Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log file


  • This topic is locked This topic is locked
20 replies to this topic

#1 Dovi

Dovi

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Delhi
  • Local time:10:11 PM

Posted 15 December 2010 - 04:32 PM

Hi, please help me out with the following log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:05:30, on 16-12-2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SymbianConnectRunTime\SymbianConnectRuntime.exe
C:\PROGRA~1\Symbian\Shared\SymbianConnectRunTime\SCBAL.exe
C:\PROGRA~1\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Sony Ericsson\Mobile4\Mobile Networking Wizard\mngui.exe
C:\Program Files\Sony Ericsson\Mobile4\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Satish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Satish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Satish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Satish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Satish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Satish\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Satish\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell.com/content/default.aspx?c=in&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SearchPredict\SearchPredict.dll
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: xplorer2 Toolbar - {db35fda8-77e3-4784-92c2-ee7345e91af4} - C:\Program Files\xplorer2\tbxplo.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: ooVoo Video Chat Toolbar - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\tbooVo.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\dapieloader.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\grabber.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: xplorer2 Toolbar - {db35fda8-77e3-4784-92c2-ee7345e91af4} - C:\Program Files\xplorer2\tbxplo.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O3 - Toolbar: ooVoo Video Chat Toolbar - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Video_Chat\tbooVo.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0194778-E2ED-4EAF-ABA5-38630B5B931E}: NameServer = 202.56.240.5 202.56.230.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~2\AVP11\mzvkbd3.dll,C:\PROGRA~2\AVP11\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\Sigmatel\C-Major Audio\WDM\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: Perfios_Service - Unknown owner - C:\Program Files\Perfios\perfios_winsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

--
End of file - 10072 bytes

BC AdBot (Login to Remove)

 


#2 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:41 PM

Posted 25 December 2010 - 08:08 PM

Hi Dovi,

what are the symptoms of your computer?


Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.


We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

#3 Dovi

Dovi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Delhi
  • Local time:10:11 PM

Posted 27 December 2010 - 06:02 AM

Hi,

Thanks for your reply. To answer your question about the symptoms of the computer, I am having difficulty in downloading Windows update for cummu-
lative security update for IE7 for windows Vista (KB978207) for which I am getting error code 8007371C and for downloading Windows Vista service pack 1 (KB936330).

I ran a Malware check as instructed by you and the log is copied below followed by a log of DDR scan. The GMER scan could not be run as it keeps saying that 'this is not a valid win 32 application'. I have followed all the instructions and even tried to run it in safe mode. Please advise.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6000
Internet Explorer 7.0.6000.16575

27-12-2010 13:00:27
mbam-log-2010-12-27 (13-00-27).txt

Scan type: Quick scan
Objects scanned: 163504
Time elapsed: 11 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\uninstall fun web products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.


DDR log:


DDS (Ver_10-12-12.01) - NTFSx86
Run by Satish at 15:27:18.49 on 27-12-2010
Internet Explorer: 7.0.6000.16575 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.91.1033.18.2037.854 [GMT 5.5:30]

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Sigmatel\C-Major Audio\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Perfios\perfios_winsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\DAP\DAP.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Satish\Documents\My Completed Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mURLSearchHooks: xplorer2 Toolbar: {db35fda8-77e3-4784-92c2-ee7345e91af4} - c:\program files\xplorer2\tbxplo.dll
mURLSearchHooks: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_video_chat\tbooVo.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: SBCONVERT Class: {31b27f2d-6bc6-451b-b3d2-4eab36b2fc3b} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\searchpredict\SearchPredict.dll
BHO: SPEEDBIT1 Class: {425e30f0-ccc6-4e24-bbeb-bcbd31720b37} - c:\program files\speedbit toolbar\toolbar\SpeedBit.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: xplorer2 Toolbar: {db35fda8-77e3-4784-92c2-ee7345e91af4} - c:\program files\xplorer2\tbxplo.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_video_chat\tbooVo.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\dapieloader.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedbit video downloader\toolbar\grabber.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: xplorer2 Toolbar: {db35fda8-77e3-4784-92c2-ee7345e91af4} - c:\program files\xplorer2\tbxplo.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: SpeedBit: {ebfcd017-bcad-42c3-9ed5-89dbdfc59171} - c:\program files\speedbit toolbar\toolbar\SpeedBit.dll
TB: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_video_chat\tbooVo.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Dell DataSafe Online] c:\program files\dell\dell datasafe online\NOBuClient.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~2\avp11\mzvkbd3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\satish\appdata\roaming\mozilla\firefox\profiles\1530o9ls.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoomail.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\satish\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\satish\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\satish\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Extension: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\satish\appdata\roaming\mozilla\firefox\profiles\1530o9ls.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: AutocompletePro - Your handy search suggestions tool: support@predictad.com - c:\program files\autocompletepro\support@predictad.com
FF - Extension: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\SPFireFox
FF - Extension: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\SPFireFox

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\sigmatel\c-major audio\wdm\AEstSrv.exe [2007-12-29 73728]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-3-29 238952]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2006-11-2 22016]
R2 NOBU;Dell DataSafe Online;c:\program files\dell\dell datasafe online\NOBuAgent.exe [2010-10-20 2075480]
R2 Perfios_Service;Perfios_Service;c:\program files\perfios\perfios_winsvc.exe [2010-8-26 122368]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedbit video accelerator\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedbit video accelerator\VideoAcceleratorService.exe -start -scm [?]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-10-20 325672]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-3-29 36608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-20 6637056]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-1 136176]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-1 6000640]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-3-29 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-3-29 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-3-29 121856]
S3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [2009-4-7 102656]

