/21 13:21:13.0231 3064 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/05/21 13:21:13.0557 3064 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/05/21 13:21:13.0766 3064 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/05/21 13:21:13.0813 3064 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/05/21 13:21:13.0877 3064 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/05/21 13:21:13.0934 3064 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/05/21 13:21:14.0014 3064 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/05/21 13:21:14.0051 3064 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/05/21 13:21:14.0101 3064 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/05/21 13:21:14.0152 3064 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/05/21 13:21:14.0195 3064 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/05/21 13:21:14.0243 3064 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/05/21 13:21:14.0300 3064 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/05/21 13:21:14.0361 3064 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/05/21 13:21:14.0505 3064 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/21 13:21:14.0544 3064 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/05/21 13:21:14.0609 3064 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/21 13:21:14.0685 3064 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/05/21 13:21:14.0754 3064 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/05/21 13:21:14.0788 3064 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/21 13:21:14.0818 3064 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/21 13:21:14.0858 3064 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/05/21 13:21:14.0903 3064 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/21 13:21:14.0968 3064 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/21 13:21:15.0008 3064 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/21 13:21:15.0048 3064 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/21 13:21:15.0093 3064 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/05/21 13:21:15.0132 3064 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/21 13:21:15.0169 3064 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/21 13:21:15.0217 3064 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/21 13:21:15.0251 3064 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/05/21 13:21:15.0286 3064 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/21 13:21:15.0354 3064 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/05/21 13:21:15.0435 3064 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/05/21 13:21:15.0505 3064 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/21 13:21:15.0562 3064 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
    2011/05/21 13:21:15.0612 3064 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/05/21 13:21:15.0676 3064 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/05/21 13:21:15.0722 3064 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/05/21 13:21:15.0793 3064 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/21 13:21:15.0882 3064 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
    2011/05/21 13:21:15.0949 3064 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/05/21 13:21:15.0988 3064 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/05/21 13:21:16.0036 3064 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/05/21 13:21:16.0105 3064 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/05/21 13:21:16.0142 3064 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/05/21 13:21:16.0182 3064 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/05/21 13:21:16.0213 3064 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/05/21 13:21:16.0255 3064 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/05/21 13:21:16.0316 3064 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/05/21 13:21:16.0352 3064 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/05/21 13:21:16.0385 3064 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/21 13:21:16.0460 3064 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/05/21 13:21:16.0651 3064 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/21 13:21:16.0705 3064 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/21 13:21:16.0757 3064 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/21 13:21:16.0855 3064 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/05/21 13:21:16.0906 3064 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/05/21 13:21:16.0952 3064 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/05/21 13:21:16.0990 3064 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/05/21 13:21:17.0032 3064 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/21 13:21:17.0145 3064 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
    2011/05/21 13:21:17.0246 3064 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/21 13:21:17.0285 3064 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/21 13:21:17.0343 3064 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/21 13:21:17.0370 3064 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/21 13:21:17.0408 3064 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/21 13:21:17.0444 3064 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/21 13:21:17.0527 3064 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/21 13:21:17.0570 3064 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/21 13:21:17.0603 3064 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/05/21 13:21:17.0649 3064 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/21 13:21:17.0740 3064 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/05/21 13:21:17.0788 3064 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/21 13:21:17.0829 3064 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/05/21 13:21:17.0977 3064 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
    2011/05/21 13:21:18.0023 3064 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/21 13:21:18.0077 3064 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/05/21 13:21:18.0111 3064 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/21 13:21:18.0177 3064 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/21 13:21:18.0234 3064 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/05/21 13:21:18.0292 3064 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/21 13:21:18.0356 3064 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/05/21 13:21:18.0400 3064 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/21 13:21:18.0431 3064 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/21 13:21:18.0524 3064 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
    2011/05/21 13:21:18.0576 3064 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/05/21 13:21:18.0630 3064 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/21 13:21:18.0669 3064 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/05/21 13:21:18.0722 3064 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/05/21 13:21:18.0766 3064 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/05/21 13:21:18.0813 3064 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/05/21 13:21:18.0853 3064 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/05/21 13:21:18.0899 3064 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/05/21 13:21:18.0933 3064 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/05/21 13:21:18.0969 3064 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/05/21 13:21:19.0019 3064 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/21 13:21:19.0060 3064 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/05/21 13:21:19.0112 3064 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/05/21 13:21:19.0163 3064 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/05/21 13:21:19.0221 3064 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/05/21 13:21:19.0283 3064 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/05/21 13:21:19.0343 3064 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/21 13:21:19.0368 3064 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/21 13:21:19.0426 3064 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/05/21 13:21:19.0477 3064 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/21 13:21:19.0583 3064 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/05/21 13:21:19.0610 3064 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/05/21 13:21:19.0747 3064 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/05/21 13:21:19.0812 3064 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/05/21 13:21:19.0881 3064 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/21 13:21:19.0948 3064 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/05/21 13:21:20.0007 3064 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/21 13:21:20.0117 3064 ================================================================================
    2011/05/21 13:21:20.0117 3064 Scan finished
    2011/05/21 13:21:20.0117 3064 ================================================================================
    2011/05/21 14:07:45.0970 2872 Deinitialize success


