Inactive Need help resolving with Google redirect malware

technobrat · May 19, 2011

I have done with 7 steps and attached the log files below. My google results in firefox browser redirects me to spam websites. IE opens with spam sites often. Windows Security Center is turned off ( I even tried to turn on using services.msc, but it gets off after some time). Hope I found some trojans in malware's scan.

********************************************************************************
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6612

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19-05-2011 01:03:14
mbam-log-2011-05-19 (01-03-14).txt

Scan type: Quick scan
Objects scanned: 156225
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
c:\Users\Shravan\AppData\Local\Temp\Yq1.exe (Trojan.Downloader) -> 2100 -> Unloaded process successfully.
c:\Users\Shravan\AppData\Local\Temp\Yq2.exe (Trojan.Downloader) -> 2248 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SNJQ66R8MU (Trojan.Downloader) -> Value: SNJQ66R8MU -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Shravan\AppData\Local\Temp\Yq1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Shravan\AppData\Local\Temp\Yq2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\msdtcuiul.dll (Trojan.Agent.GGEP) -> Quarantined and deleted successfully.
c:\Users\Shravan\AppData\Local\Temp\Yq0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Yruqaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

********************************************************************************
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-19 11:40:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320JI rev.2SS00_08
Running: jw7q9cib.exe; Driver: C:\Users\Shravan\AppData\Local\Temp\pwddrpoc.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308E579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A6C47000 114 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5003 A6C47073 175 Bytes [A6, 32, C0, EB, 02, B0, 01, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A6C47123 629 Bytes [25, C4, A6, FE, 05, 34, 25, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A6C47399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A6C473FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW] [70ADB0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000008a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c38f603 0x43 0x0B 0xDC 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@001ca40b52df 0x1D 0x38 0x83 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c9ce9e1 0x15 0x0F 0xB3 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@0025e75056d3 0xD1 0x76 0xA5 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???t??????R??????????????d???????????????????????????????????????????t??????????*6to4mp?????? ???????t???????????t??????????N????????????r??? 2??t??????????????\Device\LanmanRedirector??????4??t??????????Microsoft Windows Network?????N??t?????????e????@%systemroot%\system32\wkssvc.dll,-102????????F??t?????????????????t?????t??????????????????????????t?????????????????????????????????????????P??t????????h?????\SystemRoot\system32\DRIVERS\MegaSR.sys??????????t??????p???SCSI Miniport?????P??t???????????d??megasr.inf_x86_neutral_30b367f92ca46598??????t?t?t?t?t?tev???????v??@%SystemRoot%\system32\drivers\mountmgr.sys,-101????system32\DRIVERS\msahci.sys???????N??????????????d??System32\Drivers\mup.sys????????????????????????????????????????????@%SystemRoot%\system32\FirewallAPI.dll,-23093?????8??t????????h?????????????????????%SystemRoot%\System32\ntlanman.dll??????? ???????t???????????t????????0?B??? ???????????? B??t??????????????%SystemRoot%\System32\wkssvc.dll?????????????????????????????????????????????????d?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ???v????????????????????????????????????????????????????? ???????u?????????????9??????"??????????e??\SystemRoot\system32\DRIVERS\parport.sys????@%SystemRoot%\system32\drivers\partmgr.sys,-100???????????????2???????????h?????system32\DRIVERS\rdbss.sys????????b??v?????????e??????^??v?????????n??????<??u????????h??????????U??????????*isatap?????????????????????????????LegacyDriver?6??????????????????????????????11??????????????????????????????????????????????????????????????t???????????????????????????????? ???????u?????u?? ????:??????.????? ???????????? ??k???????????????????????9?????9?9???????6???????????????????????????????????e??????????????????text?9???????m????????????e???????????????????????????6??u??????p???????????????????????? ????????????????????????????????????????????????????????t????????????????????????t????????????????t????v?v?v?????????????????????t????????????????????????????????? ???????u?????u???????:??X????????? ???????????