I have done with 7 steps and attached the log files below. My google results in firefox browser redirects me to spam websites. IE opens with spam sites often. Windows Security Center is turned off ( I even tried to turn on using services.msc, but it gets off after some time). Hope I found some trojans in malware's scan.
********************************************************************************
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6612
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
19-05-2011 01:03:14
mbam-log-2011-05-19 (01-03-14).txt
Scan type: Quick scan
Objects scanned: 156225
Time elapsed: 5 minute(s), 1 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
c:\Users\Shravan\AppData\Local\Temp\Yq1.exe (Trojan.Downloader) -> 2100 -> Unloaded process successfully.
c:\Users\Shravan\AppData\Local\Temp\Yq2.exe (Trojan.Downloader) -> 2248 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SNJQ66R8MU (Trojan.Downloader) -> Value: SNJQ66R8MU -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Shravan\AppData\Local\Temp\Yq1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Shravan\AppData\Local\Temp\Yq2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\msdtcuiul.dll (Trojan.Agent.GGEP) -> Quarantined and deleted successfully.
c:\Users\Shravan\AppData\Local\Temp\Yq0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Yruqaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
********************************************************************************
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-19 11:40:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320JI rev.2SS00_08
Running: jw7q9cib.exe; Driver: C:\Users\Shravan\AppData\Local\Temp\pwddrpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308E579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A6C47000 114 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5003 A6C47073 175 Bytes [A6, 32, C0, EB, 02, B0, 01, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A6C47123 629 Bytes [25, C4, A6, FE, 05, 34, 25, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A6C47399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A6C473FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW] [70ADB0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000008a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c38f603 0x43 0x0B 0xDC 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@001ca40b52df 0x1D 0x38 0x83 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c9ce9e1 0x15 0x0F 0xB3 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@0025e75056d3 0xD1 0x76 0xA5 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???t??????R??????????????d???????????????????????????????????????????t??????????*6to4mp?????? ???????t???????????t??????????N????????????r??? 2??t??????????????\Device\LanmanRedirector??????4??t??????????Microsoft Windows Network?????N??t?????????e????@%systemroot%\system32\wkssvc.dll,-102????????F??t?????????????????t?????t??????????????????????????t?????????????????????????????????????????P??t????????h?????\SystemRoot\system32\DRIVERS\MegaSR.sys??????????t??????p???SCSI Miniport?????P??t???????????d??megasr.inf_x86_neutral_30b367f92ca46598??????t?t?t?t?t?tev???????v??@%SystemRoot%\system32\drivers\mountmgr.sys,-101????system32\DRIVERS\msahci.sys???????N??????????????d??System32\Drivers\mup.sys????????????????????????????????????????????@%SystemRoot%\system32\FirewallAPI.dll,-23093?????8??t????????h?????????????????????%SystemRoot%\System32\ntlanman.dll??????? ???????t???????????t????????0?B??? ???????????? B??t??????????????%SystemRoot%\System32\wkssvc.dll?????????????????????????????????????????????????d?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ???v????????????????????????????????????????????????????? ???????u?????????????9??????"??????????e??\SystemRoot\system32\DRIVERS\parport.sys????@%SystemRoot%\system32\drivers\partmgr.sys,-100???????????????2???????????h?????system32\DRIVERS\rdbss.sys????????b??v?????????e??????^??v?????????n??????<??u????????h??????????U??????????*isatap?????????????????????????????LegacyDriver?6??????????????????????????????11??????????????????????????????????????????????????????????????t???????????????????????????????? ???????u?????u?? ????:??????.????? ???????????? ??k???????????????????????9?????9?9???????6???????????????????????????????????e??????????????????text?9???????m????????????e???????????????????????????6??u??????p???????????????????????? ????????????????????????????????????????????????????????t????????????????????????t????????????????t????v?v?v?????????????????????t????????????????????????????????? ???????u?????u???????:??X????????? ???????????@%SystemRoot%\system32\drivers\partmgr.sys,-101????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???{??????4??????????t?????????????{?????????l??? ???????y?????z?????w????????(????? ???????e?????????????????????????????????????????????????l??{?????????h????? ???????{???????????w????????0?l????????g????????????????????s???????l??{?????????h?????{??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|????????*6to4mp?????ssmdrv??????? ???????*?????O\0??????????%systemroot%\system32\LogFiles\Firewall\pfirewall.log??????????????????e????????????????????????????? ???????y?????w????????????????????????????????????? ???????{?????{???????'????????????????????????? ???????{???????????w?'?????????????????'??? ???{??????????????V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|??????? ???{???'?????'?'??V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\S
