Jump to content

Pritz

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The file fixthis.bat gave me blue screen of death and restarted my computer. Below is my MB log. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4122 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5/20/2010 6:52:40 PM mbam-log-2010-05-20 (18-52-40).txt Scan type: Quick scan Objects scanned: 129113 Time elapsed: 7 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. Thanks kahdah. Below is my new Combofix log. ComboFix 10-05-19.02 - Ganesh 05/19/2010 18:40:49.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2430.1578 [GMT -5:00] Running from: e:\users\Ganesh\Desktop\ComboFix.exe Command switches used :: e:\users\Ganesh\Desktop\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 ))))))))))))))))))))))))))))))) . 2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- e:\users\Public\AppData\Local\temp 2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- e:\users\Default\AppData\Local\temp 2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- e:\users\Admin\AppData\Local\temp 2010-05-19 23:32 . 2010-05-19 23:33 -------- d-----w- E:\32788R22FWJFW 2010-05-18 05:50 . 2010-05-18 05:50 -------- d-----w- e:\program files\Unlocker 2010-05-18 05:49 . 2010-05-18 05:50 -------- d-----w- e:\program files\Bing Bar Installer 2010-05-18 04:24 . 2010-05-18 03:46 15880 ----a-w- e:\windows\system32\lsdelete.exe 2010-05-18 03:46 . 2010-02-04 15:53 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys 2010-05-18 03:46 . 2010-05-18 03:46 -------- dc----w- e:\windows\system32\DRVSTORE 2010-05-18 03:46 . 2010-05-18 03:46 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys 2010-05-18 02:51 . 2010-05-18 02:51 -------- dc-h--w- e:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-18 02:51 . 2010-02-04 15:53 2954656 -c--a-w- e:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-05-18 02:51 . 2010-05-18 03:46 -------- d-----w- e:\programdata\Lavasoft 2010-05-18 02:51 . 2010-05-18 02:51 -------- d-----w- e:\program files\Lavasoft 2010-05-18 02:47 . 2009-06-18 17:55 18816 ------w- e:\windows\system32\SAVRKBootTasks.sys 2010-05-18 00:39 . 2010-05-18 00:39 -------- d-----w- e:\program files\Sophos 2010-05-16 19:22 . 2010-05-19 23:59 -------- d-----w- e:\users\Ganesh\AppData\Local\temp 2010-05-15 22:58 . 2010-05-15 22:58 -------- d-----w- e:\program files\Common Files\Java 2010-05-15 22:58 . 2010-04-12 22:29 411368 ----a-w- e:\windows\system32\deployJava1.dll 2010-05-15 17:42 . 2010-05-15 17:42 -------- d-----w- e:\program files\CCleaner 2010-05-14 23:47 . 2010-05-14 23:47 57344 ----a-w- e:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-14 23:19 . 2010-03-04 07:33 740864 ----a-w- e:\windows\system32\inetcomm.dll 2010-05-10 23:18 . 2010-05-10 23:18 -------- d-----w- E:\Output Files 2010-05-10 23:16 . 2010-05-10 23:16 -------- d-----w- e:\windows\system32\tempdir 2010-05-10 23:16 . 2009-03-18 19:54 1103360 ----a-w- e:\windows\system32\cidfont.dll 2010-05-10 23:16 . 2005-05-31 08:25 1503232 ----a-w- e:\windows\system32\ptj.exe 2010-05-10 23:16 . 2007-06-27 21:15 4369408 ----a-w- e:\windows\system32\pdftk.exe 2010-05-10 23:16 . 2010-05-10 23:22 -------- d-----w- e:\program files\office Convert Pdf to Jpg Jpeg Tiff Free 2010-05-09 18:00 . 2010-05-06 20:41 307280 ----a-w- e:\windows\system32\drivers\aswSnx.sys 2010-05-09 18:00 . 2010-05-06 20:41 99280 ----a-w- e:\windows\system32\drivers\aswFW.sys 2010-05-09 17:59 . 2010-05-06 20:40 190416 ----a-w- e:\windows\system32\drivers\aswNdis2.sys 2010-05-09 17:58 . 2010-03-19 20:10 12112 ----a-w- e:\windows\system32\drivers\aswNdis.sys 2010-05-09 17:58 . 2010-05-09 17:58 -------- d-----w- e:\programdata\Alwil Software 2010-05-09 17:42 . 2009-10-10 02:57 12800 ----a-w- e:\windows\system32\drivers\sffp_sd.sys 2010-05-09 17:42 . 2009-10-10 02:31 84992 ----a-w- e:\windows\system32\drivers\sdbus.sys 2010-05-09 17:42 . 2009-12-11 07:44 133720 ----a-w- e:\windows\system32\drivers\ksecpkg.sys 2010-05-09 17:42 . 2009-12-11 07:38 1037312 ----a-w- e:\windows\system32\lsasrv.dll 2010-05-09 17:42 . 2009-09-26 05:58 194488 ----a-w- e:\windows\system32\drivers\fvevol.sys 2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\users\Ganesh\AppData\Local\TVU Networks 2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\programdata\TVU Networks 2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\program files\TVUPlayer 2010-04-25 15:40 . 2010-04-25 15:40 -------- d-----w- e:\users\Ganesh\AppData\Roaming\Malwarebytes 2010-04-24 19:47 . 2010-04-24 19:47 -------- d-----w- e:\users\Admin\AppData\Local\Adobe 2010-04-24 19:31 . 2010-04-24 19:31 -------- d-----w- e:\users\Admin\AppData\Roaming\Malwarebytes 2010-04-24 19:31 . 2010-04-29 20:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys 2010-04-24 19:31 . 2010-04-29 20:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys 2010-04-24 19:31 . 2010-04-24 19:31 -------- d-----w- e:\programdata\Malwarebytes 2010-04-24 19:31 . 2010-05-15 18:08 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware 2010-04-23 10:22 . 2010-04-23 10:22 2898232 ----a-w- e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-15 22:58 . 2009-10-24 13:25 -------- d-----w- e:\program files\Java 2010-05-15 18:03 . 2009-11-10 03:37 -------- d-----w- e:\program files\Common Files\InstallShield 2010-05-15 18:03 . 2009-11-10 03:38 -------- d--h--w- e:\program files\InstallShield Installation Information 2010-05-14 23:57 . 2009-10-24 13:31 -------- d-----w- e:\program files\DivX 2010-05-14 23:57 . 2009-10-24 13:31 -------- d-----w- e:\program files\Common Files\DivX Shared 2010-05-14 23:46 . 2010-05-14 23:46 56766 ----a-w- e:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-14 23:46 . 2010-05-14 23:43 -------- d-----w- e:\programdata\DivX 2010-05-14 23:46 . 2010-05-14 23:46 56978 ----a-w- e:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-05-14 23:46 . 2010-05-14 23:46 53600 ----a-w- e:\programdata\DivX\Update\Uninstaller.exe 2010-05-14 23:46 . 2010-05-14 23:46 57409 ----a-w- e:\programdata\DivX\ControlPanel\Uninstaller.exe 2010-05-14 23:46 . 2010-05-14 23:46 52963 ----a-w- e:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-14 23:46 . 2010-05-14 23:46 54073 ----a-w- e:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-05-14 23:43 . 2010-05-14 23:43 144696 ----a-w- e:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-14 23:43 . 2010-05-14 23:46 754984 ----a-w- e:\programdata\DivX\Setup\Resource.dll 2010-05-14 23:43 . 2010-05-14 23:46 1180952 ----a-w- e:\programdata\DivX\Setup\DivXSetup.exe 2010-05-14 23:19 . 2009-07-14 02:37 -------- d-----w- e:\program files\Windows Mail 2010-05-14 04:40 . 2009-10-20 22:12 -------- d-----w- e:\program files\Microsoft.NET 2010-05-11 02:52 . 2009-10-20 04:36 -------- d-----w- e:\program files\uTorrent 2010-05-11 02:51 . 2009-10-20 04:36 -------- d-----w- e:\users\Ganesh\AppData\Roaming\uTorrent 2010-05-09 19:03 . 2010-02-06 21:40 -------- d-----w- e:\users\Ganesh\AppData\Roaming\vlc 2010-05-09 18:01 . 2010-01-05 00:24 -------- d-----w- e:\program files\Alwil Software 2010-05-08 22:40 . 2010-02-25 04:32 -------- d-----w- e:\program files\Google 2010-05-06 20:59 . 2010-01-05 00:25 38848 ----a-w- e:\windows\system32\avastSS.scr 2010-05-06 20:59 . 