@%SystemRoot%\system32\drivers\partmgr.sys,-101????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???{??????4??????????t?????????????{?????????l??? ???????y?????z?????w????????(????? ???????e?????????????????????????????????????????????????l??{?????????h????? ???????{???????????w????????0?l????????g????????????????????s???????l??{?????????h?????{??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|????????*6to4mp?????ssmdrv??????? ???????*?????O\0??????????%systemroot%\system32\LogFiles\Firewall\pfirewall.log??????????????????e????????????????????????????? ???????y?????w????????????????????????????????????? ???????{?????{???????'????????????????????????? ???????{???????????w?'?????????????????'??? ???{??????????????V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|??????? ???{???'?????'?'??V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\S
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???y?u???????????????v???y???????????.???e???????????????????????????v??COM6?????????????????????????????????\??????\L??????????????????????????????????????????????? ???????t?????t?????????????????????????s??NDIS????? ???????t???????????t????????(???????1?????????????????????????????????????????????????????? ???????t???????????e????????(????????1????????????????t????????????????????????????t?t1????u??? ???????t???????????t????????(???????????????????????????????????????????????????????xu1????u?t?u?u????? ???????t???????????t?,??????(?????????????????????????????????????????????????????? ???????t???????????t????????(???????6?????????????????????????????????G??????????????????????t1??t???t???t???t6? u???????????????????????????????e?????u??????????????? ???????t?????t?????s????????(?????????????? ?????? u???????????t????????B???????1??????!????????????????????????e?????????????????????????????????????????????????????????? ???????t???????????u????????B????? ??????????????????????????????????e???????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ???yta??????????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|????????????????t?????6??|????????h??????????????????????????????h??????????????????Microsoft????????y??????????????Type?h???????????????|?|?|???????y???<???????????;???????u????N?????????????????????????????????6-21-2006????????????????y??????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|??????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|?????????y???<?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???{?????????l??? ???????y?????z?????w????????(????? ???????e?????????????????????????????????????????????????l??{?????????h????? ???????{???????????w????????0?l????????g????????????????????s???????l??{?????????h?????{??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|????????*6to4mp?????ssmdrv??????? ???????*?????O\0??????????%systemroot%\system32\LogFiles\Firewall\pfirewall.log??????????????????e????????????????????????????? ???????y?????w????????????????????????????????????? ???????{?????{???????'????????????????????????? ???????{???????????w?'?????????????????'??? ???{??????????????V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|??????? ???{???'?????'?'??V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\System32\svchost.exe|Svc=AxInstSV
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c38f603 0x43 0x0B 0xDC 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@001ca40b52df 0x1D 0x38 0x83 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c9ce9e1 0x15 0x0F 0xB3 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@0025e75056d3 0xD1 0x76 0xA5 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???s????????????e2??Type?????????????????????s???????s?????s????45000????g?j?j?j?????k????f??s?????????e???????????l????.NT?????? ???????s?????s?????s????????????????????s??????????s???????????e??? ???????s???????????s???????????????????????????s???????????s??????????????s????s?s???????s????? ???????o?????s?????s??????????h?r???????e???????h??s?????????e????@%SystemRoot%\system32\drivers\filetrace.sys,-10001???????4??s??????p???FSFilter Activity Monitor??????s??????>??s????????h?????system32\drivers\filetrace.sys????????h??s?????????n????@%SystemRoot%\system32\drivers\filetrace.sys,-10000?????FltMgr??????????????????????????????????????t????????s?????????????????????g?????????????????????s?s?s?s?s?s?s?s?s???????s???????????e??? ???????s?????s?????s?,??0?????2?????????s???????2??s???????????e??FileTrace - Top Instance????? ???????s???????????s?,????????????????????????????385000???????s??????????????s????s?s???????s????? ???????o???????????s??????????T?s?????????????????????t????????????????????s?s?s?