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???y?u???????????????v???y???????????.???e???????????????????????????v??COM6?????????????????????????????????\??????\L??????????????????????????????????????????????? ???????t?????t?????????????????????????s??NDIS????? ???????t???????????t????????(???????1?????????????????????????????????????????????????????? ???????t???????????e????????(????????1????????????????t????????????????????????????t?t1????u??? ???????t???????????t????????(???????????????????????????????????????????????????????xu1????u?t?u?u????? ???????t???????????t?,??????(?????????????????????????????????????????????????????? ???????t???????????t????????(???????6?????????????????????????????????G??????????????????????t1??t???t???t???t6? u???????????????????????????????e?????u??????????????? ???????t?????t?????s????????(?????????????? ?????? u???????????t????????B???????1??????!????????????????????????e?????????????????????????????????????????????????????????? ???????t???????????u????????B????? ??????????????????????????????????e???????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ???yta??????????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|????????????????t?????6??|????????h??????????????????????????????h??????????????????Microsoft????????y??????????????Type?h???????????????|?|?|???????y???<???????????;???????u????N?????????????????????????????????6-21-2006????????????????y??????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|??????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|?????????y???<?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???{?????????l??? ???????y?????z?????w????????(????? ???????e?????????????????????????????????????????????????l??{?????????h????? ???????{???????????w????????0?l????????g????????????????????s???????l??{?????????h?????{??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|????????*6to4mp?????ssmdrv??????? ???????*?????O\0??????????%systemroot%\system32\LogFiles\Firewall\pfirewall.log??????????????????e????????????????????????????? ???????y?????w????????????????????????????????????? ???????{?????{???????'????????????????????????? ???????{???????????w?'?????????????????'??? ???{??????????????V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|??????? ???{???'?????'?'??V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\System32\svchost.exe|Svc=AxInstSV
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c38f603 0x43 0x0B 0xDC 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@001ca40b52df 0x1D 0x38 0x83 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c9ce9e1 0x15 0x0F 0xB3 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@0025e75056d3 0xD1 0x76 0xA5 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???s????????????e2??Type?????????????????????s???????s?????s????45000????g?j?j?j?????k????f??s?????????e???????????l????.NT?????? ???????s?????s?????s????????????????????s??????????s???????????e??? ???????s???????????s???????????????????????????s???????????s??????????????s????s?s???????s????? ???????o?????s?????s??????????h?r???????e???????h??s?????????e????@%SystemRoot%\system32\drivers\filetrace.sys,-10001???????4??s??????p???FSFilter Activity Monitor??????s??????>??s????????h?????system32\drivers\filetrace.sys????????h??s?????????n????@%SystemRoot%\system32\drivers\filetrace.sys,-10000?????FltMgr??????????????????????????????????????t????????s?????????????????????g?????????????????????s?s?s?s?s?s?s?s?s???????s???????????e??? ???????s?????s?????s?,??0?????2?????????s???????2??s???????????e??FileTrace - Top Instance????? ???????s???????????s?,????????????????????????????385000???????s??????????????s????s?s???????s????? ???????o???????????s??????????T?s?????????????????????t????????????????????s?s?s?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???s????????????????????USB\VID_03F0&PID_171D\5&1f2a7902&0&1????? z???????????????????N??????????????????s????X??????.???t??int?????? ???????o?????s?????s????????$???m????x??????P??s?????????e????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??s????????h?????%systemroot%\system32\fxssvc.exe????????????????t??????s?????s????????????????????????????????P??s?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????s???+????????@??s???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??s??????????????NT AUTHORITY\NetworkService???????,??s???+???????+???????????????????????????s??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s???????????r?????????????????????????????????p?????????????(??????P??????????????????? ???????????????????????????? ???????o???????????s??????????J?n????c????????????????t??????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s?s??6-21-2006????????????6??5:??????????????t??????????????????????????s????????????????t?????B??s???6?????e????????????????t?????.??s?????????e??????X??????.???t??Microsoft Bluetooth HID Miniport????????????????????????????????????????? ???????o?????s?????s??????????x?z???????????????????????????????????????????????T??s????????h?????