2010-01-05 00:24 165032 ----a-w- e:\windows\system32\aswBoot.exe 2010-05-06 20:39 . 2010-01-05 00:25 46672 ----a-w- e:\windows\system32\drivers\aswTdi.sys 2010-05-06 20:39 . 2010-01-05 00:25 164048 ----a-w- e:\windows\system32\drivers\aswSP.sys 2010-05-06 20:34 . 2010-01-05 00:25 23376 ----a-w- e:\windows\system32\drivers\aswRdr.sys 2010-05-06 20:34 . 2010-01-05 00:24 51792 ----a-w- e:\windows\system32\drivers\aswMonFlt.sys 2010-05-06 20:33 . 2010-01-05 00:25 19024 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys 2010-04-24 19:29 . 2009-11-21 05:42 -------- d-----w- e:\users\Admin\AppData\Roaming\uTorrent 2010-04-24 19:28 . 2009-07-13 23:11 43088 ----a-w- e:\windows\system32\drivers\pcw.sys 2010-03-21 05:14 . 2009-07-13 23:16 6656 ----a-w- e:\windows\system32\lpcio.dll 2010-03-08 21:33 . 2010-04-25 15:57 427520 ----a-w- e:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- e:\windows\system32\dpl100.dll 2010-03-04 18:42 . 2010-03-04 18:42 277536 ----a-w- e:\windows\system32\drivers\Rt86win7.sys 2010-02-27 18:11 . 2010-02-27 18:11 593920 ----a-w- e:\users\Ganesh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv305hw-0910190-0-main.dll 2010-02-27 18:10 . 2010-02-27 18:10 319488 ----a-w- e:\users\Ganesh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe 2010-02-27 12:07 . 2010-04-25 15:57 3899280 ----a-w- e:\windows\system32\ntoskrnl.exe 2010-02-27 12:07 . 2010-04-25 15:57 3954568 ----a-w- e:\windows\system32\ntkrnlpa.exe 2010-02-27 07:32 . 2010-04-25 15:57 221696 ----a-w- e:\windows\system32\drivers\mrxsmb10.sys 2010-02-27 07:32 . 2010-04-25 15:57 95744 ----a-w- e:\windows\system32\drivers\mrxsmb20.sys 2010-02-27 07:32 . 2010-04-25 15:57 123392 ----a-w- e:\windows\system32\drivers\mrxsmb.sys 2010-02-24 15:16 . 2009-10-14 09:58 181632 ------w- e:\windows\system32\MpSigStub.exe 2010-02-23 07:56 . 2010-04-25 15:57 977920 ----a-w- e:\windows\system32\wininet.dll 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- e:\windows\system32\GPhotos.scr 2009-12-23 21:40 . 2009-12-23 21:40 151392 ----a-w- e:\program files\mozilla firefox\components\FFConnectorLauncher.dll 2009-12-23 21:40 . 2009-12-23 21:40 296800 ----a-w- e:\program files\mozilla firefox\components\FFSource.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- e:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- e:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell] @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}] 2010-05-06 21:02 151648 ----a-w- e:\program files\Alwil Software\Avast5\snxPlugins.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SansaDispatch"="e:\users\Ganesh\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-12-09 79872] "Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "Windows Mobile Device Center"="e:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "avast5"="e:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192] "DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "UnlockerAssistant"="e:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" R2 avast! Firewall;avast! Firewall;e:\program files\Alwil Software\Avast5\afwServ.exe [2010-05-06 119200] R2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 136176] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-18 1291544] R3 diskchk;diskchk;e:\windows\system32\diskchk.sys [x] R3 MEMSWEEP2;MEMSWEEP2;e:\windows\system32\3033.tmp [x] R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;e:\windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872] S0 aswNdis;avast! Firewall NDIS Filter Service;e:\windows\system32\DRIVERS\aswNdis.sys [2010-03-19 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SAVRKBootTasks;Boot Tasks Driver;e:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816] S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792] S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\DRIVERS\RTL8187B.sys [2009-11-05 376832] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contents of the 'Scheduled Tasks' folder 2010-05-19 e:\windows\Tasks\Ad-Aware Update (Weekly).job - e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 03:45] 2010-05-19 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job - e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:33] 2010-05-19 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job - e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: e:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: e:\program files\TVUPlayer\npTVUAx.dll FF - plugin: e:\program files\Veetle\Player\npvlc.dll FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: e:\users\Ganesh\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll FF - plugin: e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll ---- FIREFOX POLICIES ---- e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\e:\windows\system32\3033.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-05-19 19:02:34 ComboFix-quarantined-files.txt 2010-05-20 00:02 ComboFix2.txt 2010-05-19 01:29 ComboFix3.txt 2010-05-16 19:22 Pre-Run: 86,308,810,752 bytes free Post-Run: 86,029,672,448 bytes free - - End Of File - - 122F4881B0273052A484778A53E2DB2E
  3. Thanks Kahdah for helping me out. TDS detected yrbbz.sys and deleted it. Below is the log from TDS...... 19:40:36:844 2848 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17 19:40:36:844 2848 ================================================================================ 19:40:36:844 2848 SystemInfo: 19:40:36:844 2848 OS Version: 6.1.7600 ServicePack: 0.0 19:40:36:844 2848 Product type: Workstation 19:40:36:844 2848 ComputerName: GANESH-PC 19:40:36:844 2848 UserName: Ganesh 19:40:36:844 2848 Windows directory: E:\Windows 19:40:36:844 2848 Processor architecture: Intel x86 19:40:36:844 2848 Number of processors: 2 19:40:36:844 2848 Page size: 0x1000 19:40:36:844 2848 Boot type: Normal boot 19:40:36:844 2848 ================================================================================ 19:40:36:860 2848 UnloadDriverW: NtUnloadDriver error 2 19:40:36:860 2848 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2 19:40:38:872 2848 wfopen_ex: Trying to open file E:\Windows\system32\config\system 19:40:38:872 2848 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 19:40:38:872 2848 wfopen_ex: Trying to KLMD file open 19:40:38:872 2848 wfopen_ex: File opened ok (Flags 2) 19:40:39:013 2848 wfopen_ex: Trying to open file E:\Windows\system32\config\software 19:40:39:013 2848 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 19:40:39:013 2848 wfopen_ex: Trying to KLMD file open 19:40:39:013 2848 wfopen_ex: File opened ok (Flags 2) 19:40:39:028 2848 KLAVA engine initialized 19:40:39:309 2848 Initialize success 19:40:39:309 2848 19:40:39:309 2848 Scanning Services ... 19:40:41:712 2848 Raw services enum returned 472 services 19:40:41:727 2848 Suspicious serv yrbbz (h: 0, b: 1) 19:40:41:727 2848 19:40:41:727 2848 Hidden service detected! 19:40:41:727 2848 Service name: yrbbz 19:40:41:727 2848 Image path: 19:40:41:727 2848 Type "delete" (without quotes) to delete it: 19:40:51:945 2848 19:40:51:945 2848 By user detect yrbbz 19:40:51:945 2848 RegNode HKLM\SYSTEM\ControlSet001\services\yrbbz infected by TDSS rootkit ... 19:40:51:945 2848 will be deleted on reboot 19:40:51:992 2848 RegNode HKLM\SYSTEM\ControlSet002\services\yrbbz infected by TDSS rootkit ... 