    --- continued ---
     
  4. technobrat

    technobrat TS Rookie Topic Starter

    --- continued ---

    4. ComboFix.exe
    =============

    ComboFix 11-05-19.02 - Shravan 21-05-2011 14:10:25.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.3039.2192 [GMT 2:00]
    Running from: c:\users\Shravan\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\html
    c:\windows\system32\html\calendar.html
    c:\windows\system32\html\calendarbottom.html
    c:\windows\system32\html\calendartop.html
    c:\windows\system32\html\crystalexportdialog.htm
    c:\windows\system32\html\crystalprinthost.html
    c:\windows\system32\images
    c:\windows\system32\images\toolbar\calendar.gif
    c:\windows\system32\images\toolbar\crlogo.gif
    c:\windows\system32\images\toolbar\export.gif
    c:\windows\system32\images\toolbar\export_over.gif
    c:\windows\system32\images\toolbar\exportd.gif
    c:\windows\system32\images\toolbar\First.gif
    c:\windows\system32\images\toolbar\first_over.gif
    c:\windows\system32\images\toolbar\Firstd.gif
    c:\windows\system32\images\toolbar\gotopage.gif
    c:\windows\system32\images\toolbar\gotopage_over.gif
    c:\windows\system32\images\toolbar\gotopaged.gif
    c:\windows\system32\images\toolbar\grouptree.gif
    c:\windows\system32\images\toolbar\grouptree_over.gif
    c:\windows\system32\images\toolbar\grouptreed.gif
    c:\windows\system32\images\toolbar\grouptreepressed.gif
    c:\windows\system32\images\toolbar\Last.gif
    c:\windows\system32\images\toolbar\last_over.gif
    c:\windows\system32\images\toolbar\Lastd.gif
    c:\windows\system32\images\toolbar\Next.gif
    c:\windows\system32\images\toolbar\next_over.gif
    c:\windows\system32\images\toolbar\Nextd.gif
    c:\windows\system32\images\toolbar\Prev.gif
    c:\windows\system32\images\toolbar\prev_over.gif
    c:\windows\system32\images\toolbar\Prevd.gif
    c:\windows\system32\images\toolbar\print.gif
    c:\windows\system32\images\toolbar\print_over.gif
    c:\windows\system32\images\toolbar\printd.gif
    c:\windows\system32\images\toolbar\Refresh.gif
    c:\windows\system32\images\toolbar\refresh_over.gif
    c:\windows\system32\images\toolbar\refreshd.gif
    c:\windows\system32\images\toolbar\Search.gif
    c:\windows\system32\images\toolbar\search_over.gif
    c:\windows\system32\images\toolbar\searchd.gif
    c:\windows\system32\images\toolbar\up.gif
    c:\windows\system32\images\toolbar\up_over.gif
    c:\windows\system32\images\toolbar\upd.gif
    c:\windows\system32\images\tree\begindots.gif
    c:\windows\system32\images\tree\beginminus.gif
    c:\windows\system32\images\tree\beginplus.gif
    c:\windows\system32\images\tree\blank.gif
    c:\windows\system32\images\tree\blankdots.gif
    c:\windows\system32\images\tree\dots.gif
    c:\windows\system32\images\tree\lastdots.gif
    c:\windows\system32\images\tree\lastminus.gif
    c:\windows\system32\images\tree\lastplus.gif
    c:\windows\system32\images\tree\Magnify.gif
    c:\windows\system32\images\tree\minus.gif
    c:\windows\system32\images\tree\minusbox.gif
    c:\windows\system32\images\tree\plus.gif
    c:\windows\system32\images\tree\plusbox.gif
    c:\windows\system32\images\tree\singleminus.gif
    c:\windows\system32\images\tree\singleplus.gif
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-21 12:18 . 2011-05-21 12:18 -------- d-----w- c:\users\Shravan\AppData\Local\temp
    2011-05-21 12:18 . 2011-05-21 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-18 22:57 . 2011-05-18 22:57 -------- d-----w- c:\users\Shravan\AppData\Roaming\Malwarebytes