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???s????????????????????USB\VID_03F0&PID_171D\5&1f2a7902&0&1????? z???????????????????N??????????????????s????X??????.???t??int?????? ???????o?????s?????s????????$???m????x??????P??s?????????e????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??s????????h?????%systemroot%\system32\fxssvc.exe????????????????t??????s?????s????????????????????????????????P??s?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????s???+????????@??s???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??s??????????????NT AUTHORITY\NetworkService???????,??s???+???????+???????????????????????????s??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s???????????r?????????????????????????????????p?????????????(??????P??????????????????? ???????????????????????????? ???????o???????????s??????????J?n????c????????????????t??????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s?s??6-21-2006????????????6??5:??????????????t??????????????????????????s????????????????t?????B??s???6?????e????????????????t?????.??s?????????e??????X??????.???t??Microsoft Bluetooth HID Miniport????????????????????????????????????????? ???????o?????s?????s??????????x?z???????????????????????????????????????????????T??s????????h?????\SystemRoot\system32\DRIVERS\gagp30kx.sys?????x??s?????????e????Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms??????????s??????p???PnP Filter???????s?s?s?s?s?s?s????J??s???????????d??agp.inf_x86_neutral_a61b8b06718e8352????? ???????s???????????s?????????????? ????????????????s??????????? ???????o?????s?????s?0??????$???}?????c???????? ???????????????????? ??s?????????e????@gpapi.dll,-112??????s?s?s???????s??????p???ProfSvc_Group?????Z??s????????h?????%systemroot%\system32\svchost.exe -k netsvcs?????????????&???? ??s?????????n????@gpapi.dll,-113??????s???s??????????????? ???s??????????????LocalSystem????????? ???????????????????????????????????????????t?????,??s?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???j?s???????????????????????5???$???e???????????????????????????$???e????????????????????????????~??f????????????N??e???,????????????X??g???????0???e??????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????f?f????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000???????N??f??? ?????D?0??*isatap?-E??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ????????????? ??????????????????0???????e??????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e??????????????????????????RTL8167?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???k?s???????k???????e???????k???????????????????????????????????????f?j?k?k?????3???????????????????l?l?l???????z?????????????? ???????????????LegacyDriver????????????? P??????6?????6-4???????z???????3????X??????&???&??????M????|?|?k???????????h?k?k?k????s????????k???e??s????????k???????????????????4???????4????????????????????????N??k???4????D?? ??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????y??????s????????g???&???0??STORAGE\Volume??ag????X??l???????????????o???l?l?????f?k?k?k?????????????k??????s???? "??k???????????????????????????????????????????????????k???&???????????}???-???????????????????k??????????? ???????fa????l???????-??,?????????????????? ???????k?????k???????-???????????????????????k?&??? ???????k?????k?? ????-??"?????b???????????rdbss????????f?j?k?k?k???k??STORAGE\Volume???????k???k?????????????????????????????????????????????????????????????s????{8ECC055D-047F-11D1-A537-0000F8753ED1}???A??????????????????????mrxsmb???????????????????????????????4??????????????????????????seehcri????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???k?s??? ???????k?????k?????k?-???????????? ???????????LegacyDriver?????k??? ???????k???????????t?-????????N???????????{71a27cdd-812a-11d0-bec7-08002be2092f}???????????|???????k??????s????????????k?????????????????k?&??Volume??HJ???????????4???????????????\??????????????????????????????seehcri???????????????????s?????????????Net??t???k????:??????4?g??????:??????4?g?????????i??????s???LegacyDriver?????????k???8???????????????????????????k???0???2???k???l?l?????????????????s???k???????k???????????????????????????????????????????????3???????k???k??LegacyDriver?????k?k?k?k?????k???g?j?k?k?????k???k???k??disk????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????seehcri??????????k??????s???? ???j???????????????????????k???????????k??? ???????k?????k?????k?-???????????????????C?????????????7??????B3??? ???????k???????????k?-????????Z???????????LegacyDriver?????k???????????k?????k?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????g?h?k?k?k?k?h???????k?????????????? ??????????s@v?????????????????s?????l?l??????`??}?????????