\SystemRoot\system32\DRIVERS\gagp30kx.sys?????x??s?????????e????Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms??????????s??????p???PnP Filter???????s?s?s?s?s?s?s????J??s???????????d??agp.inf_x86_neutral_a61b8b06718e8352????? ???????s???????????s?????????????? ????????????????s??????????? ???????o?????s?????s?0??????$???}?????c???????? ???????????????????? ??s?????????e????@gpapi.dll,-112??????s?s?s???????s??????p???ProfSvc_Group?????Z??s????????h?????%systemroot%\system32\svchost.exe -k netsvcs?????????????&???? ??s?????????n????@gpapi.dll,-113??????s???s??????????????? ???s??????????????LocalSystem????????? ???????????????????????????????????????????t?????,??s?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???j?s???????????????????????5???$???e???????????????????????????$???e????????????????????????????~??f????????????N??e???,????????????X??g???????0???e??????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????f?f????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000???????N??f??? ?????D?0??*isatap?-E??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ????????????? ??????????????????0???????e??????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e??????????????????????????RTL8167?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???k?s???????k???????e???????k???????????????????????????????????????f?j?k?k?????3???????????????????l?l?l???????z?????????????? ???????????????LegacyDriver????????????? P??????6?????6-4???????z???????3????X??????&???&??????M????|?|?k???????????h?k?k?k????s????????k???e??s????????k???????????????????4???????4????????????????????????N??k???4????D?? ??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????y??????s????????g???&???0??STORAGE\Volume??ag????X??l???????????????o???l?l?????f?k?k?k?????????????k??????s???? "??k???????????????????????????????????????????????????k???&???????????}???-???????????????????k??????????? ???????fa????l???????-??,?????????????????? ???????k?????k???????-???????????????????????k?&??? ???????k?????k?? ????-??"?????b???????????rdbss????????f?j?k?k?k???k??STORAGE\Volume???????k???k?????????????????????????????????????????????????????????????s????{8ECC055D-047F-11D1-A537-0000F8753ED1}???A??????????????????????mrxsmb???????????????????????????????4??????????????????????????seehcri????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???k?s??? ???????k?????k?????k?-???????????? ???????????LegacyDriver?????k??? ???????k???????????t?-????????N???????????{71a27cdd-812a-11d0-bec7-08002be2092f}???????????|???????k??????s????????????k?????????????????k?&??Volume??HJ???????????4???????????????\??????????????????????????????seehcri???????????????????s?????????????Net??t???k????:??????4?g??????:??????4?g?????????i??????s???LegacyDriver?????????k???8???????????????????????????k???0???2???k???l?l?????????????????s???k???????k???????????????????????????????????????????????3???????k???k??LegacyDriver?????k?k?k?k?????k???g?j?k?k?????k???k???k??disk????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????seehcri??????????k??????s???? ???j???????????????????????k???????????k??? ???????k?????k?????k?-???????????????????C?????????????7??????B3??? ???????k???????????k?-????????Z???????????LegacyDriver?????k???????????k?????k?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????g?h?k?k?k?k?h???????k?????????????? ??????????s@v?????????????????s?????l?l??????`??}?????????
---- EOF - GMER 1.0.15 ----
********************************************************************************.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Shravan at 11:44:59.12 on 19-05-2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.3039.1676 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shravan\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\shravan\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: kuaiche.com\software
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\shravan\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Auto Shutdown: amin.eft_Shutdown@gmail.com - %profile%\extensions\amin.eft_Shutdown@gmail.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2011-2-2 28184]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-3 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-3 269480]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-1-3 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-1-3 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
.
=============== Created Last 30 ================
.
2011-05-18 22:57:07 -------- d-----w- c:\users\shravan\appdata\roaming\Malwarebytes
2011-05-18 22:57:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 22:56:59 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-18 22:56:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 22:56:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-17 23:32:23 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2011-05-17 11:12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 13:04:18 -------- d-----w- c:\progra~2\Skype Extras
.
==================== Find3M ====================
.
.