19:40:51:992 2848 will be deleted on reboot 19:40:52:008 2848 File E:\Windows\system32\drivers\yrbbz.sys infected by TDSS rootkit ... 19:40:52:008 2848 will be deleted on reboot 19:40:52:023 2848 19:40:52:023 2848 Scanning Drivers ... 19:40:52:788 2848 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) E:\Windows\system32\DRIVERS\1394ohci.sys 19:40:52:850 2848 ACPI (f0e07d144c8685b8774bc32fc8da4df0) E:\Windows\system32\DRIVERS\ACPI.sys 19:40:52:897 2848 AcpiPmi (98d81ca942d19f7d9153b095162ac013) E:\Windows\system32\DRIVERS\acpipmi.sys 19:40:52:959 2848 adp94xx (21e785ebd7dc90a06391141aac7892fb) E:\Windows\system32\DRIVERS\adp94xx.sys 19:40:53:162 2848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) E:\Windows\system32\DRIVERS\adpahci.sys 19:40:53:209 2848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) E:\Windows\system32\DRIVERS\adpu320.sys 19:40:53:318 2848 AFD (ddc040fdb01ef1712a6b13e52afb104c) E:\Windows\system32\drivers\afd.sys 19:40:53:505 2848 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) E:\Windows\system32\DRIVERS\AGRSM.sys 19:40:53:677 2848 agp440 (507812c3054c21cef746b6ee3d04dd6e) E:\Windows\system32\DRIVERS\agp440.sys 19:40:53:708 2848 aic78xx (8b30250d573a8f6b4bd23195160d8707) E:\Windows\system32\DRIVERS\djsvs.sys 19:40:53:739 2848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) E:\Windows\system32\DRIVERS\aliide.sys 19:40:53:755 2848 amdagp (3c6600a0696e90a463771c7422e23ab5) E:\Windows\system32\DRIVERS\amdagp.sys 19:40:53:771 2848 amdide (cd5914170297126b6266860198d1d4f0) E:\Windows\system32\DRIVERS\amdide.sys 19:40:53:802 2848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) E:\Windows\system32\DRIVERS\amdk8.sys 19:40:53:958 2848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) E:\Windows\system32\DRIVERS\amdppm.sys 19:40:54:020 2848 amdsata (2101a86c25c154f8314b24ef49d7fbc2) E:\Windows\system32\DRIVERS\amdsata.sys 19:40:54:207 2848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) E:\Windows\system32\DRIVERS\amdsbs.sys 19:40:54:254 2848 amdxata (b81c2b5616f6420a9941ea093a92b150) E:\Windows\system32\DRIVERS\amdxata.sys 19:40:54:301 2848 AppID (feb834c02ce1e84b6a38f953ca067706) E:\Windows\system32\drivers\appid.sys 19:40:54:410 2848 arc (2932004f49677bd84dbc72edb754ffb3) E:\Windows\system32\DRIVERS\arc.sys 19:40:54:457 2848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) E:\Windows\system32\DRIVERS\arcsas.sys 19:40:54:519 2848 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) E:\Windows\system32\drivers\aswFsBlk.sys 19:40:54:566 2848 aswFW (50bb1e65de922ce96c61cd5fc23ce59e) E:\Windows\system32\drivers\aswFW.sys 19:40:54:769 2848 aswMonFlt (58254e06b36b984e33ae314c0ea8f1a5) E:\Windows\system32\drivers\aswMonFlt.sys 19:40:54:863 2848 aswNdis (7b948e3657bea62e437bc46ca6ef6012) E:\Windows\system32\DRIVERS\aswNdis.sys 19:40:55:175 2848 aswNdis2 (bd5a889e5804d968301a414a0fda42b2) E:\Windows\system32\drivers\aswNdis2.sys 19:40:55:206 2848 aswRdr (3e2b6112d2766f87eda8466fde86a986) E:\Windows\system32\drivers\aswRdr.sys 19:40:55:253 2848 aswSnx (9da5b209d9843ebfbb3fd6bb197b276f) E:\Windows\system32\drivers\aswSnx.sys 19:40:55:315 2848 aswSP (d78b644816db540e103d0b0766fd9967) E:\Windows\system32\drivers\aswSP.sys 19:40:55:440 2848 aswTdi (606d731008d98b6ef946730c597c1642) E:\Windows\system32\drivers\aswTdi.sys 19:40:55:487 2848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) E:\Windows\system32\DRIVERS\asyncmac.sys 19:40:55:533 2848 atapi (338c86357871c167a96ab976519bf59e) E:\Windows\system32\DRIVERS\atapi.sys 19:40:55:939 2848 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) E:\Windows\system32\DRIVERS\atikmdag.sys 19:40:56:220 2848 b06bdrv (1a231abec60fd316ec54c66715543cec) E:\Windows\system32\DRIVERS\bxvbdx.sys 19:40:56:282 2848 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) E:\Windows\system32\DRIVERS\b57nd60x.sys 19:40:56:329 2848 Beep (505506526a9d467307b3c393dedaf858) E:\Windows\system32\drivers\Beep.sys 19:40:56:454 2848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) E:\Windows\system32\DRIVERS\blbdrive.sys 19:40:56:485 2848 bowser (fcafaef6798d7b51ff029f99a9898961) E:\Windows\system32\DRIVERS\bowser.sys 19:40:56:516 2848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) E:\Windows\system32\DRIVERS\BrFiltLo.sys 19:40:56:563 2848 BrFiltUp (56801ad62213a41f6497f96dee83755a) E:\Windows\system32\DRIVERS\BrFiltUp.sys 19:40:56:641 2848 Brserid (845b8ce732e67f3b4133164868c666ea) E:\Windows\System32\Drivers\Brserid.sys 19:40:57:015 2848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) E:\Windows\System32\Drivers\BrSerWdm.sys 19:40:57:047 2848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) E:\Windows\System32\Drivers\BrUsbMdm.sys 19:40:57:203 2848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) E:\Windows\System32\Drivers\BrUsbSer.sys 19:40:57:234 2848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) E:\Windows\system32\DRIVERS\bthmodem.sys 19:40:57:483 2848 cdfs (77ea11b065e0a8ab902d78145ca51e10) E:\Windows\system32\DRIVERS\cdfs.sys 19:40:57:530 2848 cdrom (ba6e70aa0e6091bc39de29477d866a77) E:\Windows\system32\DRIVERS\cdrom.sys 19:40:57:561 2848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) E:\Windows\system32\DRIVERS\circlass.sys 19:40:57:655 2848 CLFS (635181e0e9bbf16871bf5380d71db02d) E:\Windows\system32\CLFS.sys 19:40:57:780 2848 CmBatt (dea805815e587dad1dd2c502220b5616) E:\Windows\system32\DRIVERS\CmBatt.sys 19:40:57:827 2848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) E:\Windows\system32\DRIVERS\cmdide.sys 19:40:57:873 2848 CNG (1b675691ed940766149c93e8f4488d68) E:\Windows\system32\Drivers\cng.sys 19:40:57:920 2848 Compbatt (a6023d3823c37043986713f118a89bee) E:\Windows\system32\DRIVERS\compbatt.sys 19:40:57:951 2848 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) E:\Windows\system32\DRIVERS\CompositeBus.sys 19:40:58:092 2848 cpuz132 (c5e7e8ca0d76a13a568901b6b304c3ba) E:\Windows\system32\drivers\cpuz132_x32.sys 19:40:58:139 2848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) E:\Windows\system32\DRIVERS\crcdisk.sys 19:40:58:185 2848 CSC (27c9490bdd0ae48911ab8cf1932591ed) E:\Windows\system32\drivers\csc.sys 19:40:58:326 2848 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) E:\Windows\system32\Drivers\dfsc.sys 19:40:58:373 2848 discache (1a050b0274bfb3890703d490f330c0da) E:\Windows\system32\drivers\discache.sys 19:40:58:404 2848 Disk (565003f326f99802e68ca78f2a68e9ff) E:\Windows\system32\DRIVERS\disk.sys 19:40:58:466 2848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) E:\Windows\system32\drivers\drmkaud.sys 19:40:58:669 2848 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) E:\Windows\System32\drivers\dxgkrnl.sys 19:40:58:716 2848 E1G60 (22ef8965101685add128f03a2b03ce16) E:\Windows\system32\DRIVERS\E1G60I32.sys 19:40:58:950 2848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) E:\Windows\system32\DRIVERS\evbdx.sys 19:40:59:309 2848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) E:\Windows\system32\DRIVERS\elxstor.sys 19:40:59:355 2848 ErrDev (8fc3208352dd3912c94367a206ab3f11) E:\Windows\system32\DRIVERS\errdev.sys 19:40:59:387 2848 exfat (2dc9108d74081149cc8b651d3a26207f) E:\Windows\system32\drivers\exfat.sys 19:40:59:543 2848 fastfat (7e0ab74553476622fb6ae36f73d97d35) E:\Windows\system32\drivers\fastfat.sys 