---- EOF - GMER 1.0.15 ----

********************************************************************************.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Shravan at 11:44:59.12 on 19-05-2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.3039.1676 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shravan\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\shravan\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: kuaiche.com\software
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\shravan\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Auto Shutdown: amin.eft_Shutdown@gmail.com - %profile%\extensions\amin.eft_Shutdown@gmail.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2011-2-2 28184]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-3 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-3 269480]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-1-3 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-1-3 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
.
=============== Created Last 30 ================
.
2011-05-18 22:57:07 -------- d-----w- c:\users\shravan\appdata\roaming\Malwarebytes
2011-05-18 22:57:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 22:56:59 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-18 22:56:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 22:56:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-17 23:32:23 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2011-05-17 11:12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 13:04:18 -------- d-----w- c:\progra~2\Skype Extras
.
==================== Find3M ====================
.
.
============= FINISH: 11:45:30.75 ===============

Bobbye · May 19, 2011

Welcome to TechSpot!
Malwarebytes has removed a considerable amount of malware from the system, but there will be more entries.

Please remove this immediately from this zone: Trusted Zone: kuaiche.com\software. This is rated as a dangerous site and should be placed in the Restricted Zone:
1. Go to the Control Panel> Internet Options> Security tab> Trusted Sites> Sites> find, highlight and remove the domain .kuaiche.com> Apply.
2. Go back to the Security tab> Click on Restricted sites> Sites> enter the following in the dialog box:

*.kuaiche.com

Click on Apply> Okay. Close Internet Options.
=============================================
There is another log from DDS. It is named Attach.txt Please find it on your system and include it in your next reply.
==============================================

Download the file TDSSKiller.zip and save to the desktop.
(If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
Double click on TDSSKiller.exe. to run the scan
When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
After clicking Next, the utility applies selected actions and outputs the result. Paste the log into next reply.

====================================================
Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions if needed[list[
[*] Click START> then RUN
[*] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
- Double click combofix.exe & follow the prompts.
- ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- .Click on Yes, to continue scanning for malware
- .If Combofix asks you to update the program, allow
- .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- .Close any open browsers.
- .Double click combofix.exe
  
  & follow the prompts to run.
- When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
A reboot is required after disinfection.

technobrat · May 21, 2011

Hi Bobbye,

After the first run of Malwarebytes (and also following 7 steps) I am not facing any problem with google search results redirect. But I still want to confirm that my PC is safe and secure to work. Attached the remaining scan reports as mentioned in your reply.

1. Moved *.kuaiche.com from trusted site list to restricted site.

2. Attach.txt
==========
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11-08-2010 17:10:32
System Uptime: 19-05-2011 11:04:57 (0 hours ago)
.
Motherboard: Compal | | 306D
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 130.729 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.861 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C053\7&151B04D5&0&001CA40B52DF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C053\7&151B04D5&0&001CA40B52DF_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
Service:
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Multi-Card
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#
Service: WUDFRd
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Service:
.
Class GUID:
Description:
Device ID: ACPI\ENE0100\3&33FD14CA&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\3&33FD14CA&0
Service:
.
Class GUID:
Description:
Device ID: USB\VID_138A&PID_0005\5&1F2A7902&0&2
Manufacturer:
Name:
PNP Device ID: USB\VID_138A&PID_0005\5&1F2A7902&0&2
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771503-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771503-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771602-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771602-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&151B04D5&0&0025E75056D3_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C144\7&151B04D5&0&58170C9CE9E1_C00000000
Service:
.
==== System Restore Points ===================
.
RP64: 06-05-2011 22:35:14 - Scheduled Checkpoint
RP65: 14-05-2011 22:19:32 - Scheduled Checkpoint
RP66: 17-05-2011 17:01:26 - Installed Adobe Photoshop CS2
RP67: 18-05-2011 15:26:46 - Removed Adobe Community Help
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Avira AntiVir Personal - Free Antivirus
CCleaner
Crystal Reports Basic for Visual Studio 2008
DivX Setup
FileZilla Client 3.3.4.1
Foxit PDF Editor
Foxit Reader
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Jumblo
Malwarebytes' Anti-Malware
MATLAB R2010b
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox (3.6.17)
NVIDIA Drivers
Picasa 3
PVSonyDll
RealPlayer
RealUpgrade 1.0
Skype™ 5.3
Sony Ericsson Update Service
The KMPlayer (remove only)
Unlocker 1.9.0
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.1.3
VoipDiscount
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
WordWeb
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
19-05-2011 11:05:38, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 CSN5PDTS82x64
18-05-2011 20:25:29, Error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
18-05-2011 20:24:06, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D3AF8C6B-18F6-4A29-A070-99E1B38F2BBC} because another computer on the network has the same name. The server could not start.
18-05-2011 15:50:43, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147024882
18-05-2011 15:49:51, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
18-05-2011 15:49:51, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18-05-2011 15:49:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
18-05-2011 15:49:20, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16-05-2011 17:14:13, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.100 with the system having network hardware address 00-25-4B-94-94-A0. Network operations on this system may be disrupted as a result.
12-05-2011 18:12:03, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
12-05-2011 01:15:26, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.100 with the system having network hardware address E0-2A-82-1F-C3-04. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