=============== Created Last 30 ================

2010-12-27 06:26:26 -------- d-----w- c:\users\satish\appdata\roaming\Malwarebytes
2010-12-27 06:26:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-27 06:26:12 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-27 06:26:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 06:26:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-25 09:31:47 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{272753cc-1737-4f63-be90-8199b6950457}\mpengine.dll
2010-12-20 10:14:03 -------- d-----w- c:\program files\TATA Photon+
2010-12-19 21:11:46 -------- d-----w- c:\users\satish\appdata\roaming\ZTEMTUI
2010-12-12 18:48:01 -------- d-----w- c:\users\satish\appdata\roaming\ZTEEVDO
2010-12-11 22:26:15 -------- d-----w- c:\windows\system32\catroot2(189)
2010-12-11 17:42:58 -------- d-----w- C:\cdac059c7a23b4f6bf7c9bea1b93
2010-12-06 23:39:26 330752 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-12-06 23:39:25 328704 ----a-w- c:\windows\system32\stcplx.dll
2010-12-06 23:39:24 527872 ----a-w- c:\windows\system32\stapo.dll
2010-12-06 23:39:24 312320 ----a-w- c:\windows\system32\stapi32.dll
2010-12-06 23:39:22 150016 ----a-w- c:\windows\system32\st325866.dll
2010-12-02 18:46:36 -------- d-----w- c:\users\satish\appdata\local\DOSBox
2010-12-02 18:45:50 -------- d-----w- c:\program files\DOSBox-0.74
2010-11-28 08:08:09 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
2010-11-28 08:07:59 -------- d--h--we c:\progra~2\AVP11
2010-11-28 08:07:55 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2010-11-28 08:06:57 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2010-11-28 08:06:57 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2010-11-28 08:04:42 -------- d-----w- c:\program files\Kaspersky Lab
2010-11-28 08:04:38 -------- d-----w- c:\progra~2\Kaspersky Lab

==================== Find3M ====================

2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-02 12:07:01 47560 ----a-w- c:\windows\system32\SPReview.exe
2010-11-02 12:07:01 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2010-10-19 05:11:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 15:28:36.22 ===============

#4 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:41 PM

Posted 27 December 2010 - 07:19 AM

Hi Dovi,

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


#5 Dovi

Dovi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Delhi
  • Local time:10:11 PM

Posted 28 December 2010 - 07:11 AM

Hi,

As per your instructions I have installed the new Java platform without any problem and then ran the TDSSkiller scan the report for which is copied below. Earlier I was also able to run the GMER scan which I was unable to do before and the GMER log is also given below. However, I am still unable to download security updates for IE7 and service pack 1.