    2011-05-18 22:57 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-18 22:56 . 2011-05-18 22:56 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-18 22:56 . 2011-05-18 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-18 22:56 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-17 23:32 . 2011-05-18 14:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2011-05-17 23:13 . 2011-05-17 23:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-05-17 11:12 . 2011-05-17 11:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-11 13:04 . 2011-05-16 13:45 -------- d-----w- c:\programdata\Skype Extras
    2011-05-11 12:27 . 2011-05-11 12:27 -------- d-----w- c:\program files\Common Files\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-22 19:58 . 2010-11-03 10:57 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-10 22:08 . 2011-03-10 22:08 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2011-03-10 22:08 . 2011-03-10 22:08 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^Users^Shravan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Shravan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Shravan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb.lnk]
    path=c:\users\Shravan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk
    backup=c:\windows\pss\WordWeb.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-08-11 17:16 136176 ----atw- c:\users\Shravan\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\users\Shravan\AppData\Roaming\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jumblo]
    2010-12-22 14:48 12948776 ----a-w- c:\program files\Jumblo.com\Jumblo\Jumblo.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 08:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-10-03 12:17 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
    .
    R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
    R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-01-03 13224]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
    S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [2010-05-20 28184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-01-03 27632]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - KLMD25
    *Deregistered* - avgntflt
    *Deregistered* - klmd25
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 17:12]
    .
    2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 17:12]
    .
    2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-325924964-1417472446-2902802781-1000Core.job
    - c:\users\Shravan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 17:16]
    .
    2011-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-325924964-1417472446-2902802781-1000UA.job
    - c:\users\Shravan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 17:16]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Shravan\AppData\Roaming\Mozilla\Firefox\Profiles\5729b0x0.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Auto Shutdown: amin.eft_Shutdown@gmail.com - %profile%\extensions\amin.eft_Shutdown@gmail.com
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe
    MSConfigStartUp-Rynga - c:\program files\Rynga.com\Rynga\Rynga.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-21 14:20:06
    ComboFix-quarantined-files.txt 2011-05-21 12:20
    .
    Pre-Run: 151,024,279,552 bytes free
    Post-Run: 151,934,193,664 bytes free
    .
    - - End Of File - - A2FFCD4B7017628E6E8D9E9B6EF2C1F0
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry for the delay- lost the thread.

    Please tell me what the 14 disabled devices showing in the DDS log are. Each is headed by: Class GUID:
    ======================================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ============================
    I'd also like you to run the following:
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    =========================================
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...