19:40:59:558 2848 fdc (e817a017f82df2a1f8cfdbda29388b29) E:\Windows\system32\DRIVERS\fdc.sys 19:40:59:621 2848 FileInfo (6cf00369c97f3cf563be99be983d13d8) E:\Windows\system32\drivers\fileinfo.sys 19:40:59:652 2848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) E:\Windows\system32\drivers\filetrace.sys 19:40:59:777 2848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) E:\Windows\system32\DRIVERS\flpydisk.sys 19:40:59:808 2848 FltMgr (7520ec808e0c35e0ee6f841294316653) E:\Windows\system32\drivers\fltmgr.sys 19:40:59:839 2848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) E:\Windows\system32\drivers\FsDepends.sys 19:40:59:886 2848 Fs_Rec (a574b4360e438977038aae4bf60d79a2) E:\Windows\system32\drivers\Fs_Rec.sys 19:41:00:026 2848 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) E:\Windows\system32\DRIVERS\fvevol.sys 19:41:00:057 2848 gagp30kx (65ee0c7a58b65e74ae05637418153938) E:\Windows\system32\DRIVERS\gagp30kx.sys 19:41:00:104 2848 hcw85cir (c44e3c2bab6837db337ddee7544736db) E:\Windows\system32\drivers\hcw85cir.sys 19:41:00:167 2848 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) E:\Windows\system32\drivers\HdAudio.sys 19:41:00:276 2848 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) E:\Windows\system32\DRIVERS\HDAudBus.sys 19:41:00:323 2848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) E:\Windows\system32\DRIVERS\HidBatt.sys 19:41:00:369 2848 HidBth (89448f40e6df260c206a193a4683ba78) E:\Windows\system32\DRIVERS\hidbth.sys 19:41:00:401 2848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) E:\Windows\system32\DRIVERS\hidir.sys 19:41:00:416 2848 HidUsb (25072fb35ac90b25f9e4e3bacf774102) E:\Windows\system32\DRIVERS\hidusb.sys 19:41:00:541 2848 HpSAMD (295fdc419039090eb8b49ffdbb374549) E:\Windows\system32\DRIVERS\HpSAMD.sys 19:41:00:666 2848 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) E:\Windows\system32\drivers\HTTP.sys 19:41:00:728 2848 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) E:\Windows\system32\drivers\hwpolicy.sys 19:41:00:837 2848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) E:\Windows\system32\DRIVERS\i8042prt.sys 19:41:00:900 2848 iaStorV (934af4d7c5f457b9f0743f4299b77b67) E:\Windows\system32\DRIVERS\iaStorV.sys 19:41:00:947 2848 iirsp (4173ff5708f3236cf25195fecd742915) E:\Windows\system32\DRIVERS\iirsp.sys 19:41:01:009 2848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) E:\Windows\system32\DRIVERS\intelide.sys 19:41:01:118 2848 intelppm (3b514d27bfc4accb4037bc6685f766e0) E:\Windows\system32\DRIVERS\intelppm.sys 19:41:01:165 2848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) E:\Windows\system32\DRIVERS\ipfltdrv.sys 19:41:01:212 2848 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) E:\Windows\system32\DRIVERS\IPMIDrv.sys 19:41:01:259 2848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) E:\Windows\system32\drivers\ipnat.sys 19:41:01:368 2848 IRENUM (42996cff20a3084a56017b7902307e9f) E:\Windows\system32\drivers\irenum.sys 19:41:01:415 2848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) E:\Windows\system32\DRIVERS\isapnp.sys 19:41:01:446 2848 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) E:\Windows\system32\DRIVERS\msiscsi.sys 19:41:01:508 2848 kbdclass (adef52ca1aeae82b50df86b56413107e) E:\Windows\system32\DRIVERS\kbdclass.sys 19:41:01:664 2848 kbdhid (3d9f0ebf350edcfd6498057301455964) E:\Windows\system32\DRIVERS\kbdhid.sys 19:41:01:711 2848 KSecDD (e36a061ec11b373826905b21be10948f) E:\Windows\system32\Drivers\ksecdd.sys 19:41:01:758 2848 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) E:\Windows\system32\Drivers\ksecpkg.sys 19:41:01:820 2848 Lbd (713cd5267abfb86fe90a72e384e82a38) E:\Windows\system32\DRIVERS\Lbd.sys 19:41:01:929 2848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) E:\Windows\system32\DRIVERS\lltdio.sys 19:41:01:976 2848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) E:\Windows\system32\DRIVERS\lsi_fc.sys 19:41:02:039 2848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) E:\Windows\system32\DRIVERS\lsi_sas.sys 19:41:02:070 2848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) E:\Windows\system32\DRIVERS\lsi_sas2.sys 19:41:02:195 2848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) E:\Windows\system32\DRIVERS\lsi_scsi.sys 19:41:02:226 2848 luafv (6703e366cc18d3b6e534f5cf7df39cee) E:\Windows\system32\drivers\luafv.sys 19:41:02:288 2848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) E:\Windows\system32\DRIVERS\megasas.sys 19:41:02:366 2848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) E:\Windows\system32\DRIVERS\MegaSR.sys 19:41:02:475 2848 Modem (f001861e5700ee84e2d4e52c712f4964) E:\Windows\system32\drivers\modem.sys 19:41:02:522 2848 monitor (79d10964de86b292320e9dfe02282a23) E:\Windows\system32\DRIVERS\monitor.sys 19:41:02:631 2848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) E:\Windows\system32\DRIVERS\mouclass.sys 19:41:02:663 2848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) E:\Windows\system32\DRIVERS\mouhid.sys 19:41:02:756 2848 mountmgr (921c18727c5920d6c0300736646931c2) E:\Windows\system32\drivers\mountmgr.sys 19:41:02:819 2848 mpio (2af5997438c55fb79d33d015c30e1974) E:\Windows\system32\DRIVERS\mpio.sys 19:41:02:881 2848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) E:\Windows\system32\drivers\mpsdrv.sys 19:41:02:928 2848 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) E:\Windows\system32\drivers\mrxdav.sys 19:41:03:037 2848 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) E:\Windows\system32\DRIVERS\mrxsmb.sys 19:41:03:131 2848 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) E:\Windows\system32\DRIVERS\mrxsmb10.sys 19:41:03:177 2848 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) E:\Windows\system32\DRIVERS\mrxsmb20.sys 19:41:03:271 2848 msahci (4326d168944123f38dd3b2d9c37a0b12) E:\Windows\system32\DRIVERS\msahci.sys 19:41:03:365 2848 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) E:\Windows\system32\DRIVERS\msdsm.sys 19:41:03:396 2848 Msfs (daefb28e3af5a76abcc2c3078c07327f) E:\Windows\system32\drivers\Msfs.sys 19:41:03:427 2848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) E:\Windows\System32\drivers\mshidkmdf.sys 19:41:03:521 2848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) E:\Windows\system32\DRIVERS\msisadrv.sys 19:41:03:614 2848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) E:\Windows\system32\drivers\MSKSSRV.sys 19:41:03:677 2848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) E:\Windows\system32\drivers\MSPCLOCK.sys 19:41:03:708 2848 MSPQM (f456e973590d663b1073e9c463b40932) E:\Windows\system32\drivers\MSPQM.sys 19:41:03:801 2848 MsRPC (0e008fc4819d238c51d7c93e7b41e560) E:\Windows\system32\drivers\MsRPC.sys 19:41:03:879 2848 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) E:\Windows\system32\DRIVERS\mssmbios.sys 19:41:03:911 2848 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) E:\Windows\system32\drivers\MSTEE.sys 19:41:03:942 2848 MTConfig (33599130f44e1f34631cea241de8ac84) E:\Windows\system32\DRIVERS\MTConfig.sys 19:41:04:176 2848 Mup (159fad02f64e6381758c990f753bcc80) E:\Windows\system32\Drivers\mup.sys 19:41:04:379 2848 NativeWifiP (26384429fcd85d83746f63e798ab1480) E:\Windows\system32\DRIVERS\nwifi.sys 19:41:04:519 2848 NDIS (23759d175a0a9baaf04d05047bc135a8) E:\Windows\system32\drivers\ndis.sys 19:41:04:628 2848 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) E:\Windows\system32\DRIVERS\ndiscap.sys 19:41:04:675 2848 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) E:\Windows\system32\DRIVERS\ndistapi.sys 19:41:04:769 2848 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) E:\Windows\system32\DRIVERS\ndisuio.sys 19:41:04:815 2848 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) E:\Windows\system32\DRIVERS\ndiswan.sys 19:41:04:909 2848 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) E:\Windows\system32\drivers\NDProxy.sys 19:41:04:956 2848 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) E:\Windows\system32\DRIVERS\netbios.sys 19:41:05:065 2848 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) E:\Windows\system32\DRIVERS\nfrd960.sys 19:41:05:112 2848 Npfs (1db262a9f8c087e8153d89bef3d2235f) E:\Windows\system32\drivers\Npfs.sys 19:41:05:190 2848 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) E:\Windows\system32\drivers\nsiproxy.sys 19:41:05:268 2848 Ntfs (3795dcd21f740ee799fb7223234215af) E:\Windows\system32\drivers\Ntfs.sys 19:41:05:424 2848 Null (f9756a98d69098dca8945d62858a812c) E:\Windows\system32\drivers\Null.sys 19:41:05:455 2848 nvraid (3f3d04b1d08d43c16ea7963954ec768d) E:\Windows\system32\DRIVERS\nvraid.sys 19:41:05:502 2848 nvstor (c99f251a5de63c6f129cf71933aced0f) E:\Windows\system32\DRIVERS\nvstor.sys 19:41:05:549 2848 nv_agp (5a0983915f02bae73267cc2a041f717d) E:\Windows\system32\DRIVERS\nv_agp.sys 19:41:05:720 2848 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) E:\Windows\system32\DRIVERS\ohci1394.sys 19:41:05:767 2848 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) E:\Windows\system32\DRIVERS\parport.sys 19:41:05:814 2848 partmgr (ff4218952b51de44fe910953a3e686b9) E:\Windows\system32\drivers\partmgr.sys 19:41:05:954 2848 Parvdm (eb0a59f29c19b86479d36b35983daadc) E:\Windows\system32\DRIVERS\parvdm.sys 19:41:06:079 2848 pci (c858cb77c577780ecc456a892e7e7d0f) E:\Windows\system32\DRIVERS\pci.sys 19:41:06:110 2848 pciide (afe86f419014db4e5593f69ffe26ce0a) E:\Windows\system32\DRIVERS\pciide.sys 19:41:06:157 2848 pcmcia (f396431b31693e71e8a80687ef523506) E:\Windows\system32\DRIVERS\pcmcia.sys 19:41:06:204 2848 pcw (250f6b43d2b613172035c6747aeeb19f) E:\Windows\system32\drivers\pcw.sys 19:41:06:344 2848 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) E:\Windows\system32\drivers\peauth.sys 19:41:06:407 2848 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) E:\Windows\system32\DRIVERS\raspptp.sys 19:41:06:438 2848 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) E:\Windows\system32\DRIVERS\processr.sys 19:41:06:563 2848 Psched (6270ccae2a86de6d146529fe55b3246a) E:\Windows\system32\DRIVERS\pacer.sys 19:41:06:672 2848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) E:\Windows\system32\DRIVERS\ql2300.sys 19:41:06:843 2848 ql40xx (b4dd51dd25182244b86737dc51af2270) E:\Windows\system32\DRIVERS\ql40xx.sys 19:41:06:890 2848 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) E:\Windows\system32\drivers\qwavedrv.sys 19:41:06:921 2848 RasAcd (30a81b53c766d0133bb86d234e5556ab) E:\Windows\system32\DRIVERS\rasacd.sys 19:41:06:968 2848 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) E:\Windows\system32\DRIVERS\AgileVpn.sys 19:41:07:109 2848 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) E:\Windows\system32\DRIVERS\rasl2tp.sys 19:41:07:140 2848 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) E:\Windows\system32\DRIVERS\raspppoe.sys 19:41:07:171 2848 RasSstp (44101f495a83ea6401d886e7fd70096b) E:\Windows\system32\DRIVERS\rassstp.sys 19:41:07:218 2848 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) E:\Windows\system32\DRIVERS\rdbss.sys 19:41:07:358 2848 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) E:\Windows\system32\DRIVERS\rdpbus.sys 19:41:07:374 2848 RDPCDD (1e016846895b15a99f9a176a05029075) E:\Windows\system32\DRIVERS\RDPCDD.sys 19:41:07:421 2848 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) E:\Windows\system32\drivers\rdpdr.sys 19:41:07:452 2848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) E:\Windows\system32\drivers\rdpencdd.sys 19:41:07:623 2848 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) E:\Windows\system32\drivers\rdprefmp.sys 19:41:07:686 2848 RDPWD (801371ba9782282892d00aadb08ee367) E:\Windows\system32\drivers\RDPWD.sys 19:41:07:717 2848 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) E:\Windows\system32\drivers\rdyboost.sys 19:41:07:842 2848 rimmptsk (7a6648b61661b1421ffab762e391e33f) E:\Windows\system32\DRIVERS\rimmptsk.sys 19:41:07:873 2848 rimsptsk (d0a35b7670aa3558eaab483f64446496) E:\Windows\system32\DRIVERS\rimsptsk.sys 19:41:07:935 2848 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) E:\Windows\system32\Drivers\RimUsb.sys 19:41:07:982 2848 rismxdp (6c1f93c0760c9f79a1869d07233df39d) E:\Windows\system32\DRIVERS\rixdptsk.sys 19:41:08:091 2848 rspndr (032b0d36ad92b582d869879f5af5b928) E:\Windows\system32\DRIVERS\rspndr.sys 19:41:08:154 2848 RTL8167 (80b66a4181f782884a815e69d0afa743) E:\Windows\system32\DRIVERS\Rt86win7.sys 19:41:08:216 2848 RTL8187B (8e7d6dbba555c5d5a02decc79fe9c638) E:\Windows\system32\DRIVERS\RTL8187B.sys 19:41:08:325 2848 s3cap (5423d8437051e89dd34749f242c98648) E:\Windows\system32\DRIVERS\vms3cap.sys 19:41:08:388 2848 SAVRKBootTasks (68de5b1e82d3dd10f5f6169522c7c88a) E:\Windows\system32\SAVRKBootTasks.sys 19:41:08:435 2848 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) E:\Windows\system32\DRIVERS\sbp2port.sys 19:41:08:497 2848 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) E:\Windows\system32\DRIVERS\scfilter.sys 19:41:08:653 2848 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) E:\Windows\system32\DRIVERS\sdbus.sys 19:41:08:684 2848 secdrv (90a3935d05b494a5a39d37e71f09a677) E:\Windows\system32\drivers\secdrv.sys 19:41:08:731 2848 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) E:\Windows\system32\DRIVERS\serenum.sys 19:41:08:778 2848 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) E:\Windows\system32\DRIVERS\serial.sys 19:41:08:903 2848 sermouse (79bffb520327ff916a582dfea17aa813) E:\Windows\system32\DRIVERS\sermouse.sys 19:41:08:934 2848 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) E:\Windows\system32\DRIVERS\sffdisk.sys 19:41:08:965 2848 sffp_mmc (932a68ee27833cfd57c1639d375f2731) E:\Windows\system32\DRIVERS\sffp_mmc.sys 19:41:08:996 2848 sffp_sd (a0708bbd07d245c06ff9de549ca47185) E:\Windows\system32\DRIVERS\sffp_sd.sys 19:41:09:059 2848 sfloppy (db96666cc8312ebc45032f30b007a547) E:\Windows\system32\DRIVERS\sfloppy.sys 19:41:09:168 2848 sisagp (2565cac0dc9fe0371bdce60832582b2e) E:\Windows\system32\DRIVERS\sisagp.sys 19:41:09:371 2848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) E:\Windows\system32\DRIVERS\SiSRaid2.sys 19:41:09:417 2848 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) E:\Windows\system32\DRIVERS\sisraid4.sys 19:41:09:683 2848 Smb (3e21c083b8a01cb70ba1f09303010fce) E:\Windows\system32\DRIVERS\smb.sys 19:41:09:714 2848 spldr (95cf1ae7527fb70f7816563cbc09d942) E:\Windows\system32\drivers\spldr.sys 19:41:09:854 2848 srv (50a83ca406c808bd35ac9141a0c7618f) E:\Windows\system32\DRIVERS\srv.sys 19:41:09:901 2848 srv2 (dce7e10feaabd4cae95948b3de5340bb) E:\Windows\system32\DRIVERS\srv2.sys 19:41:09:948 2848 srvnet (bd1433a32792fd0dc450479094fc435a) E:\Windows\system32\DRIVERS\srvnet.sys 19:41:10:073 2848 stexstor (db32d325c192b801df274bfd12a7e72b) E:\Windows\system32\DRIVERS\stexstor.sys 19:41:10:104 2848 storflt (957e346ca948668f2496a6ccf6ff82cc) E:\Windows\system32\DRIVERS\vmstorfl.sys 19:41:10:151 2848 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) E:\Windows\system32\DRIVERS\storvsc.sys 19:41:10:197 2848 SUPERWEBCAM (88a75bff38e6da6975950c8576442842) E:\Windows\system32\DRIVERS\superwebcam.sys 19:41:10:322 2848 swenum (e58c78a848add9610a4db6d214af5224) E:\Windows\system32\DRIVERS\swenum.sys 19:41:10:369 2848 SynTP (70534d1e4f9ac990536d5fb5b550b3de) E:\Windows\system32\DRIVERS\SynTP.sys 19:41:10:463 2848 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) E:\Windows\system32\drivers\tcpip.sys 19:41:10:634 2848 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) E:\Windows\system32\DRIVERS\tcpip.sys 19:41:10:681 2848 tcpipreg (e64444523add154f86567c469bc0b17f) E:\Windows\system32\drivers\tcpipreg.sys 19:41:10:712 2848 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) E:\Windows\system32\drivers\tdpipe.sys 19:41:10:743 2848 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) E:\Windows\system32\drivers\tdtcp.sys 19:41:10:790 2848 tdx (cb39e896a2a83702d1737bfd402b3542) E:\Windows\system32\DRIVERS\tdx.sys 19:41:10:806 2848 TermDD (c36f41ee20e6999dbf4b0425963268a5) E:\Windows\system32\DRIVERS\termdd.sys 19:41:10:931 2848 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) E:\Windows\system32\DRIVERS\tssecsrv.sys 19:41:10:977 2848 tunnel (3e461d890a97f9d4c168f5fda36e1d00) E:\Windows\system32\DRIVERS\tunnel.sys 19:41:11:227 2848 TVALZ (792a8b80f8188aba4b2be271583f3e46) E:\Windows\system32\DRIVERS\TVALZ_O.SYS 19:41:11:274 2848 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) E:\Windows\system32\DRIVERS\uagp35.sys 19:41:11:414 2848 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) E:\Windows\system32\DRIVERS\udfs.sys 19:41:11:477 2848 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) E:\Windows\system32\DRIVERS\uliagpkx.sys 19:41:11:523 2848 umbus (049b3a50b3d646baeeee9eec9b0668dc) E:\Windows\system32\DRIVERS\umbus.sys 19:41:11:555 2848 UmPass (7550ad0c6998ba1cb4843e920ee0feac) E:\Windows\system32\DRIVERS\umpass.sys 19:41:11:695 2848 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) E:\Program Files\Unlocker\UnlockerDriver5.sys 19:41:11:804 2848 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) E:\Windows\system32\DRIVERS\usbccgp.sys 19:41:11:867 2848 usbcir (04ec7cec62ec3b6d9354eee93327fc82) E:\Windows\system32\DRIVERS\usbcir.sys 19:41:11:913 2848 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) E:\Windows\system32\DRIVERS\usbehci.sys 19:41:11:960 2848 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) E:\Windows\system32\DRIVERS\usbhub.sys 19:41:12:069 2848 usbohci (a6fb7957ea7afb1165991e54ce934b74) E:\Windows\system32\DRIVERS\usbohci.sys 19:41:12:116 2848 usbprint (797d862fe0875e75c7cc4c1ad7b30252) E:\Windows\system32\DRIVERS\usbprint.sys 19:41:12:147 2848 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) E:\Windows\system32\DRIVERS\USBSTOR.SYS 19:41:12:179 2848 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) E:\Windows\system32\DRIVERS\usbuhci.sys 19:41:12:225 2848 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) E:\Windows\system32\DRIVERS\usb8023x.sys 19:41:12:319 2848 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) E:\Windows\system32\DRIVERS\vdrvroot.sys 19:41:12:381 2848 vga (17c408214ea61696cec9c66e388b14f3) E:\Windows\system32\DRIVERS\vgapnp.sys 19:41:12:413 2848 VgaSave (8e38096ad5c8570a6f1570a61e251561) E:\Windows\System32\drivers\vga.sys 19:41:12:459 2848 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) E:\Windows\system32\DRIVERS\vhdmp.sys 19:41:12:569 2848 viaagp (c829317a37b4bea8f39735d4b076e923) E:\Windows\system32\DRIVERS\viaagp.sys 19:41:12:912 2848 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) E:\Windows\system32\DRIVERS\viac7.sys 19:41:13:239 2848 viaide (e43574f6a56a0ee11809b48c09e4fd3c) E:\Windows\system32\DRIVERS\viaide.sys 19:41:13:629 2848 VirtualCam (b6ef92c628d993c5f777807ed76a7568) E:\Windows\system32\DRIVERS\VirtualCam.sys 19:41:14:019 2848 vmbus (379b349f65f453d2a6e75ea6b7448e49) E:\Windows\system32\DRIVERS\vmbus.sys 19:41:14:378 2848 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) E:\Windows\system32\DRIVERS\VMBusHID.sys 19:41:15:252 2848 volmgr (384e5a2aa49934295171e499f86ba6f3) E:\Windows\system32\DRIVERS\volmgr.sys 19:41:15:657 2848 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) E:\Windows\system32\drivers\volmgrx.sys 19:41:15:876 2848 volsnap (58df9d2481a56edde167e51b334d44fd) E:\Windows\system32\DRIVERS\volsnap.sys 19:41:15:938 2848 vsmraid (9dfa0cc2f8855a04816729651175b631) E:\Windows\system32\DRIVERS\vsmraid.sys 19:41:16:125 2848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) E:\Windows\System32\drivers\vwifibus.sys 19:41:16:219 2848 vwififlt (7090d3436eeb4e7da3373090a23448f7) E:\Windows\system32\DRIVERS\vwififlt.sys 19:41:16:437 2848 WacomPen (de3721e89c653aa281428c8a69745d90) E:\Windows\system32\DRIVERS\wacompen.sys 19:41:16:515 2848 WANARP (692a712062146e96d28ba0b7d75de31b) E:\Windows\system32\DRIVERS\wanarp.sys 19:41:16:515 2848 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) E:\Windows\system32\DRIVERS\wanarp.sys 19:41:16:609 2848 Wd (1112a9badacb47b7c0bb0392e3158dff) E:\Windows\system32\DRIVERS\wd.sys 19:41:17:389 2848 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) E:\Windows\system32\drivers\Wdf01000.sys 19:41:17:685 2848 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) E:\Windows\system32\DRIVERS\wfplwf.sys 19:41:17:810 2848 WIMMount (5cf95b35e59e2a38023836fff31be64c) E:\Windows\system32\drivers\wimmount.sys 19:41:17:857 2848 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) E:\Windows\system32\DRIVERS\WinUsb.sys 19:41:17:888 2848 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) E:\Windows\system32\DRIVERS\wmiacpi.sys 19:41:17:919 2848 ws2ifsl (6db3276587b853bf886b69528fdb048c) E:\Windows\system32\drivers\ws2ifsl.sys 19:41:17:951 2848 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) E:\Windows\system32\drivers\WudfPf.sys 19:41:17:982 2848 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) E:\Windows\system32\DRIVERS\WUDFRd.sys 19:41:18:153 2848 yrbbz (80c6af4f948d4168fc90da1a6f4b6924) E:\Windows\system32\drivers\yrbbz.sys 19:41:18:153 2848 Suspicious file (NoAccess): E:\Windows\system32\drivers\yrbbz.sys. md5: 80c6af4f948d4168fc90da1a6f4b6924 19:41:18:153 2848 Reboot required for cure complete.. 19:41:18:169 2848 Cure on reboot scheduled successfully 19:41:18:169 2848 19:41:18:169 2848 Completed 19:41:18:169 2848 19:41:18:169 2848 Results: 19:41:18:169 2848 Registry objects infected / cured / cured on reboot: 2 / 0 / 2 19:41:18:169 2848 File objects infected / cured / cured on reboot: 1 / 0 / 1 19:41:18:169 2848 19:41:18:169 2848 fclose_ex: Trying to close file E:\Windows\system32\config\system 19:41:18:169 2848 fclose_ex: Trying to close file E:\Windows\system32\config\software 19:41:18:169 2848 KLMD(ARK) unloaded successfully ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ComboFix log ComboFix 10-05-17.01 - Ganesh 05/18/2010 20:04:37.