3. TDSSKiller.exe
===============

Found no infections. Attached its log file below.

2011/05/21 13:11:51.0179 3156 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/21 13:11:51.0480 3156 ================================================================================
2011/05/21 13:11:51.0480 3156 SystemInfo:
2011/05/21 13:11:51.0480 3156
2011/05/21 13:11:51.0480 3156 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/21 13:11:51.0480 3156 Product type: Workstation
2011/05/21 13:11:51.0480 3156 ComputerName: SHRAVANKUMAR
2011/05/21 13:11:51.0481 3156 UserName: Shravan
2011/05/21 13:11:51.0481 3156 Windows directory: C:\Windows
2011/05/21 13:11:51.0481 3156 System windows directory: C:\Windows
2011/05/21 13:11:51.0481 3156 Processor architecture: Intel x86
2011/05/21 13:11:51.0481 3156 Number of processors: 2
2011/05/21 13:11:51.0481 3156 Page size: 0x1000
2011/05/21 13:11:51.0481 3156 Boot type: Normal boot
2011/05/21 13:11:51.0481 3156 ================================================================================
2011/05/21 13:11:51.0980 3156 Initialize success
2011/05/21 13:21:03.0829 3064 ================================================================================
2011/05/21 13:21:03.0829 3064 Scan started
2011/05/21 13:21:03.0829 3064 Mode: Manual;
2011/05/21 13:21:03.0829 3064 ================================================================================
2011/05/21 13:21:04.0937 3064 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/21 13:21:05.0056 3064 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/05/21 13:21:05.0109 3064 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/21 13:21:05.0167 3064 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/21 13:21:05.0222 3064 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/21 13:21:05.0283 3064 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/21 13:21:05.0329 3064 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/21 13:21:05.0409 3064 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/21 13:21:05.0443 3064 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/21 13:21:05.0490 3064 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/21 13:21:05.0540 3064 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/21 13:21:05.0575 3064 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/21 13:21:05.0601 3064 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/21 13:21:05.0643 3064 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/21 13:21:05.0680 3064 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/21 13:21:05.0732 3064 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/21 13:21:05.0769 3064 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/21 13:21:05.0804 3064 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/21 13:21:05.0898 3064 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/21 13:21:05.0970 3064 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/21 13:21:06.0002 3064 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/21 13:21:06.0114 3064 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/21 13:21:06.0156 3064 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/21 13:21:06.0301 3064 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/21 13:21:06.0477 3064 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/21 13:21:06.0547 3064 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/21 13:21:06.0634 3064 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/21 13:21:06.0732 3064 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/21 13:21:06.0784 3064 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/21 13:21:06.0834 3064 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/21 13:21:06.0878 3064 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/21 13:21:06.0932 3064 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/21 13:21:06.0968 3064 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/21 13:21:07.0035 3064 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/21 13:21:07.0078 3064 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/21 13:21:07.0101 3064 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/21 13:21:07.0133 3064 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/21 13:21:07.0194 3064 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/21 13:21:07.0237 3064 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/21 13:21:07.0278 3064 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/21 13:21:07.0330 3064 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/05/21 13:21:07.0399 3064 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/21 13:21:07.0450 3064 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/21 13:21:07.0514 3064 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/21 13:21:07.0556 3064 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/21 13:21:07.0615 3064 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/21 13:21:07.0666 3064 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/21 13:21:07.0707 3064 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/21 13:21:07.0750 3064 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/21 13:21:07.0816 3064 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/21 13:21:07.0866 3064 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/21 13:21:07.0914 3064 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/21 13:21:07.0971 3064 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/05/21 13:21:08.0101 3064 CSN5PDTS82 (89ca27ed0ebd13fb0ff00ddcd5b48c39) C:\Windows\system32\Drivers\CSN5PDTS82.sys
2011/05/21 13:21:08.0228 3064 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/21 13:21:08.0276 3064 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/21 13:21:08.0324 3064 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/21 13:21:08.0408 3064 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/21 13:21:08.0456 3064 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/21 13:21:08.0611 3064 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/21 13:21:08.0736 3064 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/21 13:21:08.0788 3064 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/21 13:21:08.0845 3064 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/21 13:21:08.0893 3064 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/21 13:21:08.0930 3064 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/21 13:21:08.0976 3064 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/21 13:21:09.0014 3064 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/21 13:21:09.0055 3064 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/21 13:21:09.0103 3064 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/21 13:21:09.0165 3064 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/21 13:21:09.0204 3064 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/21 13:21:09.0242 3064 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/21 13:21:09.0293 3064 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/21 13:21:09.0379 3064 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/05/21 13:21:09.0425 3064 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/05/21 13:21:09.0544 3064 