2010/12/28 17:18:32.0627 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/28 17:18:32.0628 ================================================================================
2010/12/28 17:18:32.0628 SystemInfo:
2010/12/28 17:18:32.0628
2010/12/28 17:18:32.0628 OS Version: 6.0.6000 ServicePack: 0.0
2010/12/28 17:18:32.0628 Product type: Workstation
2010/12/28 17:18:32.0628 ComputerName: SATISH-PC
2010/12/28 17:18:32.0628 UserName: Satish
2010/12/28 17:18:32.0628 Windows directory: C:\Windows
2010/12/28 17:18:32.0628 System windows directory: C:\Windows
2010/12/28 17:18:32.0628 Processor architecture: Intel x86
2010/12/28 17:18:32.0628 Number of processors: 2
2010/12/28 17:18:32.0628 Page size: 0x1000
2010/12/28 17:18:32.0628 Boot type: Normal boot
2010/12/28 17:18:32.0628 ================================================================================
2010/12/28 17:18:33.0870 Initialize success
2010/12/28 17:19:05.0739 ================================================================================
2010/12/28 17:19:05.0739 Scan started
2010/12/28 17:19:05.0739 Mode: Manual;
2010/12/28 17:19:05.0739 ================================================================================
2010/12/28 17:19:07.0532 61883 (45ef15ee13010fd53ed870fd240fa929) C:\Windows\system32\DRIVERS\61883.sys
2010/12/28 17:19:07.0724 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2010/12/28 17:19:07.0868 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/28 17:19:07.0955 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/28 17:19:08.0129 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/28 17:19:08.0200 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/28 17:19:08.0436 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/12/28 17:19:08.0559 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/12/28 17:19:08.0698 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/28 17:19:08.0749 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2010/12/28 17:19:08.0818 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/12/28 17:19:08.0867 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2010/12/28 17:19:08.0986 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/28 17:19:09.0071 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/28 17:19:09.0164 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/12/28 17:19:09.0442 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/28 17:19:09.0561 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/28 17:19:09.0715 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/28 17:19:09.0767 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2010/12/28 17:19:09.0909 Avc (18c8269be7f0f65a2efc5b408d4a17df) C:\Windows\system32\DRIVERS\avc.sys
2010/12/28 17:19:10.0197 b57nd60x (3d3f40545c81032297625655cad40963) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/28 17:19:10.0353 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/12/28 17:19:10.0488 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/28 17:19:10.0668 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/28 17:19:10.0738 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/28 17:19:10.0895 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/28 17:19:10.0996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/28 17:19:11.0069 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/28 17:19:11.0137 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/28 17:19:11.0281 Btcsrusb (34031372274933839c842473623be5ee) C:\Windows\system32\Drivers\btcusb.sys
2010/12/28 17:19:11.0375 BthEnum (e5145a9dec2a863de262d40eff7d793a) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/12/28 17:19:11.0500 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/28 17:19:11.0746 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2010/12/28 17:19:11.0885 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2010/12/28 17:19:11.0995 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2010/12/28 17:19:12.0131 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2010/12/28 17:19:12.0398 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2010/12/28 17:19:12.0624 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/12/28 17:19:12.0879 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/28 17:19:12.0982 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/28 17:19:13.0060 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/28 17:19:13.0265 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2010/12/28 17:19:13.0372 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/28 17:19:13.0585 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2010/12/28 17:19:13.0668 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/28 17:19:13.0876 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/28 17:19:14.0001 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/28 17:19:14.0226 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/12/28 17:19:14.0528 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/12/28 17:19:14.0685 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
2010/12/28 17:19:14.0798 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/12/28 17:19:14.0843 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/12/28 17:19:14.0916 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/12/28 17:19:15.0088 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/28 17:19:15.0214 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/28 17:19:15.0292 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/28 17:19:15.0370 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2010/12/28 17:19:15.0549 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/28 17:19:15.0662 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/12/28 17:19:15.0819 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/28 17:19:15.0885 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/12/28 17:19:15.0942 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/12/28 17:19:15.0993 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/28 17:19:16.0133 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/12/28 17:19:16.0265 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2010/12/28 17:19:16.0460 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/28 17:19:16.0535 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/28 17:19:16.0758 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/28 17:19:16.0800 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/28 17:19:16.0909 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/28 17:19:17.0135 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/28 17:19:17.0196 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/28 17:19:17.0406 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\Windows\system32\DRIVERS\HSFHWAZL.sys
2010/12/28 17:19:17.0758 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/28 17:19:17.0819 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/28 17:19:17.0979 HTTP (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys
2010/12/28 17:19:18.0066 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/28 17:19:18.0245 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/28 17:19:18.0378 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\drivers\iastor.sys
2010/12/28 17:19:18.0578 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/28 17:19:18.0961 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/28 17:19:19.0256 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/28 17:19:19.0362 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/28 17:19:19.0420 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/28 17:19:19.0608 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/28 17:19:19.0731 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/28 17:19:19.0797 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/28 17:19:19.0927 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/12/28 17:19:20.0031 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/12/28 17:19:20.0099 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/28 17:19:20.0157 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/28 17:19:20.0323 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/28 17:19:20.0417 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/28 17:19:20.0522 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/28 17:19:20.0756 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
2010/12/28 17:19:20.0909 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
2010/12/28 17:19:21.0050 KLIF (2b7064ff5681b8dde96b98709bb78884) C:\Windows\system32\DRIVERS\klif.sys
2010/12/28 17:19:21.0166 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
2010/12/28 17:19:21.0287 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
2010/12/28 17:19:21.0370 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/28 17:19:21.0557 L8042Pr2 (956e6d0d0994491bcf62c3bcd4d05ce4) C:\Windows\system32\DRIVERS\L8042Pr2.sys
2010/12/28 17:19:21.0665 LHidFlt2 (27bbea62dfafc495e956d3911ebc3045) C:\Windows\system32\DRIVERS\LHidFlt2.sys
2010/12/28 17:19:21.0714 LKbdFlt2 (bbc297ea4fc97fc7b85f70915345c80a) C:\Windows\system32\DRIVERS\LKbdFlt2.sys
2010/12/28 17:19:21.0786 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/28 17:19:21.0981 LMouFlt2 (45df10f44f6a140a4f3dd377676603f2) C:\Windows\system32\DRIVERS\LMouFlt2.sys
2010/12/28 17:19:22.0089 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/28 17:19:22.0159 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/28 17:19:22.0214 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/28 17:19:22.0294 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/12/28 17:19:22.0489 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/28 17:19:22.0692 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/28 17:19:22.0769 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/12/28 17:19:22.0941 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/28 17:19:23.0035 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/28 17:19:23.0149 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/28 17:19:23.0228 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/12/28 17:19:23.0360 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/28 17:19:23.0439 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/28 17:19:23.0795 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/28 17:19:23.0865 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2010/12/28 17:19:23.0997 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/28 17:19:24.0118 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/28 17:19:24.0158 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/28 17:19:24.0297 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/28 17:19:24.0434 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/28 17:19:24.0653 MSDV (810b16faa4673e09ce0f6a1ee9ed96ee) C:\Windows\system32\DRIVERS\msdv.sys