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2430.1724 [GMT -5:00] Running from: e:\users\Ganesh\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 ))))))))))))))))))))))))))))))) . 2010-05-19 01:26 . 2010-05-19 01:26 -------- d-----w- e:\users\Public\AppData\Local\temp 2010-05-19 01:26 . 2010-05-19 01:26 -------- d-----w- e:\users\Default\AppData\Local\temp 2010-05-19 01:26 . 2010-05-19 01:26 -------- d-----w- e:\users\Admin\AppData\Local\temp 2010-05-19 00:55 . 2010-05-19 00:55 -------- d-----w- E:\32788R22FWJFW 2010-05-18 05:50 . 2010-05-18 05:50 -------- d-----w- e:\program files\Unlocker 2010-05-18 05:49 . 2010-05-18 05:50 -------- d-----w- e:\program files\Bing Bar Installer 2010-05-18 04:24 . 2010-05-18 03:46 15880 ----a-w- e:\windows\system32\lsdelete.exe 2010-05-18 03:46 . 2010-02-04 15:53 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys 2010-05-18 03:46 . 2010-05-18 03:46 -------- dc----w- e:\windows\system32\DRVSTORE 2010-05-18 03:46 . 2010-05-18 03:46 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys 2010-05-18 02:51 . 2010-05-18 02:51 -------- dc-h--w- e:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-18 02:51 . 2010-02-04 15:53 2954656 -c--a-w- e:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-05-18 02:51 . 2010-05-18 03:46 -------- d-----w- e:\programdata\Lavasoft 2010-05-18 02:51 . 2010-05-18 02:51 -------- d-----w- e:\program files\Lavasoft 2010-05-18 02:47 . 2009-06-18 17:55 18816 ------w- e:\windows\system32\SAVRKBootTasks.sys 2010-05-18 00:39 . 2010-05-18 00:39 -------- d-----w- e:\program files\Sophos 2010-05-16 19:22 . 2010-05-19 01:26 -------- d-----w- e:\users\Ganesh\AppData\Local\temp 2010-05-15 22:58 . 2010-05-15 22:58 -------- d-----w- e:\program files\Common Files\Java 2010-05-15 22:58 . 2010-04-12 22:29 411368 ----a-w- e:\windows\system32\deployJava1.dll 2010-05-15 17:42 . 2010-05-15 17:42 -------- d-----w- e:\program files\CCleaner 2010-05-14 23:47 . 2010-05-14 23:47 57344 ----a-w- e:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-14 23:19 . 2010-03-04 07:33 740864 ----a-w- e:\windows\system32\inetcomm.dll 2010-05-10 23:18 . 2010-05-10 23:18 -------- d-----w- E:\Output Files 2010-05-10 23:16 . 2010-05-10 23:16 -------- d-----w- e:\windows\system32\tempdir 2010-05-10 23:16 . 2009-03-18 19:54 1103360 ----a-w- e:\windows\system32\cidfont.dll 2010-05-10 23:16 . 2005-05-31 08:25 1503232 ----a-w- e:\windows\system32\ptj.exe 2010-05-10 23:16 . 2007-06-27 21:15 4369408 ----a-w- e:\windows\system32\pdftk.exe 2010-05-10 23:16 . 2010-05-10 23:22 -------- d-----w- e:\program files\office Convert Pdf to Jpg Jpeg Tiff Free 2010-05-09 18:00 . 2010-05-06 20:41 307280 ----a-w- e:\windows\system32\drivers\aswSnx.sys 2010-05-09 18:00 . 2010-05-06 20:41 99280 ----a-w- e:\windows\system32\drivers\aswFW.sys 2010-05-09 17:59 . 2010-05-06 20:40 190416 ----a-w- e:\windows\system32\drivers\aswNdis2.sys 2010-05-09 17:58 . 2010-03-19 20:10 12112 ----a-w- e:\windows\system32\drivers\aswNdis.sys 2010-05-09 17:58 . 2010-05-09 17:58 -------- d-----w- e:\programdata\Alwil Software 2010-05-09 17:42 . 2009-10-10 02:57 12800 ----a-w- e:\windows\system32\drivers\sffp_sd.sys 2010-05-09 17:42 . 2009-10-10 02:31 84992 ----a-w- e:\windows\system32\drivers\sdbus.sys 2010-05-09 17:42 . 2009-12-11 07:44 133720 ----a-w- e:\windows\system32\drivers\ksecpkg.sys 2010-05-09 17:42 . 2009-12-11 07:38 1037312 ----a-w- e:\windows\system32\lsasrv.dll 2010-05-09 17:42 . 2009-09-26 05:58 194488 ----a-w- e:\windows\system32\drivers\fvevol.sys 2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\users\Ganesh\AppData\Local\TVU Networks 2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\programdata\TVU Networks 2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\program files\TVUPlayer 2010-04-25 15:40 . 2010-04-25 15:40 -------- d-----w- e:\users\Ganesh\AppData\Roaming\Malwarebytes 2010-04-24 19:47 . 2010-04-24 19:47 -------- d-----w- e:\users\Admin\AppData\Local\Adobe 2010-04-24 19:31 . 2010-04-24 19:31 -------- d-----w- e:\users\Admin\AppData\Roaming\Malwarebytes 2010-04-24 19:31 . 2010-04-29 20:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys 2010-04-24 19:31 . 2010-04-29 20:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys 2010-04-24 19:31 . 2010-04-24 19:31 -------- d-----w- e:\programdata\Malwarebytes 2010-04-24 19:31 . 2010-05-15 18:08 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware 2010-04-23 10:22 . 2010-04-23 10:22 2898232 ----a-w- e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-15 22:58 . 2009-10-24 13:25 -------- d-----w- e:\program files\Java 2010-05-15 18:03 . 2009-11-10 03:37 -------- d-----w- e:\program files\Common Files\InstallShield 2010-05-15 18:03 . 2009-11-10 03:38 -------- d--h--w- e:\program files\InstallShield Installation Information 2010-05-14 23:57 . 2009-10-24 13:31 -------- d-----w- e:\program files\DivX 2010-05-14 23:57 . 2009-10-24 13:31 -------- d-----w- e:\program files\Common Files\DivX Shared 2010-05-14 23:46 . 2010-05-14 23:46 56766 ----a-w- e:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-14 23:46 . 2010-05-14 23:43 -------- d-----w- e:\programdata\DivX 2010-05-14 23:46 . 2010-05-14 23:46 56978 ----a-w- e:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-05-14 23:46 . 2010-05-14 23:46 53600 ----a-w- e:\programdata\DivX\Update\Uninstaller.exe 2010-05-14 23:46 . 2010-05-14 23:46 57409 ----a-w- e:\programdata\DivX\ControlPanel\Uninstaller.exe 2010-05-14 23:46 . 2010-05-14 23:46 52963 ----a-w- e:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-14 23:46 . 2010-05-14 23:46 54073 ----a-w- e:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-05-14 23:43 . 2010-05-14 23:43 144696 ----a-w- e:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-14 23:43 . 2010-05-14 23:46 754984 ----a-w- e:\programdata\DivX\Setup\Resource.dll 2010-05-14 23:43 . 2010-05-14 23:46 1180952 ----a-w- e:\programdata\DivX\Setup\DivXSetup.exe 2010-05-14 23:19 . 2009-07-14 02:37 -------- d-----w- e:\program files\Windows Mail 2010-05-14 04:40 . 2009-10-20 22:12 -------- d-----w- e:\program files\Microsoft.NET 2010-05-11 02:52 . 2009-10-20 04:36 -------- d-----w- e:\program files\uTorrent 2010-05-11 02:51 . 2009-10-20 04:36 -------- d-----w- e:\users\Ganesh\AppData\Roaming\uTorrent 2010-05-09 19:03 . 2010-02-06 21:40 -------- d-----w- e:\users\Ganesh\AppData\Roaming\vlc 2010-05-09 18:01 . 2010-01-05 00:24 -------- d-----w- e:\program files\Alwil Software 2010-05-08 22:40 . 2010-02-25 04:32 -------- d-----w- e:\program files\Google 2010-05-06 20:59 . 2010-01-05 00:25 38848 ----a-w- e:\windows\system32\avastSS.scr 2010-05-06 20:59 . 2010-01-05 00:24 165032 ----a-w- e:\windows\system32\aswBoot.exe 2010-05-06 20:39 . 2010-01-05 00:25 46672 ----a-w- e:\windows\system32\drivers\aswTdi.sys 2010-05-06 20:39 . 2010-01-05 00:25 164048 ----a-w- e:\windows\system32\drivers\aswSP.sys 2010-05-06 20:34 . 2010-01-05 00:25 23376 ----a-w- e:\windows\system32\drivers\aswRdr.sys 2010-05-06 20:34 . 2010-01-05 00:24 51792 ----a-w- e:\windows\system32\drivers\aswMonFlt.sys 2010-05-06 20:33 . 2010-01-05 00:25 19024 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys 2010-04-24 19:29 . 2009-11-21 05:42 -------- d-----w- e:\users\Admin\AppData\Roaming\uTorrent 2010-04-24 19:28 . 2009-07-13 23:11 43088 ----a-w- e:\windows\system32\drivers\pcw.sys 2010-03-21 05:14 . 2009-07-13 23:16 6656 ----a-w- e:\windows\system32\lpcio.dll 2010-03-08 21:33 . 2010-04-25 15:57 427520 ----a-w- e:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- e:\windows\system32\dpl100.dll 2010-03-04 18:42 . 2010-03-04 18:42 277536 ----a-w- e:\windows\system32\drivers\Rt86win7.sys 2010-02-27 18:11 . 2010-02-27 18:11 593920 ----a-w- e:\users\Ganesh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv305hw-0910190-0-main.dll 2010-02-27 18:10 . 2010-02-27 18:10 319488 ----a-w- e:\users\Ganesh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe 2010-02-27 12:07 . 2010-04-25 15:57 3899280 ----a-w- e:\windows\system32\ntoskrnl.exe 2010-02-27 12:07 . 2010-04-25 15:57 3954568 ----a-w- e:\windows\system32\ntkrnlpa.exe 2010-02-27 07:32 . 2010-04-25 15:57 221696 ----a-w- e:\windows\system32\drivers\mrxsmb10.sys 2010-02-27 07:32 . 2010-04-25 15:57 95744 ----a-w- e:\windows\system32\drivers\mrxsmb20.sys 2010-02-27 07:32 . 2010-04-25 15:57 123392 ----a-w- e:\windows\system32\drivers\mrxsmb.sys 2010-02-24 15:16 . 2009-10-14 09:58 181632 ------w- e:\windows\system32\MpSigStub.exe 2010-02-23 07:56 . 2010-04-25 15:57 977920 ----a-w- e:\windows\system32\wininet.dll 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- e:\windows\system32\GPhotos.scr 2009-12-23 21:40 . 2009-12-23 21:40 151392 ----a-w- e:\program files\mozilla firefox\components\FFConnectorLauncher.dll 2009-12-23 21:40 . 2009-12-23 21:40 296800 ----a-w- e:\program files\mozilla firefox\components\FFSource.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- e:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- e:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell] @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}] 2010-05-06 21:02 151648 ----a-w- e:\program files\Alwil Software\Avast5\snxPlugins.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SansaDispatch"="e:\users\Ganesh\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-12-09 79872] "Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "Windows Mobile Device Center"="e:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "avast5"="e:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192] "DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] "SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "UnlockerAssistant"="e:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" R2 avast! Firewall;avast! Firewall;e:\program files\Alwil Software\Avast5\afwServ.exe [2010-05-06 119200] R2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 136176] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-18 1291544] R3 diskchk;diskchk;e:\windows\system32\diskchk.sys [x] R3 MEMSWEEP2;MEMSWEEP2;e:\windows\system32\3033.tmp [x] R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;e:\windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872] S0 aswNdis;avast! Firewall NDIS Filter Service;e:\windows\system32\DRIVERS\aswNdis.sys [2010-03-19 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SAVRKBootTasks;Boot Tasks Driver;e:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816] S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792] S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\DRIVERS\RTL8187B.sys [2009-11-05 376832] --- Other Services/Drivers In Memory --- *NewlyCreated* - KLMDB *Deregistered* - klmdb [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contents of the 'Scheduled Tasks' folder 2010-05-19 e:\windows\Tasks\Ad-Aware Update (Weekly).job - e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 03:45] 2010-05-19 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job - e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:33] 2010-05-19 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job - e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: e:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: e:\program files\TVUPlayer\npTVUAx.dll FF - plugin: e:\program files\Veetle\Player\npvlc.dll FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: e:\users\Ganesh\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll FF - plugin: e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll ---- FIREFOX POLICIES ---- e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - SafeBoot-klmdb.sys [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\e:\windows\system32\3033.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-05-18 20:29:21 ComboFix-quarantined-files.txt 2010-05-19 01:29 ComboFix2.txt 2010-05-16 19:22 Pre-Run: 86,643,982,336 bytes free Post-Run: 86,527,131,648 bytes free - - End Of File - - DB829D41B8D34B01559044CE74DF6AA7
  4. Hey, Lately i had been getting alot of google redirected problems, so I scanned my computer and it gives me a root kit malware file named yrbbz.sys. But I cannot seem to delete. I ran Combo-fix, Avira, MB, Avast, Adaware and none of them can delete it. Can some body please help. Below is my DDS and GMER log. Thanks. This is DDS report..... ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ DDS (Ver_10-03-17.01) - NTFSx86 Run by Ganesh at 12:56:50.68 on Sun 05/16/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2430.1480 [GMT -5:00] ============== Running Processes =============== E:\Windows\system32\wininit.exe E:\Windows\system32\lsm.exe E:\Windows\system32\svchost.exe -k DcomLaunch E:\Windows\system32\svchost.exe -k RPCSS E:\Windows\system32\Ati2evxx.exe E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted E:\Windows\system32\svchost.exe -k netsvcs E:\Windows\system32\svchost.exe -k LocalService E:\Windows\system32\Ati2evxx.exe E:\Windows\system32\svchost.exe -k NetworkService E:\Program Files\Alwil Software\Avast5\AvastSvc.exe E:\Program Files\Alwil Software\Avast5\afwServ.exe E:\Windows\system32\Dwm.exe E:\Windows\Explorer.EXE E:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\Windows\WindowsMobile\wmdc.exe E:\Program Files\Alwil Software\Avast5\AvastUI.exe E:\Program Files\DivX\DivX Update\DivXUpdate.exe E:\Program Files\Common Files\Java\Java Update\jusched.exe E:\Program Files\Synaptics\SynTP\SynTPHelper.exe E:\Program Files\Synaptics\SynTP\SynToshiba.exe E:\Users\Ganesh\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe E:\Program Files\Windows Sidebar\sidebar.exe E:\Windows\System32\spoolsv.exe E:\Windows\system32\taskhost.exe E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation E:\Windows\system32\svchost.exe -k imgsvc E:\Windows\system32\SearchIndexer.exe E:\Windows\system32\svchost.exe -k WindowsMobile E:\Program Files\Windows Media Player\wmpnetwk.exe E:\Windows\system32\SearchProtocolHost.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Windows\System32\svchost.exe -k LocalServicePeerNet E:\Windows\System32\mobsync.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\iexplore.exe "E:\Windows\System32\svchost.exe" E:\Program Files\SopCast\adv\SopAdver.exe E:\Windows\system32\conhost.exe E:\Windows\explorer.exe E:\Windows\system32\SearchFilterHost.exe E:\Users\Ganesh\Desktop\dds.scr E:\Windows\system32\conhost.exe E:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - e:\program files\search toolbar\tbhelper.dll BHO: Java
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.