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/21 13:21:09.0607 3064 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/05/21 13:21:09.0655 3064 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/21 13:21:09.0677 3064 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/21 13:21:09.0738 3064 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/21 13:21:09.0784 3064 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/21 13:21:09.0847 3064 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/21 13:21:09.0971 3064 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/05/21 13:21:10.0024 3064 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/21 13:21:10.0101 3064 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/21 13:21:10.0147 3064 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/21 13:21:10.0198 3064 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/21 13:21:10.0256 3064 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/21 13:21:10.0302 3064 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/21 13:21:10.0351 3064 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/21 13:21:10.0398 3064 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/21 13:21:10.0427 3064 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/21 13:21:10.0471 3064 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/21 13:21:10.0521 3064 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/21 13:21:10.0579 3064 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/21 13:21:10.0609 3064 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/21 13:21:10.0652 3064 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/21 13:21:10.0730 3064 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/21 13:21:10.0783 3064 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/21 13:21:10.0825 3064 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/21 13:21:10.0863 3064 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/21 13:21:10.0950 3064 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/21 13:21:11.0029 3064 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/21 13:21:11.0070 3064 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/21 13:21:11.0105 3064 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/21 13:21:11.0161 3064 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/21 13:21:11.0189 3064 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/21 13:21:11.0269 3064 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/05/21 13:21:11.0328 3064 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/21 13:21:11.0373 3064 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/21 13:21:11.0421 3064 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/21 13:21:11.0489 3064 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/21 13:21:11.0530 3064 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/21 13:21:11.0577 3064 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/21 13:21:11.0616 3064 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/21 13:21:11.0655 3064 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/21 13:21:11.0689 3064 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/21 13:21:11.0747 3064 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/21 13:21:11.0806 3064 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/21 13:21:11.0854 3064 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/21 13:21:11.0897 3064 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/21 13:21:11.0940 3064 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/21 13:21:11.0982 3064 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/21 13:21:12.0024 3064 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/21 13:21:12.0061 3064 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/21 13:21:12.0097 3064 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/21 13:21:12.0166 3064 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/21 13:21:12.0204 3064 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/21 13:21:12.0243 3064 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/21 13:21:12.0288 3064 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/21 13:21:12.0329 3064 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/21 13:21:12.0405 3064 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/21 13:21:12.0441 3064 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/21 13:21:12.0475 3064 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/21 13:21:12.0543 3064 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/21 13:21:12.0631 3064 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/21 13:21:12.0676 3064 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/21 13:21:12.0717 3064 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/21 13:21:12.0749 3064 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/21 13:21:12.0788 3064 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/21 13:21:12.0829 3064 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/21 13:21:12.0874 3064 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/21 13:21:12.0913 3064 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/21 13:21:13.0004 3064 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/21 13:21:13.0056 3064 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/21 13:21:13.0096 3064 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/21 13:21:13.0166 3064 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/05/21 13:21:13.0231 3064 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/21 13:21:13.0557 3064 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/21 13:21:13.0766 3064 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/21 13:21:13.0813 3064 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/21 13:21:13.0877 3064 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/21 13:21:13.0934 3064 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/21 13:21:14.0014 3064 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/21 13:21:14.0051 3064 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/21 13:21:14.0101 3064 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/21 13:21:14.0152 3064 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/21 13:21:14.0195 3064 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/21 13:21:14.0243 3064 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/21 13:21:14.0300 3064 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/21 13:21:14.0361 3064 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/21 13:21:14.0505 3064 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/21 13:21:14.0544 3064 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/21 13:21:14.0609 3064 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/21 13:21:14.0685 3064 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/21 13:21:14.0754 3064 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/21 13:21:14.0788 3064 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/21 13:21:14.0818 3064 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/21 13:21:14.0858 3064 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/21 13:21:14.0903 3064 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/21 