2010/12/28 17:19:24.0853 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/12/28 17:19:24.0969 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2010/12/28 17:19:25.0077 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/28 17:19:25.0192 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/28 17:19:25.0274 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/12/28 17:19:25.0334 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/12/28 17:19:25.0429 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/28 17:19:25.0472 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/12/28 17:19:25.0617 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/12/28 17:19:25.0768 NativeWifiP (1d162e52fb691eb555a476b04b4bff3f) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/28 17:19:25.0890 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2010/12/28 17:19:25.0993 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/28 17:19:26.0104 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/28 17:19:26.0236 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/28 17:19:26.0324 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/12/28 17:19:26.0451 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/28 17:19:26.0652 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/28 17:19:26.0957 NETw4v32 (4547b8aedd8119fcc127fdc7f282e983) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/12/28 17:19:27.0499 NETw5v32 (39cba1ae2a400ef99c3dec9f9f601876) C:\Windows\system32\DRIVERS\NETw5v32.sys
2010/12/28 17:19:28.0269 NETwLv32 (3ec8dcca3c67d3549af4688dd9d303d1) C:\Windows\system32\DRIVERS\NETwLv32.sys
2010/12/28 17:19:28.0664 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/28 17:19:28.0768 nmwcd (65ac8baa2f916ee9203ee48d7fcee605) C:\Windows\system32\drivers\ccdcmb.sys
2010/12/28 17:19:28.0878 nmwcdc (29af182734a247240d89a0fe63dbef03) C:\Windows\system32\drivers\ccdcmbo.sys
2010/12/28 17:19:28.0994 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/12/28 17:19:29.0069 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/28 17:19:29.0316 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2010/12/28 17:19:29.0407 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/28 17:19:29.0532 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/12/28 17:19:29.0618 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/28 17:19:29.0668 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/28 17:19:29.0715 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/12/28 17:19:29.0905 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/12/28 17:19:30.0019 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/12/28 17:19:30.0210 ohci1394 (953c1ba621f4da9dc7d268ae839a51fb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/28 17:19:30.0294 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/28 17:19:30.0442 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
2010/12/28 17:19:30.0494 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/28 17:19:30.0595 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2010/12/28 17:19:30.0755 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2010/12/28 17:19:30.0834 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
2010/12/28 17:19:30.0981 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/28 17:19:31.0181 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/28 17:19:31.0515 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/28 17:19:31.0586 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/28 17:19:31.0698 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/28 17:19:31.0919 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/28 17:19:32.0151 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/28 17:19:32.0300 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/28 17:19:32.0377 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/28 17:19:32.0572 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/28 17:19:32.0747 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/28 17:19:32.0833 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/28 17:19:32.0899 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/28 17:19:33.0071 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/28 17:19:33.0147 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/28 17:19:33.0230 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/12/28 17:19:33.0299 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/28 17:19:33.0382 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
2010/12/28 17:19:33.0569 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/12/28 17:19:33.0737 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/12/28 17:19:33.0814 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/12/28 17:19:33.0965 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys
2010/12/28 17:19:34.0029 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/12/28 17:19:34.0209 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/28 17:19:34.0285 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/28 17:19:34.0421 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/28 17:19:34.0628 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/28 17:19:34.0726 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/28 17:19:34.0777 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/28 17:19:34.0826 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2010/12/28 17:19:34.0919 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/28 17:19:35.0044 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/28 17:19:35.0094 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/28 17:19:35.0151 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/28 17:19:35.0211 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/12/28 17:19:35.0335 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/28 17:19:35.0424 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/28 17:19:35.0548 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
2010/12/28 17:19:35.0604 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/12/28 17:19:35.0851 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2010/12/28 17:19:35.0943 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/28 17:19:36.0127 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/28 17:19:36.0219 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\Windows\system32\DRIVERS\ss_bbus.sys
2010/12/28 17:19:36.0329 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
2010/12/28 17:19:36.0462 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\Windows\system32\DRIVERS\ss_bmdm.sys
2010/12/28 17:19:36.0599 STHDA (68a0d39e357dd7a234b1d4f1e844c615) C:\Windows\system32\drivers\stwrt.sys
2010/12/28 17:19:36.0771 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/28 17:19:36.0872 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/28 17:19:36.0934 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/28 17:19:36.0994 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/28 17:19:37.0225 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
2010/12/28 17:19:37.0298 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/28 17:19:37.0377 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/28 17:19:37.0517 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/12/28 17:19:37.0590 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/28 17:19:37.0659 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/28 17:19:37.0738 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/28 17:19:37.0950 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/28 17:19:38.0027 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/28 17:19:38.0112 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/28 17:19:38.0220 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/28 17:19:38.0331 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/28 17:19:38.0442 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/28 17:19:38.0597 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/28 17:19:38.0687 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/28 17:19:38.0778 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/28 17:19:38.0852 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/28 17:19:39.0042 upperdev (2522747ba661514e3770e508cce45b64) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2010/12/28 17:19:39.0151 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/28 17:19:39.0273 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/28 17:19:39.0523 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/28 17:19:39.0625 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/28 17:19:39.0865 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/28 17:19:40.0121 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/28 17:19:40.0204 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/28 17:19:40.0317 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/28 17:19:40.0447 usbser (c0488cc01a1c686b08a3d360c7f50324) C:\Windows\system32\DRIVERS\usbser.sys
2010/12/28 17:19:40.0503 UsbserFilt (8aa5f86a6c3b3234beed9556d145bfac) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/28 17:19:40.0578 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/28 17:19:40.0675 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/28 17:19:40.0898 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/28 17:19:41.0057 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/28 17:19:41.0160 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/12/28 17:19:41.0238 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/12/28 17:19:41.0310 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/28 17:19:41.0376 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2010/12/28 17:19:41.0570 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2010/12/28 17:19:41.0668 volmgrx (420c48e593b9520c2dee45d671f923e1) C:\Windows\system32\drivers\volmgrx.sys
2010/12/28 17:19:41.0711 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2010/12/28 17:19:41.0766 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/28 17:19:42.0021 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/28 17:19:42.0094 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/28 17:19:42.0122 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/28 17:19:42.0207 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/28 17:19:42.0306 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/28 17:19:42.0572 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/28 17:19:42.0843 wirelessusbser (ccaec5175f1ebc6eb0dbd607eea791c1) C:\Windows\system32\DRIVERS\3GDatausbser.sys
2010/12/28 17:19:42.0938 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/28 17:19:43.0128 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/28 17:19:43.0213 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/28 17:19:43.0467 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/28 17:19:43.0563 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2010/12/28 17:19:43.0654 zebrbus (812a1e9b0dd3bf23606c32ce696d042b) C:\Windows\system32\DRIVERS\zebrbus.sys
2010/12/28 17:19:43.0802 zebrceb (6e49cf9c48c551264c4af6de19447515) C:\Windows\system32\DRIVERS\zebrceb.sys
2010/12/28 17:19:43.0945 zebrmdfl (9a42f9ccc5cb1ed3db2fe0e007eed8a5) C:\Windows\system32\DRIVERS\zebrmdfl.sys
2010/12/28 17:19:44.0075 zebrmdm (5198070a595009871108091bc4b0e000) C:\Windows\system32\DRIVERS\zebrmdm.sys
2010/12/28 17:19:44.0134 zebrmdmc (29df5831f0d1ce863f23c53585736f32) C:\Windows\system32\DRIVERS\zebrmdmc.sys
2010/12/28 17:19:44.0195 zebrsce (fc749b387f322d3a5635d801c642cfa2) C:\Windows\system32\DRIVERS\zebrsce.sys
2010/12/28 17:19:44.0389 ================================================================================
2010/12/28 17:19:44.0389 Scan finished
2010/12/28 17:19:44.0389 ================================================================================


GMER log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-27 20:15:56
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB11
Running: gmer.exe; Driver: C:\Users\Satish\AppData\Local\Temp\fwliqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce88dbf
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce88dbf@00025ba3e992 0x56 0x73 0x86 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce88dbf@000d924940a7 0xCD 0xC3 0x69 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce88dbf@002265981f90 0x70 0xAD 0xF9 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce88dbf@001e45a5069a 0x9E 0xE9 0x9F 0xB6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce88dbf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce88dbf@00025ba3e992 0x56 0x73 0x86 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce88dbf@000d924940a7 0xCD 0xC3 0x69 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce88dbf@002265981f90 0x70 0xAD 0xF9 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce88dbf@001e45a5069a 0x9E 0xE9 0x9F 0xB6 ...

---- Files - GMER 1.0.15 ----

File C:\Users\Satish\Desktop\Madhu di etc.\.picasa.ini 9324 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals 0 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7610.JPG 188939 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7642.JPG 194333 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\.picasa.ini 5782 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7579.JPG 198022 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7580.JPG 188500 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7582.JPG 200481 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7583.JPG 193036 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7584.JPG 182502 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7585.JPG 199905 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7586.JPG 202503 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7587.JPG 202514 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7588.JPG 187771 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7596.JPG 192426 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7597.JPG 205309 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7599.JPG 204677 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7600.JPG 195509 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7606.JPG 188301 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7608.JPG 183322 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7609.JPG 189159 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7611.JPG 195137 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7614.JPG 192947 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7617.JPG 189481 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7618.JPG 196716 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7619.JPG 193734 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7620.JPG 194022 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7621.JPG 187740 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7623.JPG 189368 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7624.JPG 192758 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7625.JPG 196863 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7626.JPG 192399 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7627.JPG 189132 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7629.JPG 188042 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7632.JPG 188502 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7633.JPG 196196 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7634.JPG 197417 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7635.JPG 200645 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7644.JPG 197175 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7654.JPG 198684 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7655.JPG 188443 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7656.JPG 194753 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7657.JPG 193723 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7658.JPG 193767 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7659.JPG 187520 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7660.JPG 180885 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7661.JPG 188281 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7662.JPG 196815 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7663.JPG 173721 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7664.JPG 177810 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7668.JPG 190425 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7671.JPG 180777 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7675.JPG 199885 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7680.JPG 211489 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7681.JPG 178622 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7685.JPG 181768 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7686.JPG 191387 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7689.JPG 181994 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7690.JPG 172460 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7692.JPG 188244 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7693.JPG 196756 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\.picasaoriginals\DSCN7694.JPG 194472 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7569.JPG 195784 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7570.JPG 192963 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7572.JPG 191033 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7577.JPG 200234 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7578.JPG 190433 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7579.JPG 170324 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7580.JPG 161059 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7582.JPG 173539 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7583.JPG 165805 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7584.JPG 155802 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7585.JPG 172994 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7586.JPG 174805 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7587.JPG 175837 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7588.JPG 161092 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7590.JPG 190828 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7591.JPG 191830 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7593.JPG 195289 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7594.JPG 198725 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7595.JPG 200767 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7596.JPG 165853 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7597.JPG 178621 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7599.JPG 178350 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7600.JPG 168127 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7601.JPG 182142 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7602.JPG 175409 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7603.JPG 211831 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7606.JPG 161785 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7607.JPG 206066 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7608.JPG 156231 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7609.JPG 162878 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7610.JPG 162641 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7611.JPG 169159 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7617.JPG 162447 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7618.JPG 169030 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7619.JPG 166559 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7620.JPG 164935 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7621.JPG 159815 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7623.JPG 161738 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7624.JPG 164444 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7625.JPG 169613 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7626.JPG 163830 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7627.JPG 161284 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7629.JPG 160574 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7632.JPG 161387 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7633.JPG 168377 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7634.JPG 170048 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7635.JPG 173766 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7636.JPG 194955 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7637.JPG 194874 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7638.JPG 195249 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7641.JPG 183497 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7642.JPG 165855 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7644.JPG 168967 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7646.JPG 190406 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7647.JPG 170871 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7648.JPG 186170 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7649.JPG 176709 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7650.JPG 193760 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7651.JPG 205026 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7652.JPG 186867 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7654.JPG 171631 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7655.JPG 161510 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7656.JPG 168274 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7657.JPG 166644 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7658.JPG 166482 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7659.JPG 160424 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7661.JPG 161055 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7662.JPG 169653 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7663.JPG 145740 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7664.JPG 150790 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7665.JPG 182321 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7666.JPG 179398 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7667.JPG 174397 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7668.JPG 163308 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7669.JPG 188594 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7670.JPG 197218 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7671.JPG 154204 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7672.JPG 198165 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7673.JPG 187680 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7674.JPG 188939 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7675.JPG 172784 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7676.JPG 174829 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7677.JPG 191891 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7678.JPG 188983 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7680.JPG 183754 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7681.JPG 151161 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7682.JPG 179565 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7683.JPG 194430 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7684.JPG 195040 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7685.JPG 154839 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7686.JPG 164501 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7687.JPG 186640 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7688.JPG 190004 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7689.JPG 154106 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7690.JPG 144659 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7691.JPG 196084 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7692.JPG 160208 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7693.JPG 170197 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7694.JPG 168122 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7695.JPG 196313 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7696.JPG 190165 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7697.JPG 189927 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7698.JPG 190606 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7699.JPG 192312 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7700.JPG 192652 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7701.JPG 196026 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7702.JPG 196608 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7703.JPG 193562 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7592.JPG 214429 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7614.JPG 165558 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7640.JPG 190259 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7660.JPG 153721 bytes
File C:\Users\Satish\Desktop\Madhu di etc.\DSCN7679.JPG 185538 bytes

---- EOF - GMER 1.0.15 ----

Regards
Dovi

#6 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:41 PM

Posted 28 December 2010 - 11:54 AM

Hi Dovi,


Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


#7 Dovi

Dovi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Delhi
  • Local time:10:11 PM

Posted 28 December 2010 - 11:33 PM

Please find the Rootkit Unhooker report below:

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.509
==============================================
Windows Major Version: 6
Windows Minor Version: 0
Windows Build Number: 6000
==============================================
>Drivers
Driver: C:\Windows\system32\DRIVERS\NETwLv32.sys
Address: 0x8F7A1000
Size: 6680576 bytes

Driver: C:\Windows\system32\DRIVERS\kl1.sys
Address: 0x8AADE000
Size: 5382144 bytes

Driver: C:\Windows\system32\DRIVERS\igdkmd32.sys
Address: 0x8F0F7000
Size: 5279744 bytes

Driver: C:\Windows\system32\ntkrnlpa.exe
Address: 0x84800000
Size: 3805184 bytes

Driver: PnpManager
Address: 0x84800000
Size: 3805184 bytes

Driver: RAW
Address: 0x84800000
Size: 3805184 bytes

Driver: WMIxWDM
Address: 0x84800000
Size: 3805184 bytes

Driver: Win32k
Address: 0x9DE00000
Size: 2097152 bytes

Driver: C:\Windows\System32\win32k.sys
Address: 0x9DE00000
Size: 2097152 bytes

Driver: C:\Windows\system32\drivers\iastor.sys
Address: 0x8564B000
Size: 1789952 bytes

Driver: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8B2F8000
Size: 1081344 bytes

Driver: C:\Windows\system32\drivers\ndis.sys
Address: 0x8B0FC000
Size: 1064960 bytes

Driver: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x910C1000
Size: 1056768 bytes

Driver: C:\Windows\system32\CI.dll
Address: 0x8051F000
Size: 921600 bytes

Driver: C:\Windows\system32\drivers\peauth.sys
Address: 0xB6522000
Size: 909312 bytes

Driver: C:\Windows\System32\drivers\tcpip.sys
Address: 0x9332A000
Size: 876544 bytes

Driver: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x9100C000
Size: 741376 bytes

Driver: C:\Windows\system32\drivers\iastorv.sys
Address: 0x80760000
Size: 655360 bytes

Driver: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8E8B1000
Size: 651264 bytes

Driver: C:\Windows\system32\drivers\spsys.sys
Address: 0xB40DD000
Size: 581632 bytes

Driver: C:\Windows\system32\DRIVERS\klif.sys
Address: 0x91243000
Size: 536576 bytes

Driver: C:\Windows\system32\drivers\btwaudio.sys
Address: 0x93585000
Size: 503808 bytes

Driver: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x804A4000
Size: 503808 bytes

Driver: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8AA15000
Size: 434176 bytes

Driver: C:\Windows\system32\drivers\HTTP.sys
Address: 0xB451E000
Size: 430080 bytes

Driver: C:\Windows\system32\drivers\btwavdt.sys
Address: 0x9323D000
Size: 417792 bytes

Driver: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80266000
Size: 393216 bytes

Driver: C:\Windows\system32\drivers\stwrt.sys
Address: 0x90A8B000
Size: 348160 bytes

Driver: C:\Windows\system32\DRIVERS\b57nd60x.sys
Address: 0x8F74F000
Size: 335872 bytes

Driver: C:\Windows\system32\DRIVERS\rixdptsk.sys
Address: 0x8F6E9000
Size: 335872 bytes

Driver: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xB4F34000
Size: 331776 bytes

Driver: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x8AA7F000
Size: 303104 bytes

Driver: C:\Windows\system32\drivers\afd.sys
Address: 0x9353E000
Size: 290816 bytes

Driver: C:\Windows\system32\drivers\acpi.sys
Address: 0x80461000
Size: 274432 bytes

Driver: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8F63C000
Size: 262144 bytes

Driver: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Address: 0x911C3000
Size: 249856 bytes

Driver: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8E819000
Size: 249856 bytes

Driver: C:\Windows\system32\CLFS.SYS
Address: 0x8021A000
Size: 241664 bytes

Driver: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x934B0000
Size: 241664 bytes

Driver: C:\Windows\System32\Drivers\bthport.sys
Address: 0x913C6000
Size: 237568 bytes

Driver: C:\Windows\system32\DRIVERS\OEM02Dev.sys
Address: 0x912C6000
Size: 237568 bytes

Driver: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xB4FA9000
Size: 233472 bytes

Driver: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x80648000
Size: 233472 bytes

Driver: C:\Windows\system32\drivers\volsnap.sys
Address: 0x80612000
Size: 221184 bytes

Driver: ACPI_HAL
Address: 0x84BA1000
Size: 212992 bytes

Driver: C:\Windows\system32\hal.dll
Address: 0x84BA1000
Size: 212992 bytes

Driver: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8FE02000
Size: 212992 bytes

Driver: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x9350C000
Size: 204800 bytes

Driver: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x806C5000
Size: 200704 bytes

Driver: C:\Windows\system32\drivers\portcls.sys
Address: 0x90A5E000
Size: 184320 bytes

Driver: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8F67C000
Size: 176128 bytes

Driver: C:\Windows\system32\drivers\msrpc.sys
Address: 0x80681000
Size: 176128 bytes

Driver: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0xB4072000
Size: 176128 bytes

Driver: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8FEB0000
Size: 172032 bytes

Driver: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0x9366E000
Size: 163840 bytes

Driver: C:\Windows\system32\DRIVERS\SCSIPORT.SYS
Address: 0x80700000
Size: 155648 bytes