============= FINISH: 11:45:30.75 ===============
********************************************************************************
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6612
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
19-05-2011 01:03:14
mbam-log-2011-05-19 (01-03-14).txt
Scan type: Quick scan
Objects scanned: 156225
Time elapsed: 5 minute(s), 1 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
c:\Users\Shravan\AppData\Local\Temp\Yq1.exe (Trojan.Downloader) -> 2100 -> Unloaded process successfully.
c:\Users\Shravan\AppData\Local\Temp\Yq2.exe (Trojan.Downloader) -> 2248 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SNJQ66R8MU (Trojan.Downloader) -> Value: SNJQ66R8MU -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Shravan\AppData\Local\Temp\Yq1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Shravan\AppData\Local\Temp\Yq2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\msdtcuiul.dll (Trojan.Agent.GGEP) -> Quarantined and deleted successfully.
c:\Users\Shravan\AppData\Local\Temp\Yq0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Yruqaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
********************************************************************************
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-19 11:40:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320JI rev.2SS00_08
Running: jw7q9cib.exe; Driver: C:\Users\Shravan\AppData\Local\Temp\pwddrpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308E579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A6C47000 114 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5003 A6C47073 175 Bytes [A6, 32, C0, EB, 02, B0, 01, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A6C47123 629 Bytes [25, C4, A6, FE, 05, 34, 25, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A6C47399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A6C473FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1732] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW] [70ADB0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000008a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c38f603 0x43 0x0B 0xDC 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@001ca40b52df 0x1D 0x38 0x83 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c9ce9e1 0x15 0x0F 0xB3 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e8a9a56@0025e75056d3 0xD1 0x76 0xA5 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???t??????R??????????????d???????????????????????????????????????????t??????????*6to4mp?????? ???????t???????????t??????????N????????????r??? 2??t??????????????\Device\LanmanRedirector??????4??t??????????Microsoft Windows Network?????N??t?????????e????@%systemroot%\system32\wkssvc.dll,-102????????F??t?????????????????t?????t??????????????????????????t?????????????????????????????????????????P??t????????h?????\SystemRoot\system32\DRIVERS\MegaSR.sys??????????t??????p???SCSI Miniport?????P??t???????????d??megasr.inf_x86_neutral_30b367f92ca46598??????t?t?t?t?t?tev???????v??@%SystemRoot%\system32\drivers\mountmgr.sys,-101????system32\DRIVERS\msahci.sys???????N??????????????d??System32\Drivers\mup.sys????????????????????????????????????????????@%SystemRoot%\system32\FirewallAPI.dll,-23093?????8??t????????h?????????????????????%SystemRoot%\System32\ntlanman.dll??????? ???????t???????????t????????0?B??? ???????????? B??t??????????????%SystemRoot%\System32\wkssvc.dll?????????????????????????????????????????????????d?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ???v????????????????????????????????????????????????????? ???????u?????????????9??????"??????????e??\SystemRoot\system32\DRIVERS\parport.sys????@%SystemRoot%\system32\drivers\partmgr.sys,-100???????????????2???????????h?????system32\DRIVERS\rdbss.sys????????b??v?????????e??????^??v?????????n??????<??u????????h??????????U??????????*isatap?????????????????????????????LegacyDriver?6??????????????????????????????11??????????????????????????????????????????????????????????????t???????????????????????????????? ???????u?????u?? ????:??????.????? ???????????? ??k???????????????????????9?????9?9???????6???????????????????????????????????e??????????????????text?9???????m????????????e???????????????????????????6??u??????p???????????????????????? ????????????????????????????????????????????????????????t????????????????????????t????????????????t????v?v?v?????????????????????t????????????????????????????????? ???????u?????u???????:??X????????? ???????????@%SystemRoot%\system32\drivers\partmgr.sys,-101????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???{??????4??????????t?????????????{?????????l??? ???????y?????z?????w????????(????? ???????e?????????????????????????????????????????????????l??{?????????h????? ???????{???????????w????????0?l????????g????????????????????s???????l??{?????????h?????{??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|????????*6to4mp?????ssmdrv??????? ???????*?????O\0??????????%systemroot%\system32\LogFiles\Firewall\pfirewall.log??????????????????e????????????????????????????? ???????y?????w????????????????????????????????????? ???????{?????{???????'????????????????????????? ???????{???????????w?'?????????????????'??? ???{??????????????V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|??????? ???{???'?????'?'??V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\S
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???y?u???????????????v???y???????????.???e???????????????????????????v??COM6?????????????????????????????????\??????\L??????????????????????????????????????????????? ???????t?????t?????????????????????????s??NDIS????? ???????t???????????t????????(???????1?????????????????????????????????????????????????????? ???????t???????????e????????(????????1????????????????t????????????????????????????t?t1????u??? ???????t???????????t????????(???????????????????????????????????????????????????????xu1????u?t?u?u????? ???????t???????????t?,??????(?????????????????????????????????????????????????????? ???????t???????????t????????(???????6?????????????????????????????????G??????????????????????t1??t???t???t???t6? u???????????????????????????????e?????u??????????????? ???????t?????t?????s????????(?????????????? ?????? u???????????t????????B???????1??????!????????????????????????e?????????????????????????????????????????????????????????? ???????t???????????u????????B????? ??????????????????????????????????e???????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ???yta??????????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|????????????????t?????6??|????????h??????????????????????????????h??????????????????Microsoft????????y??????????????Type?h???????????????|?|?|???????y???<???????????;???????u????N?????????????????????????????????6-21-2006????????????????y??????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|??????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|?????????y???<?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???{?????????l??? ???????y?????z?????w????????(????? ???????e?????????????????????????????????????????????????l??{?????????h????? ???????{???????????w????????0?l????????g????????????????????s???????l??{?????????h?????{??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|????????*6to4mp?????ssmdrv??????? ???????*?????O\0??????????%systemroot%\system32\LogFiles\Firewall\pfirewall.log??????????????????e????????????????????????????? ???????y?????w????????????????????????????????????? ???????{?????{???????'????????????????????????? ???????{???????????w?'?????????????????'??? ???{??????????????V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|??????? ???{???'?????'?'??V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\System32\svchost.exe|Svc=AxInstSV
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c38f603 0x43 0x0B 0xDC 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@001ca40b52df 0x1D 0x38 0x83 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@58170c9ce9e1 0x15 0x0F 0xB3 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e8a9a56@0025e75056d3 0xD1 0x76 0xA5 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???s????????????e2??Type?????????????????????s???????s?????s????45000????g?j?j?j?????k????f??s?????????e???????????l????.NT?????? ???????s?????s?????s????????????????????s??????????s???????????e??? ???????s???????????s???????????????????????????s???????????s??????????????s????s?s???????s????? ???????o?????s?????s??????????h?r???????e???????h??s?????????e????@%SystemRoot%\system32\drivers\filetrace.sys,-10001???????4??s??????p???FSFilter Activity Monitor??????s??????>??s????????h?????system32\drivers\filetrace.sys????????h??s?????????n????@%SystemRoot%\system32\drivers\filetrace.sys,-10000?????FltMgr??????????????????????????????????????t????????s?????????????????????g?????????????????????s?s?s?s?s?s?s?s?s???????s???????????e??? ???????s?????s?????s?,??0?????2?????????s???????2??s???????????e??FileTrace - Top Instance????? ???????s???????????s?,????????????????????????????385000???????s??????????????s????s?s???????s????? ???????o???????????s??????????T?s?????????????????????t????????????????????s?s?s?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???s????????????????????USB\VID_03F0&PID_171D\5&1f2a7902&0&1????? z???????????????????N??????????????????s????X??????.???t??int?????? ???????o?????s?????s????????$???m????x??????P??s?????????e????@%systemroot%\system32\fxsresm.dll,-118???????????????????????????B??s????????h?????%systemroot%\system32\fxssvc.exe????????????????t??????s?????s????????????????????????????????P??s?????????n????@%systemroot%\system32\fxsresm.dll,-122??????????s???+????????@??s???????????e??TapiSrv?RpcSs?PlugPlay?Spooler??????? 8??s??????????????NT AUTHORITY\NetworkService???????,??s???+???????+???????????????????????????s??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege???????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s???????????r?????????????????????????????????p?????????????(??????P??????????????????? ???????????????????????????? ???????o???????????s??????????J?n????c????????????????t??????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s?s??6-21-2006????????????6??5:??????????????t??????????????????????????s????????????????t?????B??s???6?????e????????????????t?????.??s?????????e??????X??????.???t??Microsoft Bluetooth HID Miniport????????????????????????????????????????? ???????o?????s?????s??????????x?z???????????????????????????????????????????????T??s????????h?????\SystemRoot\system32\DRIVERS\gagp30kx.sys?????x??s?????????e????Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms??????????s??????p???PnP Filter???????s?s?s?s?s?s?s????J??s???????????d??agp.inf_x86_neutral_a61b8b06718e8352????? ???????s???????????s?????????????? ????????????????s??????????? ???????o?????s?????s?0??????$???}?????c???????? ???????????????????? ??s?????????e????@gpapi.dll,-112??????s?s?s???????s??????p???ProfSvc_Group?????Z??s????????h?????%systemroot%\system32\svchost.exe -k netsvcs?????????????&???? ??s?????????n????@gpapi.dll,-113??????s???s??????????????? ???s??????????????LocalSystem????????? ???????????????????????????????????????????t?????,??s?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???j?s???????????????????????5???$???e???????????????????????????$???e????????????????????????????~??f????????????N??e???,????????????X??g???????0???e??????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????f?f????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ??????????? ???IS\0000???????N??f??? ?????D?0??*isatap?-E??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ????????????? ??????????????????0???????e??????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e??????????????????????????RTL8167?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???k?s???????k???????e???????k???????????????????????????????????????f?j?k?k?????3???????????????????l?l?l???????z?????????????? ???????????????LegacyDriver????????????? P??????6?????6-4???????z???????3????X??????&???&??????M????|?|?k???????????h?k?k?k????s????????k???e??s????????k???????????????????4???????4????????????????????????N??k???4????D?? ??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????y??????s????????g???&???0??STORAGE\Volume??ag????X??l???????????????o???l?l?????f?k?k?k?????????????k??????s???? "??k???????????????????????????????????????????????????k???&???????????}???-???????????????????k??????????? ???????fa????l???????-??,?????????????????? ???????k?????k???????-???????????????????????k?&??? ???????k?????k?? ????-??"?????b???????????rdbss????????f?j?k?k?k???k??STORAGE\Volume???????k???k?????????????????????????????????????????????????????????????s????{8ECC055D-047F-11D1-A537-0000F8753ED1}???A??????????????????????mrxsmb???????????????????????????????4??????????????????????????seehcri????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???k?s??? ???????k?????k?????k?-???????????? ???????????LegacyDriver?????k??? ???????k???????????t?-????????N???????????{71a27cdd-812a-11d0-bec7-08002be2092f}???????????|???????k??????s????????????k?????????????????k?&??Volume??HJ???????????4???????????????\??????????????????????????????seehcri???????????????????s?????????????Net??t???k????:??????4?g??????:??????4?g?????????i??????s???LegacyDriver?????????k???8???????????????????????????k???0???2???k???l?l?????????????????s???k???????k???????????????????????????????????????????????3???????k???k??LegacyDriver?????k?k?k?k?????k???g?j?k?k?????k???k???k??disk????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????seehcri??????????k??????s???? ???j???????????????????????k???????????k??? ???????k?????k?????k?-???????????????????C?????????????7??????B3??? ???????k???????????k?-????????Z???????????LegacyDriver?????k???????????k?????k?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????g?h?k?k?k?k?h???????k?????????????? ??????????s@v?????????????????s?????l?l??????`??}?????????
---- EOF - GMER 1.0.15 ----
********************************************************************************.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Shravan at 11:44:59.12 on 19-05-2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.91.1033.18.3039.1676 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shravan\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\shravan\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: kuaiche.com\software
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\shravan\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\firefox\profiles\5729b0x0.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\shravan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Auto Shutdown: amin.eft_Shutdown@gmail.com - %profile%\extensions\amin.eft_Shutdown@gmail.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\drivers\CSN5PDTS82.sys [2011-2-2 28184]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-3 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-3 269480]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-1-3 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-1-3 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 136176]
.
=============== Created Last 30 ================
.
2011-05-18 22:57:07 -------- d-----w- c:\users\shravan\appdata\roaming\Malwarebytes
2011-05-18 22:57:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 22:56:59 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-18 22:56:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 22:56:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-17 23:32:23 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2011-05-17 11:12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 13:04:18 -------- d-----w- c:\progra~2\Skype Extras
.
==================== Find3M ====================
.
.
============= FINISH: 11:45:30.75 ===============