13:21:14.0968 3064 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/21 13:21:15.0008 3064 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/21 13:21:15.0048 3064 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/21 13:21:15.0093 3064 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/21 13:21:15.0132 3064 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/21 13:21:15.0169 3064 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/05/21 13:21:15.0217 3064 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/21 13:21:15.0251 3064 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/21 13:21:15.0286 3064 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/21 13:21:15.0354 3064 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/21 13:21:15.0435 3064 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/21 13:21:15.0505 3064 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/21 13:21:15.0562 3064 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/05/21 13:21:15.0612 3064 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/21 13:21:15.0676 3064 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/21 13:21:15.0722 3064 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/21 13:21:15.0793 3064 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/21 13:21:15.0882 3064 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/05/21 13:21:15.0949 3064 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/21 13:21:15.0988 3064 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/21 13:21:16.0036 3064 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/21 13:21:16.0105 3064 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/21 13:21:16.0142 3064 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/21 13:21:16.0182 3064 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/21 13:21:16.0213 3064 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/21 13:21:16.0255 3064 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/21 13:21:16.0316 3064 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/21 13:21:16.0352 3064 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/21 13:21:16.0385 3064 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/21 13:21:16.0460 3064 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/21 13:21:16.0651 3064 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2011/05/21 13:21:16.0705 3064 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/21 13:21:16.0757 3064 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/21 13:21:16.0855 3064 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/21 13:21:16.0906 3064 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/21 13:21:16.0952 3064 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/21 13:21:16.0990 3064 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/21 13:21:17.0032 3064 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/21 13:21:17.0145 3064 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/05/21 13:21:17.0246 3064 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/21 13:21:17.0285 3064 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/21 13:21:17.0343 3064 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/21 13:21:17.0370 3064 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/21 13:21:17.0408 3064 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/21 13:21:17.0444 3064 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/21 13:21:17.0527 3064 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/21 13:21:17.0570 3064 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/21 13:21:17.0603 3064 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/21 13:21:17.0649 3064 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/21 13:21:17.0740 3064 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/21 13:21:17.0788 3064 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/21 13:21:17.0829 3064 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/21 13:21:17.0977 3064 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/05/21 13:21:18.0023 3064 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/21 13:21:18.0077 3064 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/21 13:21:18.0111 3064 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/21 13:21:18.0177 3064 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/21 13:21:18.0234 3064 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/21 13:21:18.0292 3064 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/21 13:21:18.0356 3064 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/21 13:21:18.0400 3064 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/21 13:21:18.0431 3064 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/21 13:21:18.0524 3064 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/21 13:21:18.0576 3064 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/21 13:21:18.0630 3064 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/21 13:21:18.0669 3064 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/21 13:21:18.0722 3064 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/21 13:21:18.0766 3064 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/21 13:21:18.0813 3064 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/21 13:21:18.0853 3064 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/21 13:21:18.0899 3064 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/21 13:21:18.0933 3064 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/21 13:21:18.0969 3064 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/21 13:21:19.0019 3064 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/21 13:21:19.0060 3064 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/21 13:21:19.0112 3064 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/21 13:21:19.0163 3064 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/21 13:21:19.0221 3064 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/21 13:21:19.0283 3064 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/21 13:21:19.0343 3064 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/21 13:21:19.0368 3064 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/21 13:21:19.0426 3064 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/21 13:21:19.0477 3064 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/21 13:21:19.0583 3064 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/21 13:21:19.0610 3064 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/21 13:21:19.0747 3064 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/21 13:21:19.0812 3064 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/21 13:21:19.0881 3064 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/21 13:21:19.0948 3064 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/21 13:21:20.0007 3064 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/21 13:21:20.0117 3064 ================================================================================
2011/05/21 13:21:20.0117 3064 Scan finished
2011/05/21 13:21:20.0117 3064 ================================================================================
2011/05/21 14:07:45.0970 2872 Deinitialize success