Driver: C:\Windows\system32\drivers\drmk.sys
Address: 0x90A39000
Size: 151552 bytes

Driver: C:\Windows\System32\drivers\ecache.sys
Address: 0x85608000
Size: 151552 bytes

Driver: C:\Windows\system32\drivers\pci.sys
Address: 0x80434000
Size: 151552 bytes

Driver: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xB4F85000
Size: 147456 bytes

Driver: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8FFDD000
Size: 143360 bytes

Driver: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8B0DB000
Size: 135168 bytes

Driver: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x91222000
Size: 135168 bytes

Driver: C:\Windows\system32\drivers\ataport.SYS
Address: 0x8073A000
Size: 122880 bytes

Driver: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0xB4FE2000
Size: 122880 bytes

Driver: C:\Windows\system32\drivers\luafv.sys
Address: 0xAF852000
Size: 110592 bytes

Driver: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xB44C3000
Size: 110592 bytes

Driver: C:\Windows\system32\DRIVERS\bthpan.sys
Address: 0x932B1000
Size: 106496 bytes

Driver: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xB442A000
Size: 102400 bytes

Driver: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x91314000
Size: 102400 bytes

Driver: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8F6A7000
Size: 98304 bytes

Driver: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x9344F000
Size: 94208 bytes

Driver: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8F61A000
Size: 94208 bytes

Driver: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x90A22000
Size: 94208 bytes

Driver: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xB0CD6000
Size: 90112 bytes

Driver: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x93207000
Size: 90112 bytes

Driver: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x932D5000
Size: 86016 bytes

Driver: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xB4416000
Size: 81920 bytes

Driver: C:\Windows\system32\DRIVERS\rimsptsk.sys
Address: 0x8F73B000
Size: 81920 bytes

Driver: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x9321D000
Size: 81920 bytes

Driver: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8F6D6000
Size: 77824 bytes

Driver: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8FEDA000
Size: 77824 bytes

Driver: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xB405F000
Size: 77824 bytes

Driver: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x934EB000
Size: 77824 bytes

Driver: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8E89F000
Size: 73728 bytes

Driver: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xB4404000
Size: 73728 bytes

Driver: C:\Windows\system32\drivers\disk.sys
Address: 0x8AA04000
Size: 69632 bytes

Driver: C:\Windows\system32\DRIVERS\rfcomm.sys
Address: 0x91303000
Size: 69632 bytes

Driver: C:\Windows\system32\DRIVERS\rimmptsk.sys
Address: 0x8F005000
Size: 69632 bytes

Driver: C:\Windows\system32\DRIVERS\risdptsk.sys
Address: 0x8F016000
Size: 69632 bytes

Driver: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x806B5000
Size: 65536 bytes

Driver: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8BC20000
Size: 65536 bytes

Driver: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0xAF800000
Size: 65536 bytes

Driver: C:\Windows\system32\DRIVERS\LMouFlt2.sys
Address: 0x8BCC0000
Size: 65536 bytes

Driver: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x8040B000
Size: 65536 bytes

Driver: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8BC10000
Size: 65536 bytes

Driver: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8BCB0000
Size: 65536 bytes

Driver: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8FF29000
Size: 61440 bytes

Driver: C:\Windows\System32\Drivers\mup.sys
Address: 0x8562D000
Size: 61440 bytes

Driver: C:\Windows\System32\drivers\partmgr.sys
Address: 0x8563C000
Size: 61440 bytes

Driver: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8B037000
Size: 61440 bytes

Driver: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8FEED000
Size: 61440 bytes

Driver: C:\Windows\system32\drivers\volmgr.sys
Address: 0x80425000
Size: 61440 bytes

Driver: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8E891000
Size: 57344 bytes

Driver: C:\Windows\system32\DRIVERS\bthmodem.sys
Address: 0x932A3000
Size: 57344 bytes

Driver: C:\Windows\System32\cdd.dll
Address: 0xAF410000
Size: 57344 bytes

Driver: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8C0D7000
Size: 57344 bytes

Driver: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x934FE000
Size: 57344 bytes

Driver: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x913AD000
Size: 57344 bytes

Driver: C:\Windows\system32\DRIVERS\PCIIDEX.SYS
Address: 0x8AAD0000
Size: 57344 bytes

Driver: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8E80B000
Size: 57344 bytes

Driver: C:\Windows\system32\DRIVERS\zebrceb.sys
Address: 0x8F601000
Size: 57344 bytes

Driver: C:\Windows\system32\drivers\modem.sys
Address: 0x8F04E000
Size: 53248 bytes

Driver: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8F041000
Size: 53248 bytes

Driver: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8B2A7000
Size: 53248 bytes

Driver: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8020D000
Size: 53248 bytes

Driver: C:\Windows\System32\Drivers\BTHUSB.sys
Address: 0x91000000
Size: 49152 bytes

Driver: C:\Windows\system32\DRIVERS\L8042Pr2.sys
Address: 0x8F6CA000
Size: 49152 bytes

Driver: C:\Windows\System32\drivers\vga.sys
Address: 0x90A16000
Size: 49152 bytes

Driver: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8F6BF000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8E800000
Size: 45056 bytes

Driver: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x913BB000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8F60F000
Size: 45056 bytes

Driver: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xB16BE000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8F631000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8C009000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8E856000
Size: 45056 bytes

Driver: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x8041B000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\BthEnum.sys
Address: 0x932CB000
Size: 40960 bytes

Driver: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x9A764000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\msahci.sys
Address: 0x806F6000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8FEA6000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x9A7DC000
Size: 40960 bytes

Driver: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x93466000
Size: 40960 bytes

Driver: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9A7A0000
Size: 40960 bytes

Driver: C:\Windows\system32\DRIVERS\asyncmac.sys
Address: 0xB1B3F000
Size: 36864 bytes

Driver: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x80601000
Size: 36864 bytes

Driver: C:\Windows\system32\FsUsbExDisk.SYS
Address: 0xB1B48000
Size: 36864 bytes

Driver: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8E9AA000
Size: 36864 bytes

Driver: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8E98F000
Size: 36864 bytes

Driver: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8E9A1000
Size: 36864 bytes

Driver: C:\Windows\system32\DRIVERS\klmouflt.sys
Address: 0x8E959000
Size: 36864 bytes

Driver: C:\Windows\system32\PSHED.dll
Address: 0x8025D000
Size: 36864 bytes

Driver: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x806AC000
Size: 36864 bytes

Driver: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8E9D7000
Size: 36864 bytes

Driver: C:\Windows\System32\TSDDD.dll
Address: 0xAF400000
Size: 36864 bytes

Driver: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8E950000
Size: 36864 bytes

Driver: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8E974000
Size: 36864 bytes

Driver: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x80204000
Size: 36864 bytes

Driver: C:\Windows\system32\drivers\atapi.sys
Address: 0x80758000
Size: 32768 bytes

Driver: C:\Windows\system32\BOOTVID.dll
Address: 0x80255000
Size: 32768 bytes

Driver: C:\Windows\system32\kdcom.dll
Address: 0x802C6000
Size: 32768 bytes

Driver: C:\Windows\system32\DRIVERS\klim6.sys
Address: 0x8C135000
Size: 32768 bytes

Driver: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8C14D000
Size: 32768 bytes

Driver: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x80459000
Size: 32768 bytes

Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8C155000
Size: 32768 bytes

Driver: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8C15D000
Size: 32768 bytes

Driver: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8060A000
Size: 32768 bytes

Driver: C:\Windows\system32\DRIVERS\XAudio32.sys
Address: 0xD2128000
Size: 32768 bytes

Driver: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8C0BF000
Size: 28672 bytes

Driver: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8C079000
Size: 28672 bytes

Driver: C:\Windows\system32\DRIVERS\intelide.sys
Address: 0x80404000
Size: 28672 bytes

Driver: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8C0B8000
Size: 28672 bytes

Driver: C:\Windows\system32\drivers\pciide.sys
Address: 0x8AAC9000
Size: 28672 bytes

Driver: C:\Windows\system32\DRIVERS\kl2.sys
Address: 0x8FE8E000
Size: 24576 bytes

Driver: C:\Windows\system32\DRIVERS\LHidFlt2.sys
Address: 0x8FE46000
Size: 24576 bytes

Driver: C:\Windows\System32\Drivers\rkhdrv40.SYS
Address: 0xEEFA6000
Size: 24576 bytes

Driver: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8C018000
Size: 16384 bytes

Driver: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xB5784000
Size: 16384 bytes

Driver: C:\Windows\system32\DRIVERS\btwrchid.sys
Address: 0x9064E000
Size: 12288 bytes

Driver: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x80201000
Size: 12288 bytes

Driver: C:\Windows\system32\DRIVERS\LKbdFlt2.sys
Address: 0x8E9E0000
Size: 8192 bytes

Driver: C:\Windows\system32\DRIVERS\OEM02Vfx.sys
Address: 0x8E9F6000
Size: 8192 bytes

Driver: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8E9EE000
Size: 8192 bytes

Driver: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8E9FE000
Size: 8192 bytes

Driver: C:\Windows\system32\DRIVERS\zebrwh.sys
Address: 0x8E9FA000
Size: 8192 bytes

==============================================
>Stealth

#8 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:41 PM

Posted 29 December 2010 - 08:41 AM

Hi Dovi,

I don't see any malware in your computer. I think the update problems might be caused by some other program or problems in the operating system.

Please post the DDS attach log, and the file:
%windir%\Windowsupdate.log

#9 Dovi

Dovi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Delhi
  • Local time:10:11 PM

Posted 29 December 2010 - 10:44 PM

Hi,

Please find both the requested files attached as zip.

Regards
Dovi

Attached Files



#10 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:41 PM

Posted 02 January 2011 - 07:45 PM

Hi Dovi,

Sorry for the delayed reply. Please do the following:

Press the "windows" key + "r",
in the open dialog window type:

sfc /scannow

and press <ok>. It will check your file system for irregular system files. Please let me know if it detected any irregular files and if it could automatically fix them.

#11 Dovi

Dovi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Delhi
  • Local time:10:11 PM

Posted 03 January 2011 - 12:12 AM

Hi,

I've tried to run sfc /scannow from the RUN window as well as a CMD window without success. I have the appropriate settings for the RPC but for RPC Locator I cannot change it to Automatic even if I restart it. It still shows Manual. I get only a quick opening and closing of a ms-dos window, not the normal dialog scan box.

Regards
Dovi

#12 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:41 PM

Posted 04 January 2011 - 04:29 AM

Hi Dovi,


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

#13 Dovi

Dovi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Delhi
  • Local time:10:11 PM

Posted 04 January 2011 - 11:26 PM

Hi,

I tried running the Combofix, but after Completing stage_50 it says it is deleting files and nothing happens thereafter. I kept the computer running throughout the night and the next morning it was still the same. I swithched the computer off and on and re-ran the Combofix but with same result. The antivirus and firewall had been turned off. Please advise.

#14 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:01:41 PM

Posted 05 January 2011 - 04:27 AM

Hi Dovi,

Let's try running combofix in killall mode:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#15 Dovi

Dovi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Delhi
  • Local time:10:11 PM

Posted 05 January 2011 - 06:54 AM

Hi Jucicandus,

Unable to run combofix in killall mode. The blue screen displays "Scanning for infected files..." and nothing happens. It freezes.

Regards
Dovi




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users