--- continued ---

technobrat · May 21, 2011

--- continued ---

4. ComboFix.exe
=============

ComboFix 11-05-19.02 - Shravan 21-05-2011 14:10:25.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.3039.2192 [GMT 2:00]
Running from: c:\users\Shravan\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 12:18 . 2011-05-21 12:18 -------- d-----w- c:\users\Shravan\AppData\Local\temp
2011-05-21 12:18 . 2011-05-21 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-18 22:57 . 2011-05-18 22:57 -------- d-----w- c:\users\Shravan\AppData\Roaming\Malwarebytes
2011-05-18 22:57 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 22:56 . 2011-05-18 22:56 -------- d-----w- c:\programdata\Malwarebytes
2011-05-18 22:56 . 2011-05-18 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-18 22:56 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-17 23:32 . 2011-05-18 14:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-05-17 23:13 . 2011-05-17 23:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-05-17 11:12 . 2011-05-17 11:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 13:04 . 2011-05-16 13:45 -------- d-----w- c:\programdata\Skype Extras
2011-05-11 12:27 . 2011-05-11 12:27 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-22 19:58 . 2010-11-03 10:57 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 22:08 . 2011-03-10 22:08 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-03-10 22:08 . 2011-03-10 22:08 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Shravan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Shravan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Shravan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\users\Shravan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-11 17:16 136176 ----atw- c:\users\Shravan\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Shravan\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jumblo]
2010-12-22 14:48 12948776 ----a-w- c:\program files\Jumblo.com\Jumblo\Jumblo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 08:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-03 12:17 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-01-03 13224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [2010-05-20 28184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-01-03 27632]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KLMD25
*Deregistered* - avgntflt
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 17:12]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 17:12]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-325924964-1417472446-2902802781-1000Core.job
- c:\users\Shravan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 17:16]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-325924964-1417472446-2902802781-1000UA.job
- c:\users\Shravan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-11 17:16]
.
.
------- Supplementary Scan -------
.
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Shravan\AppData\Roaming\Mozilla\Firefox\Profiles\5729b0x0.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Auto Shutdown: amin.eft_Shutdown@gmail.com - %profile%\extensions\amin.eft_Shutdown@gmail.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe
MSConfigStartUp-Rynga - c:\program files\Rynga.com\Rynga\Rynga.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-21 14:20:06
ComboFix-quarantined-files.txt 2011-05-21 12:20
.
Pre-Run: 151,024,279,552 bytes free
Post-Run: 151,934,193,664 bytes free
.
- - End Of File - - A2FFCD4B7017628E6E8D9E9B6EF2C1F0

Bobbye · May 26, 2011

Sorry for the delay- lost the thread.

Please tell me what the 14 disabled devices showing in the DDS log are. Each is headed by: Class GUID:
======================================================

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Leave remaining settings as is.
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button
Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
============================
I'd also like you to run the following:
Download CKScanner and save to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
in your next reply.

=========================================

Inactive Need help resolving with Google redirect malware

technobrat

Bobbye

Posts: 16,313 +36

technobrat

technobrat

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts