Jump to content

Rootkit- Cannot seem to delete it

Pritz
 Share

Recommended Posts

Pritz

Pritz

Posted
Posted

Hey,

Lately i had been getting alot of google redirected problems, so I scanned my computer and it gives me a root kit malware file named yrbbz.sys. But I cannot seem to delete. I ran Combo-fix, Avira, MB, Avast, Adaware and none of them can delete it.

Can some body please help. Below is my DDS and GMER log.

Thanks.

This is DDS report.....

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86

Run by Ganesh at 12:56:50.68 on Sun 05/16/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2430.1480 [GMT -5:00]

============== Running Processes ===============

E:\Windows\system32\wininit.exe

E:\Windows\system32\lsm.exe

E:\Windows\system32\svchost.exe -k DcomLaunch

E:\Windows\system32\svchost.exe -k RPCSS

E:\Windows\system32\Ati2evxx.exe

E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

E:\Windows\system32\svchost.exe -k netsvcs

E:\Windows\system32\svchost.exe -k LocalService

E:\Windows\system32\Ati2evxx.exe

E:\Windows\system32\svchost.exe -k NetworkService

E:\Program Files\Alwil Software\Avast5\AvastSvc.exe

E:\Program Files\Alwil Software\Avast5\afwServ.exe

E:\Windows\system32\Dwm.exe

E:\Windows\Explorer.EXE

E:\Program Files\Synaptics\SynTP\SynTPEnh.exe

E:\Windows\WindowsMobile\wmdc.exe

E:\Program Files\Alwil Software\Avast5\AvastUI.exe

E:\Program Files\DivX\DivX Update\DivXUpdate.exe

E:\Program Files\Common Files\Java\Java Update\jusched.exe

E:\Program Files\Synaptics\SynTP\SynTPHelper.exe

E:\Program Files\Synaptics\SynTP\SynToshiba.exe

E:\Users\Ganesh\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

E:\Program Files\Windows Sidebar\sidebar.exe

E:\Windows\System32\spoolsv.exe

E:\Windows\system32\taskhost.exe

E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

E:\Windows\system32\svchost.exe -k imgsvc

E:\Windows\system32\SearchIndexer.exe

E:\Windows\system32\svchost.exe -k WindowsMobile

E:\Program Files\Windows Media Player\wmpnetwk.exe

E:\Windows\system32\SearchProtocolHost.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Windows\System32\svchost.exe -k LocalServicePeerNet

E:\Windows\System32\mobsync.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\Internet Explorer\iexplore.exe

"E:\Windows\System32\svchost.exe"

E:\Program Files\SopCast\adv\SopAdver.exe

E:\Windows\system32\conhost.exe

E:\Windows\explorer.exe

E:\Windows\system32\SearchFilterHost.exe

E:\Users\Ganesh\Desktop\dds.scr

E:\Windows\system32\conhost.exe

E:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - e:\program files\search toolbar\tbhelper.dll

BHO: Java

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Hello Pritz

Welcome to Malwarebytes.

=====================

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

==========

I know you have already ran Combofix but delete the version you have and redownload it with the following instructions.

Please visit this webpage for download links, and instructions for running Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites
Pritz

Pritz

Posted
  • Author
Posted

Thanks Kahdah for helping me out. TDS detected yrbbz.sys and deleted it.

Below is the log from TDS......

19:40:36:844 2848 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17

19:40:36:844 2848 ================================================================================

19:40:36:844 2848 SystemInfo:

19:40:36:844 2848 OS Version: 6.1.7600 ServicePack: 0.0

19:40:36:844 2848 Product type: Workstation

19:40:36:844 2848 ComputerName: GANESH-PC

19:40:36:844 2848 UserName: Ganesh

19:40:36:844 2848 Windows directory: E:\Windows

19:40:36:844 2848 Processor architecture: Intel x86

19:40:36:844 2848 Number of processors: 2

19:40:36:844 2848 Page size: 0x1000

19:40:36:844 2848 Boot type: Normal boot

19:40:36:844 2848 ================================================================================

19:40:36:860 2848 UnloadDriverW: NtUnloadDriver error 2

19:40:36:860 2848 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2

19:40:38:872 2848 wfopen_ex: Trying to open file E:\Windows\system32\config\system

19:40:38:872 2848 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

19:40:38:872 2848 wfopen_ex: Trying to KLMD file open

19:40:38:872 2848 wfopen_ex: File opened ok (Flags 2)

19:40:39:013 2848 wfopen_ex: Trying to open file E:\Windows\system32\config\software

19:40:39:013 2848 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

19:40:39:013 2848 wfopen_ex: Trying to KLMD file open

19:40:39:013 2848 wfopen_ex: File opened ok (Flags 2)

19:40:39:028 2848 KLAVA engine initialized

19:40:39:309 2848 Initialize success

19:40:39:309 2848

19:40:39:309 2848 Scanning Services ...

19:40:41:712 2848 Raw services enum returned 472 services

19:40:41:727 2848 Suspicious serv yrbbz (h: 0, b: 1)

19:40:41:727 2848

19:40:41:727 2848 Hidden service detected!

19:40:41:727 2848 Service name: yrbbz

19:40:41:727 2848 Image path:

19:40:41:727 2848 Type "delete" (without quotes) to delete it: 19:40:51:945 2848

19:40:51:945 2848 By user detect yrbbz

19:40:51:945 2848 RegNode HKLM\SYSTEM\ControlSet001\services\yrbbz infected by TDSS rootkit ... 19:40:51:945 2848 will be deleted on reboot

19:40:51:992 2848 RegNode HKLM\SYSTEM\ControlSet002\services\yrbbz infected by TDSS rootkit ... 19:40:51:992 2848 will be deleted on reboot

19:40:52:008 2848 File E:\Windows\system32\drivers\yrbbz.sys infected by TDSS rootkit ... 19:40:52:008 2848 will be deleted on reboot

19:40:52:023 2848

19:40:52:023 2848 Scanning Drivers ...

19:40:52:788 2848 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) E:\Windows\system32\DRIVERS\1394ohci.sys

19:40:52:850 2848 ACPI (f0e07d144c8685b8774bc32fc8da4df0) E:\Windows\system32\DRIVERS\ACPI.sys

19:40:52:897 2848 AcpiPmi (98d81ca942d19f7d9153b095162ac013) E:\Windows\system32\DRIVERS\acpipmi.sys

19:40:52:959 2848 adp94xx (21e785ebd7dc90a06391141aac7892fb) E:\Windows\system32\DRIVERS\adp94xx.sys

19:40:53:162 2848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) E:\Windows\system32\DRIVERS\adpahci.sys

19:40:53:209 2848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) E:\Windows\system32\DRIVERS\adpu320.sys

19:40:53:318 2848 AFD (ddc040fdb01ef1712a6b13e52afb104c) E:\Windows\system32\drivers\afd.sys

19:40:53:505 2848 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) E:\Windows\system32\DRIVERS\AGRSM.sys

19:40:53:677 2848 agp440 (507812c3054c21cef746b6ee3d04dd6e) E:\Windows\system32\DRIVERS\agp440.sys

19:40:53:708 2848 aic78xx (8b30250d573a8f6b4bd23195160d8707) E:\Windows\system32\DRIVERS\djsvs.sys

19:40:53:739 2848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) E:\Windows\system32\DRIVERS\aliide.sys

19:40:53:755 2848 amdagp (3c6600a0696e90a463771c7422e23ab5) E:\Windows\system32\DRIVERS\amdagp.sys

19:40:53:771 2848 amdide (cd5914170297126b6266860198d1d4f0) E:\Windows\system32\DRIVERS\amdide.sys

19:40:53:802 2848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) E:\Windows\system32\DRIVERS\amdk8.sys

19:40:53:958 2848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) E:\Windows\system32\DRIVERS\amdppm.sys

19:40:54:020 2848 amdsata (2101a86c25c154f8314b24ef49d7fbc2) E:\Windows\system32\DRIVERS\amdsata.sys

19:40:54:207 2848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) E:\Windows\system32\DRIVERS\amdsbs.sys

19:40:54:254 2848 amdxata (b81c2b5616f6420a9941ea093a92b150) E:\Windows\system32\DRIVERS\amdxata.sys

19:40:54:301 2848 AppID (feb834c02ce1e84b6a38f953ca067706) E:\Windows\system32\drivers\appid.sys

19:40:54:410 2848 arc (2932004f49677bd84dbc72edb754ffb3) E:\Windows\system32\DRIVERS\arc.sys

19:40:54:457 2848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) E:\Windows\system32\DRIVERS\arcsas.sys

19:40:54:519 2848 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) E:\Windows\system32\drivers\aswFsBlk.sys

19:40:54:566 2848 aswFW (50bb1e65de922ce96c61cd5fc23ce59e) E:\Windows\system32\drivers\aswFW.sys

19:40:54:769 2848 aswMonFlt (58254e06b36b984e33ae314c0ea8f1a5) E:\Windows\system32\drivers\aswMonFlt.sys

19:40:54:863 2848 aswNdis (7b948e3657bea62e437bc46ca6ef6012) E:\Windows\system32\DRIVERS\aswNdis.sys

19:40:55:175 2848 aswNdis2 (bd5a889e5804d968301a414a0fda42b2) E:\Windows\system32\drivers\aswNdis2.sys

19:40:55:206 2848 aswRdr (3e2b6112d2766f87eda8466fde86a986) E:\Windows\system32\drivers\aswRdr.sys

19:40:55:253 2848 aswSnx (9da5b209d9843ebfbb3fd6bb197b276f) E:\Windows\system32\drivers\aswSnx.sys

19:40:55:315 2848 aswSP (d78b644816db540e103d0b0766fd9967) E:\Windows\system32\drivers\aswSP.sys

19:40:55:440 2848 aswTdi (606d731008d98b6ef946730c597c1642) E:\Windows\system32\drivers\aswTdi.sys

19:40:55:487 2848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) E:\Windows\system32\DRIVERS\asyncmac.sys

19:40:55:533 2848 atapi (338c86357871c167a96ab976519bf59e) E:\Windows\system32\DRIVERS\atapi.sys

19:40:55:939 2848 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) E:\Windows\system32\DRIVERS\atikmdag.sys

19:40:56:220 2848 b06bdrv (1a231abec60fd316ec54c66715543cec) E:\Windows\system32\DRIVERS\bxvbdx.sys

19:40:56:282 2848 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) E:\Windows\system32\DRIVERS\b57nd60x.sys

19:40:56:329 2848 Beep (505506526a9d467307b3c393dedaf858) E:\Windows\system32\drivers\Beep.sys

19:40:56:454 2848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) E:\Windows\system32\DRIVERS\blbdrive.sys

19:40:56:485 2848 bowser (fcafaef6798d7b51ff029f99a9898961) E:\Windows\system32\DRIVERS\bowser.sys

19:40:56:516 2848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) E:\Windows\system32\DRIVERS\BrFiltLo.sys

19:40:56:563 2848 BrFiltUp (56801ad62213a41f6497f96dee83755a) E:\Windows\system32\DRIVERS\BrFiltUp.sys

19:40:56:641 2848 Brserid (845b8ce732e67f3b4133164868c666ea) E:\Windows\System32\Drivers\Brserid.sys

19:40:57:015 2848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) E:\Windows\System32\Drivers\BrSerWdm.sys

19:40:57:047 2848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) E:\Windows\System32\Drivers\BrUsbMdm.sys

19:40:57:203 2848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) E:\Windows\System32\Drivers\BrUsbSer.sys

19:40:57:234 2848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) E:\Windows\system32\DRIVERS\bthmodem.sys

19:40:57:483 2848 cdfs (77ea11b065e0a8ab902d78145ca51e10) E:\Windows\system32\DRIVERS\cdfs.sys

19:40:57:530 2848 cdrom (ba6e70aa0e6091bc39de29477d866a77) E:\Windows\system32\DRIVERS\cdrom.sys

19:40:57:561 2848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) E:\Windows\system32\DRIVERS\circlass.sys

19:40:57:655 2848 CLFS (635181e0e9bbf16871bf5380d71db02d) E:\Windows\system32\CLFS.sys

19:40:57:780 2848 CmBatt (dea805815e587dad1dd2c502220b5616) E:\Windows\system32\DRIVERS\CmBatt.sys

19:40:57:827 2848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) E:\Windows\system32\DRIVERS\cmdide.sys

19:40:57:873 2848 CNG (1b675691ed940766149c93e8f4488d68) E:\Windows\system32\Drivers\cng.sys

19:40:57:920 2848 Compbatt (a6023d3823c37043986713f118a89bee) E:\Windows\system32\DRIVERS\compbatt.sys

19:40:57:951 2848 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) E:\Windows\system32\DRIVERS\CompositeBus.sys

19:40:58:092 2848 cpuz132 (c5e7e8ca0d76a13a568901b6b304c3ba) E:\Windows\system32\drivers\cpuz132_x32.sys

19:40:58:139 2848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) E:\Windows\system32\DRIVERS\crcdisk.sys

19:40:58:185 2848 CSC (27c9490bdd0ae48911ab8cf1932591ed) E:\Windows\system32\drivers\csc.sys

19:40:58:326 2848 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) E:\Windows\system32\Drivers\dfsc.sys

19:40:58:373 2848 discache (1a050b0274bfb3890703d490f330c0da) E:\Windows\system32\drivers\discache.sys

19:40:58:404 2848 Disk (565003f326f99802e68ca78f2a68e9ff) E:\Windows\system32\DRIVERS\disk.sys

19:40:58:466 2848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) E:\Windows\system32\drivers\drmkaud.sys

19:40:58:669 2848 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) E:\Windows\System32\drivers\dxgkrnl.sys

19:40:58:716 2848 E1G60 (22ef8965101685add128f03a2b03ce16) E:\Windows\system32\DRIVERS\E1G60I32.sys

19:40:58:950 2848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) E:\Windows\system32\DRIVERS\evbdx.sys

19:40:59:309 2848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) E:\Windows\system32\DRIVERS\elxstor.sys

19:40:59:355 2848 ErrDev (8fc3208352dd3912c94367a206ab3f11) E:\Windows\system32\DRIVERS\errdev.sys

19:40:59:387 2848 exfat (2dc9108d74081149cc8b651d3a26207f) E:\Windows\system32\drivers\exfat.sys

19:40:59:543 2848 fastfat (7e0ab74553476622fb6ae36f73d97d35) E:\Windows\system32\drivers\fastfat.sys

19:40:59:558 2848 fdc (e817a017f82df2a1f8cfdbda29388b29) E:\Windows\system32\DRIVERS\fdc.sys

19:40:59:621 2848 FileInfo (6cf00369c97f3cf563be99be983d13d8) E:\Windows\system32\drivers\fileinfo.sys

19:40:59:652 2848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) E:\Windows\system32\drivers\filetrace.sys

19:40:59:777 2848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) E:\Windows\system32\DRIVERS\flpydisk.sys

19:40:59:808 2848 FltMgr (7520ec808e0c35e0ee6f841294316653) E:\Windows\system32\drivers\fltmgr.sys

19:40:59:839 2848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) E:\Windows\system32\drivers\FsDepends.sys

19:40:59:886 2848 Fs_Rec (a574b4360e438977038aae4bf60d79a2) E:\Windows\system32\drivers\Fs_Rec.sys

19:41:00:026 2848 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) E:\Windows\system32\DRIVERS\fvevol.sys

19:41:00:057 2848 gagp30kx (65ee0c7a58b65e74ae05637418153938) E:\Windows\system32\DRIVERS\gagp30kx.sys

19:41:00:104 2848 hcw85cir (c44e3c2bab6837db337ddee7544736db) E:\Windows\system32\drivers\hcw85cir.sys

19:41:00:167 2848 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) E:\Windows\system32\drivers\HdAudio.sys

19:41:00:276 2848 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) E:\Windows\system32\DRIVERS\HDAudBus.sys

19:41:00:323 2848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) E:\Windows\system32\DRIVERS\HidBatt.sys

19:41:00:369 2848 HidBth (89448f40e6df260c206a193a4683ba78) E:\Windows\system32\DRIVERS\hidbth.sys

19:41:00:401 2848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) E:\Windows\system32\DRIVERS\hidir.sys

19:41:00:416 2848 HidUsb (25072fb35ac90b25f9e4e3bacf774102) E:\Windows\system32\DRIVERS\hidusb.sys

19:41:00:541 2848 HpSAMD (295fdc419039090eb8b49ffdbb374549) E:\Windows\system32\DRIVERS\HpSAMD.sys

19:41:00:666 2848 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) E:\Windows\system32\drivers\HTTP.sys

19:41:00:728 2848 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) E:\Windows\system32\drivers\hwpolicy.sys

19:41:00:837 2848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) E:\Windows\system32\DRIVERS\i8042prt.sys

19:41:00:900 2848 iaStorV (934af4d7c5f457b9f0743f4299b77b67) E:\Windows\system32\DRIVERS\iaStorV.sys

19:41:00:947 2848 iirsp (4173ff5708f3236cf25195fecd742915) E:\Windows\system32\DRIVERS\iirsp.sys

19:41:01:009 2848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) E:\Windows\system32\DRIVERS\intelide.sys

19:41:01:118 2848 intelppm (3b514d27bfc4accb4037bc6685f766e0) E:\Windows\system32\DRIVERS\intelppm.sys

19:41:01:165 2848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) E:\Windows\system32\DRIVERS\ipfltdrv.sys

19:41:01:212 2848 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) E:\Windows\system32\DRIVERS\IPMIDrv.sys

19:41:01:259 2848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) E:\Windows\system32\drivers\ipnat.sys

19:41:01:368 2848 IRENUM (42996cff20a3084a56017b7902307e9f) E:\Windows\system32\drivers\irenum.sys

19:41:01:415 2848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) E:\Windows\system32\DRIVERS\isapnp.sys

19:41:01:446 2848 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) E:\Windows\system32\DRIVERS\msiscsi.sys

19:41:01:508 2848 kbdclass (adef52ca1aeae82b50df86b56413107e) E:\Windows\system32\DRIVERS\kbdclass.sys

19:41:01:664 2848 kbdhid (3d9f0ebf350edcfd6498057301455964) E:\Windows\system32\DRIVERS\kbdhid.sys

19:41:01:711 2848 KSecDD (e36a061ec11b373826905b21be10948f) E:\Windows\system32\Drivers\ksecdd.sys

19:41:01:758 2848 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) E:\Windows\system32\Drivers\ksecpkg.sys

19:41:01:820 2848 Lbd (713cd5267abfb86fe90a72e384e82a38) E:\Windows\system32\DRIVERS\Lbd.sys

19:41:01:929 2848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) E:\Windows\system32\DRIVERS\lltdio.sys

19:41:01:976 2848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) E:\Windows\system32\DRIVERS\lsi_fc.sys

19:41:02:039 2848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) E:\Windows\system32\DRIVERS\lsi_sas.sys

19:41:02:070 2848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) E:\Windows\system32\DRIVERS\lsi_sas2.sys

19:41:02:195 2848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) E:\Windows\system32\DRIVERS\lsi_scsi.sys

19:41:02:226 2848 luafv (6703e366cc18d3b6e534f5cf7df39cee) E:\Windows\system32\drivers\luafv.sys

19:41:02:288 2848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) E:\Windows\system32\DRIVERS\megasas.sys

19:41:02:366 2848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) E:\Windows\system32\DRIVERS\MegaSR.sys

19:41:02:475 2848 Modem (f001861e5700ee84e2d4e52c712f4964) E:\Windows\system32\drivers\modem.sys

19:41:02:522 2848 monitor (79d10964de86b292320e9dfe02282a23) E:\Windows\system32\DRIVERS\monitor.sys

19:41:02:631 2848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) E:\Windows\system32\DRIVERS\mouclass.sys

19:41:02:663 2848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) E:\Windows\system32\DRIVERS\mouhid.sys

19:41:02:756 2848 mountmgr (921c18727c5920d6c0300736646931c2) E:\Windows\system32\drivers\mountmgr.sys

19:41:02:819 2848 mpio (2af5997438c55fb79d33d015c30e1974) E:\Windows\system32\DRIVERS\mpio.sys

19:41:02:881 2848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) E:\Windows\system32\drivers\mpsdrv.sys

19:41:02:928 2848 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) E:\Windows\system32\drivers\mrxdav.sys

19:41:03:037 2848 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) E:\Windows\system32\DRIVERS\mrxsmb.sys

19:41:03:131 2848 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) E:\Windows\system32\DRIVERS\mrxsmb10.sys

19:41:03:177 2848 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) E:\Windows\system32\DRIVERS\mrxsmb20.sys

19:41:03:271 2848 msahci (4326d168944123f38dd3b2d9c37a0b12) E:\Windows\system32\DRIVERS\msahci.sys

19:41:03:365 2848 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) E:\Windows\system32\DRIVERS\msdsm.sys

19:41:03:396 2848 Msfs (daefb28e3af5a76abcc2c3078c07327f) E:\Windows\system32\drivers\Msfs.sys

19:41:03:427 2848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) E:\Windows\System32\drivers\mshidkmdf.sys

19:41:03:521 2848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) E:\Windows\system32\DRIVERS\msisadrv.sys

19:41:03:614 2848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) E:\Windows\system32\drivers\MSKSSRV.sys

19:41:03:677 2848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) E:\Windows\system32\drivers\MSPCLOCK.sys

19:41:03:708 2848 MSPQM (f456e973590d663b1073e9c463b40932) E:\Windows\system32\drivers\MSPQM.sys

19:41:03:801 2848 MsRPC (0e008fc4819d238c51d7c93e7b41e560) E:\Windows\system32\drivers\MsRPC.sys

19:41:03:879 2848 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) E:\Windows\system32\DRIVERS\mssmbios.sys

19:41:03:911 2848 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) E:\Windows\system32\drivers\MSTEE.sys

19:41:03:942 2848 MTConfig (33599130f44e1f34631cea241de8ac84) E:\Windows\system32\DRIVERS\MTConfig.sys

19:41:04:176 2848 Mup (159fad02f64e6381758c990f753bcc80) E:\Windows\system32\Drivers\mup.sys

19:41:04:379 2848 NativeWifiP (26384429fcd85d83746f63e798ab1480) E:\Windows\system32\DRIVERS\nwifi.sys

19:41:04:519 2848 NDIS (23759d175a0a9baaf04d05047bc135a8) E:\Windows\system32\drivers\ndis.sys

19:41:04:628 2848 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) E:\Windows\system32\DRIVERS\ndiscap.sys

19:41:04:675 2848 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) E:\Windows\system32\DRIVERS\ndistapi.sys

19:41:04:769 2848 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) E:\Windows\system32\DRIVERS\ndisuio.sys

19:41:04:815 2848 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) E:\Windows\system32\DRIVERS\ndiswan.sys

19:41:04:909 2848 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) E:\Windows\system32\drivers\NDProxy.sys

19:41:04:956 2848 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) E:\Windows\system32\DRIVERS\netbios.sys

19:41:05:065 2848 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) E:\Windows\system32\DRIVERS\nfrd960.sys

19:41:05:112 2848 Npfs (1db262a9f8c087e8153d89bef3d2235f) E:\Windows\system32\drivers\Npfs.sys

19:41:05:190 2848 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) E:\Windows\system32\drivers\nsiproxy.sys

19:41:05:268 2848 Ntfs (3795dcd21f740ee799fb7223234215af) E:\Windows\system32\drivers\Ntfs.sys

19:41:05:424 2848 Null (f9756a98d69098dca8945d62858a812c) E:\Windows\system32\drivers\Null.sys

19:41:05:455 2848 nvraid (3f3d04b1d08d43c16ea7963954ec768d) E:\Windows\system32\DRIVERS\nvraid.sys

19:41:05:502 2848 nvstor (c99f251a5de63c6f129cf71933aced0f) E:\Windows\system32\DRIVERS\nvstor.sys

19:41:05:549 2848 nv_agp (5a0983915f02bae73267cc2a041f717d) E:\Windows\system32\DRIVERS\nv_agp.sys

19:41:05:720 2848 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) E:\Windows\system32\DRIVERS\ohci1394.sys

19:41:05:767 2848 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) E:\Windows\system32\DRIVERS\parport.sys

19:41:05:814 2848 partmgr (ff4218952b51de44fe910953a3e686b9) E:\Windows\system32\drivers\partmgr.sys

19:41:05:954 2848 Parvdm (eb0a59f29c19b86479d36b35983daadc) E:\Windows\system32\DRIVERS\parvdm.sys

19:41:06:079 2848 pci (c858cb77c577780ecc456a892e7e7d0f) E:\Windows\system32\DRIVERS\pci.sys

19:41:06:110 2848 pciide (afe86f419014db4e5593f69ffe26ce0a) E:\Windows\system32\DRIVERS\pciide.sys

19:41:06:157 2848 pcmcia (f396431b31693e71e8a80687ef523506) E:\Windows\system32\DRIVERS\pcmcia.sys

19:41:06:204 2848 pcw (250f6b43d2b613172035c6747aeeb19f) E:\Windows\system32\drivers\pcw.sys

19:41:06:344 2848 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) E:\Windows\system32\drivers\peauth.sys

19:41:06:407 2848 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) E:\Windows\system32\DRIVERS\raspptp.sys

19:41:06:438 2848 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) E:\Windows\system32\DRIVERS\processr.sys

19:41:06:563 2848 Psched (6270ccae2a86de6d146529fe55b3246a) E:\Windows\system32\DRIVERS\pacer.sys

19:41:06:672 2848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) E:\Windows\system32\DRIVERS\ql2300.sys

19:41:06:843 2848 ql40xx (b4dd51dd25182244b86737dc51af2270) E:\Windows\system32\DRIVERS\ql40xx.sys

19:41:06:890 2848 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) E:\Windows\system32\drivers\qwavedrv.sys

19:41:06:921 2848 RasAcd (30a81b53c766d0133bb86d234e5556ab) E:\Windows\system32\DRIVERS\rasacd.sys

19:41:06:968 2848 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) E:\Windows\system32\DRIVERS\AgileVpn.sys

19:41:07:109 2848 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) E:\Windows\system32\DRIVERS\rasl2tp.sys

19:41:07:140 2848 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) E:\Windows\system32\DRIVERS\raspppoe.sys

19:41:07:171 2848 RasSstp (44101f495a83ea6401d886e7fd70096b) E:\Windows\system32\DRIVERS\rassstp.sys

19:41:07:218 2848 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) E:\Windows\system32\DRIVERS\rdbss.sys

19:41:07:358 2848 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) E:\Windows\system32\DRIVERS\rdpbus.sys

19:41:07:374 2848 RDPCDD (1e016846895b15a99f9a176a05029075) E:\Windows\system32\DRIVERS\RDPCDD.sys

19:41:07:421 2848 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) E:\Windows\system32\drivers\rdpdr.sys

19:41:07:452 2848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) E:\Windows\system32\drivers\rdpencdd.sys

19:41:07:623 2848 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) E:\Windows\system32\drivers\rdprefmp.sys

19:41:07:686 2848 RDPWD (801371ba9782282892d00aadb08ee367) E:\Windows\system32\drivers\RDPWD.sys

19:41:07:717 2848 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) E:\Windows\system32\drivers\rdyboost.sys

19:41:07:842 2848 rimmptsk (7a6648b61661b1421ffab762e391e33f) E:\Windows\system32\DRIVERS\rimmptsk.sys

19:41:07:873 2848 rimsptsk (d0a35b7670aa3558eaab483f64446496) E:\Windows\system32\DRIVERS\rimsptsk.sys

19:41:07:935 2848 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) E:\Windows\system32\Drivers\RimUsb.sys

19:41:07:982 2848 rismxdp (6c1f93c0760c9f79a1869d07233df39d) E:\Windows\system32\DRIVERS\rixdptsk.sys

19:41:08:091 2848 rspndr (032b0d36ad92b582d869879f5af5b928) E:\Windows\system32\DRIVERS\rspndr.sys

19:41:08:154 2848 RTL8167 (80b66a4181f782884a815e69d0afa743) E:\Windows\system32\DRIVERS\Rt86win7.sys

19:41:08:216 2848 RTL8187B (8e7d6dbba555c5d5a02decc79fe9c638) E:\Windows\system32\DRIVERS\RTL8187B.sys

19:41:08:325 2848 s3cap (5423d8437051e89dd34749f242c98648) E:\Windows\system32\DRIVERS\vms3cap.sys

19:41:08:388 2848 SAVRKBootTasks (68de5b1e82d3dd10f5f6169522c7c88a) E:\Windows\system32\SAVRKBootTasks.sys

19:41:08:435 2848 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) E:\Windows\system32\DRIVERS\sbp2port.sys

19:41:08:497 2848 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) E:\Windows\system32\DRIVERS\scfilter.sys

19:41:08:653 2848 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) E:\Windows\system32\DRIVERS\sdbus.sys

19:41:08:684 2848 secdrv (90a3935d05b494a5a39d37e71f09a677) E:\Windows\system32\drivers\secdrv.sys

19:41:08:731 2848 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) E:\Windows\system32\DRIVERS\serenum.sys

19:41:08:778 2848 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) E:\Windows\system32\DRIVERS\serial.sys

19:41:08:903 2848 sermouse (79bffb520327ff916a582dfea17aa813) E:\Windows\system32\DRIVERS\sermouse.sys

19:41:08:934 2848 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) E:\Windows\system32\DRIVERS\sffdisk.sys

19:41:08:965 2848 sffp_mmc (932a68ee27833cfd57c1639d375f2731) E:\Windows\system32\DRIVERS\sffp_mmc.sys

19:41:08:996 2848 sffp_sd (a0708bbd07d245c06ff9de549ca47185) E:\Windows\system32\DRIVERS\sffp_sd.sys

19:41:09:059 2848 sfloppy (db96666cc8312ebc45032f30b007a547) E:\Windows\system32\DRIVERS\sfloppy.sys

19:41:09:168 2848 sisagp (2565cac0dc9fe0371bdce60832582b2e) E:\Windows\system32\DRIVERS\sisagp.sys

19:41:09:371 2848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) E:\Windows\system32\DRIVERS\SiSRaid2.sys

19:41:09:417 2848 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) E:\Windows\system32\DRIVERS\sisraid4.sys

19:41:09:683 2848 Smb (3e21c083b8a01cb70ba1f09303010fce) E:\Windows\system32\DRIVERS\smb.sys

19:41:09:714 2848 spldr (95cf1ae7527fb70f7816563cbc09d942) E:\Windows\system32\drivers\spldr.sys

19:41:09:854 2848 srv (50a83ca406c808bd35ac9141a0c7618f) E:\Windows\system32\DRIVERS\srv.sys

19:41:09:901 2848 srv2 (dce7e10feaabd4cae95948b3de5340bb) E:\Windows\system32\DRIVERS\srv2.sys

19:41:09:948 2848 srvnet (bd1433a32792fd0dc450479094fc435a) E:\Windows\system32\DRIVERS\srvnet.sys

19:41:10:073 2848 stexstor (db32d325c192b801df274bfd12a7e72b) E:\Windows\system32\DRIVERS\stexstor.sys

19:41:10:104 2848 storflt (957e346ca948668f2496a6ccf6ff82cc) E:\Windows\system32\DRIVERS\vmstorfl.sys

19:41:10:151 2848 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) E:\Windows\system32\DRIVERS\storvsc.sys

19:41:10:197 2848 SUPERWEBCAM (88a75bff38e6da6975950c8576442842) E:\Windows\system32\DRIVERS\superwebcam.sys

19:41:10:322 2848 swenum (e58c78a848add9610a4db6d214af5224) E:\Windows\system32\DRIVERS\swenum.sys

19:41:10:369 2848 SynTP (70534d1e4f9ac990536d5fb5b550b3de) E:\Windows\system32\DRIVERS\SynTP.sys

19:41:10:463 2848 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) E:\Windows\system32\drivers\tcpip.sys

19:41:10:634 2848 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) E:\Windows\system32\DRIVERS\tcpip.sys

19:41:10:681 2848 tcpipreg (e64444523add154f86567c469bc0b17f) E:\Windows\system32\drivers\tcpipreg.sys

19:41:10:712 2848 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) E:\Windows\system32\drivers\tdpipe.sys

19:41:10:743 2848 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) E:\Windows\system32\drivers\tdtcp.sys

19:41:10:790 2848 tdx (cb39e896a2a83702d1737bfd402b3542) E:\Windows\system32\DRIVERS\tdx.sys

19:41:10:806 2848 TermDD (c36f41ee20e6999dbf4b0425963268a5) E:\Windows\system32\DRIVERS\termdd.sys

19:41:10:931 2848 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) E:\Windows\system32\DRIVERS\tssecsrv.sys

19:41:10:977 2848 tunnel (3e461d890a97f9d4c168f5fda36e1d00) E:\Windows\system32\DRIVERS\tunnel.sys

19:41:11:227 2848 TVALZ (792a8b80f8188aba4b2be271583f3e46) E:\Windows\system32\DRIVERS\TVALZ_O.SYS

19:41:11:274 2848 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) E:\Windows\system32\DRIVERS\uagp35.sys

19:41:11:414 2848 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) E:\Windows\system32\DRIVERS\udfs.sys

19:41:11:477 2848 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) E:\Windows\system32\DRIVERS\uliagpkx.sys

19:41:11:523 2848 umbus (049b3a50b3d646baeeee9eec9b0668dc) E:\Windows\system32\DRIVERS\umbus.sys

19:41:11:555 2848 UmPass (7550ad0c6998ba1cb4843e920ee0feac) E:\Windows\system32\DRIVERS\umpass.sys

19:41:11:695 2848 UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) E:\Program Files\Unlocker\UnlockerDriver5.sys

19:41:11:804 2848 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) E:\Windows\system32\DRIVERS\usbccgp.sys

19:41:11:867 2848 usbcir (04ec7cec62ec3b6d9354eee93327fc82) E:\Windows\system32\DRIVERS\usbcir.sys

19:41:11:913 2848 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) E:\Windows\system32\DRIVERS\usbehci.sys

19:41:11:960 2848 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) E:\Windows\system32\DRIVERS\usbhub.sys

19:41:12:069 2848 usbohci (a6fb7957ea7afb1165991e54ce934b74) E:\Windows\system32\DRIVERS\usbohci.sys

19:41:12:116 2848 usbprint (797d862fe0875e75c7cc4c1ad7b30252) E:\Windows\system32\DRIVERS\usbprint.sys

19:41:12:147 2848 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) E:\Windows\system32\DRIVERS\USBSTOR.SYS

19:41:12:179 2848 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) E:\Windows\system32\DRIVERS\usbuhci.sys

19:41:12:225 2848 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) E:\Windows\system32\DRIVERS\usb8023x.sys

19:41:12:319 2848 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) E:\Windows\system32\DRIVERS\vdrvroot.sys

19:41:12:381 2848 vga (17c408214ea61696cec9c66e388b14f3) E:\Windows\system32\DRIVERS\vgapnp.sys

19:41:12:413 2848 VgaSave (8e38096ad5c8570a6f1570a61e251561) E:\Windows\System32\drivers\vga.sys

19:41:12:459 2848 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) E:\Windows\system32\DRIVERS\vhdmp.sys

19:41:12:569 2848 viaagp (c829317a37b4bea8f39735d4b076e923) E:\Windows\system32\DRIVERS\viaagp.sys

19:41:12:912 2848 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) E:\Windows\system32\DRIVERS\viac7.sys

19:41:13:239 2848 viaide (e43574f6a56a0ee11809b48c09e4fd3c) E:\Windows\system32\DRIVERS\viaide.sys

19:41:13:629 2848 VirtualCam (b6ef92c628d993c5f777807ed76a7568) E:\Windows\system32\DRIVERS\VirtualCam.sys

19:41:14:019 2848 vmbus (379b349f65f453d2a6e75ea6b7448e49) E:\Windows\system32\DRIVERS\vmbus.sys

19:41:14:378 2848 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) E:\Windows\system32\DRIVERS\VMBusHID.sys

19:41:15:252 2848 volmgr (384e5a2aa49934295171e499f86ba6f3) E:\Windows\system32\DRIVERS\volmgr.sys

19:41:15:657 2848 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) E:\Windows\system32\drivers\volmgrx.sys

19:41:15:876 2848 volsnap (58df9d2481a56edde167e51b334d44fd) E:\Windows\system32\DRIVERS\volsnap.sys

19:41:15:938 2848 vsmraid (9dfa0cc2f8855a04816729651175b631) E:\Windows\system32\DRIVERS\vsmraid.sys

19:41:16:125 2848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) E:\Windows\System32\drivers\vwifibus.sys

19:41:16:219 2848 vwififlt (7090d3436eeb4e7da3373090a23448f7) E:\Windows\system32\DRIVERS\vwififlt.sys

19:41:16:437 2848 WacomPen (de3721e89c653aa281428c8a69745d90) E:\Windows\system32\DRIVERS\wacompen.sys

19:41:16:515 2848 WANARP (692a712062146e96d28ba0b7d75de31b) E:\Windows\system32\DRIVERS\wanarp.sys

19:41:16:515 2848 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) E:\Windows\system32\DRIVERS\wanarp.sys

19:41:16:609 2848 Wd (1112a9badacb47b7c0bb0392e3158dff) E:\Windows\system32\DRIVERS\wd.sys

19:41:17:389 2848 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) E:\Windows\system32\drivers\Wdf01000.sys

19:41:17:685 2848 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) E:\Windows\system32\DRIVERS\wfplwf.sys

19:41:17:810 2848 WIMMount (5cf95b35e59e2a38023836fff31be64c) E:\Windows\system32\drivers\wimmount.sys

19:41:17:857 2848 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) E:\Windows\system32\DRIVERS\WinUsb.sys

19:41:17:888 2848 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) E:\Windows\system32\DRIVERS\wmiacpi.sys

19:41:17:919 2848 ws2ifsl (6db3276587b853bf886b69528fdb048c) E:\Windows\system32\drivers\ws2ifsl.sys

19:41:17:951 2848 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) E:\Windows\system32\drivers\WudfPf.sys

19:41:17:982 2848 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) E:\Windows\system32\DRIVERS\WUDFRd.sys

19:41:18:153 2848 yrbbz (80c6af4f948d4168fc90da1a6f4b6924) E:\Windows\system32\drivers\yrbbz.sys

19:41:18:153 2848 Suspicious file (NoAccess): E:\Windows\system32\drivers\yrbbz.sys. md5: 80c6af4f948d4168fc90da1a6f4b6924

19:41:18:153 2848 Reboot required for cure complete..

19:41:18:169 2848 Cure on reboot scheduled successfully

19:41:18:169 2848

19:41:18:169 2848 Completed

19:41:18:169 2848

19:41:18:169 2848 Results:

19:41:18:169 2848 Registry objects infected / cured / cured on reboot: 2 / 0 / 2

19:41:18:169 2848 File objects infected / cured / cured on reboot: 1 / 0 / 1

19:41:18:169 2848

19:41:18:169 2848 fclose_ex: Trying to close file E:\Windows\system32\config\system

19:41:18:169 2848 fclose_ex: Trying to close file E:\Windows\system32\config\software

19:41:18:169 2848 KLMD(ARK) unloaded successfully

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix log

ComboFix 10-05-17.01 - Ganesh 05/18/2010 20:04:37.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2430.1724 [GMT -5:00]

Running from: e:\users\Ganesh\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 )))))))))))))))))))))))))))))))

.

2010-05-19 01:26 . 2010-05-19 01:26 -------- d-----w- e:\users\Public\AppData\Local\temp

2010-05-19 01:26 . 2010-05-19 01:26 -------- d-----w- e:\users\Default\AppData\Local\temp

2010-05-19 01:26 . 2010-05-19 01:26 -------- d-----w- e:\users\Admin\AppData\Local\temp

2010-05-19 00:55 . 2010-05-19 00:55 -------- d-----w- E:\32788R22FWJFW

2010-05-18 05:50 . 2010-05-18 05:50 -------- d-----w- e:\program files\Unlocker

2010-05-18 05:49 . 2010-05-18 05:50 -------- d-----w- e:\program files\Bing Bar Installer

2010-05-18 04:24 . 2010-05-18 03:46 15880 ----a-w- e:\windows\system32\lsdelete.exe

2010-05-18 03:46 . 2010-02-04 15:53 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys

2010-05-18 03:46 . 2010-05-18 03:46 -------- dc----w- e:\windows\system32\DRVSTORE

2010-05-18 03:46 . 2010-05-18 03:46 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys

2010-05-18 02:51 . 2010-05-18 02:51 -------- dc-h--w- e:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-05-18 02:51 . 2010-02-04 15:53 2954656 -c--a-w- e:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-05-18 02:51 . 2010-05-18 03:46 -------- d-----w- e:\programdata\Lavasoft

2010-05-18 02:51 . 2010-05-18 02:51 -------- d-----w- e:\program files\Lavasoft

2010-05-18 02:47 . 2009-06-18 17:55 18816 ------w- e:\windows\system32\SAVRKBootTasks.sys

2010-05-18 00:39 . 2010-05-18 00:39 -------- d-----w- e:\program files\Sophos

2010-05-16 19:22 . 2010-05-19 01:26 -------- d-----w- e:\users\Ganesh\AppData\Local\temp

2010-05-15 22:58 . 2010-05-15 22:58 -------- d-----w- e:\program files\Common Files\Java

2010-05-15 22:58 . 2010-04-12 22:29 411368 ----a-w- e:\windows\system32\deployJava1.dll

2010-05-15 17:42 . 2010-05-15 17:42 -------- d-----w- e:\program files\CCleaner

2010-05-14 23:47 . 2010-05-14 23:47 57344 ----a-w- e:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-14 23:19 . 2010-03-04 07:33 740864 ----a-w- e:\windows\system32\inetcomm.dll

2010-05-10 23:18 . 2010-05-10 23:18 -------- d-----w- E:\Output Files

2010-05-10 23:16 . 2010-05-10 23:16 -------- d-----w- e:\windows\system32\tempdir

2010-05-10 23:16 . 2009-03-18 19:54 1103360 ----a-w- e:\windows\system32\cidfont.dll

2010-05-10 23:16 . 2005-05-31 08:25 1503232 ----a-w- e:\windows\system32\ptj.exe

2010-05-10 23:16 . 2007-06-27 21:15 4369408 ----a-w- e:\windows\system32\pdftk.exe

2010-05-10 23:16 . 2010-05-10 23:22 -------- d-----w- e:\program files\office Convert Pdf to Jpg Jpeg Tiff Free

2010-05-09 18:00 . 2010-05-06 20:41 307280 ----a-w- e:\windows\system32\drivers\aswSnx.sys

2010-05-09 18:00 . 2010-05-06 20:41 99280 ----a-w- e:\windows\system32\drivers\aswFW.sys

2010-05-09 17:59 . 2010-05-06 20:40 190416 ----a-w- e:\windows\system32\drivers\aswNdis2.sys

2010-05-09 17:58 . 2010-03-19 20:10 12112 ----a-w- e:\windows\system32\drivers\aswNdis.sys

2010-05-09 17:58 . 2010-05-09 17:58 -------- d-----w- e:\programdata\Alwil Software

2010-05-09 17:42 . 2009-10-10 02:57 12800 ----a-w- e:\windows\system32\drivers\sffp_sd.sys

2010-05-09 17:42 . 2009-10-10 02:31 84992 ----a-w- e:\windows\system32\drivers\sdbus.sys

2010-05-09 17:42 . 2009-12-11 07:44 133720 ----a-w- e:\windows\system32\drivers\ksecpkg.sys

2010-05-09 17:42 . 2009-12-11 07:38 1037312 ----a-w- e:\windows\system32\lsasrv.dll

2010-05-09 17:42 . 2009-09-26 05:58 194488 ----a-w- e:\windows\system32\drivers\fvevol.sys

2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\users\Ganesh\AppData\Local\TVU Networks

2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\programdata\TVU Networks

2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\program files\TVUPlayer

2010-04-25 15:40 . 2010-04-25 15:40 -------- d-----w- e:\users\Ganesh\AppData\Roaming\Malwarebytes

2010-04-24 19:47 . 2010-04-24 19:47 -------- d-----w- e:\users\Admin\AppData\Local\Adobe

2010-04-24 19:31 . 2010-04-24 19:31 -------- d-----w- e:\users\Admin\AppData\Roaming\Malwarebytes

2010-04-24 19:31 . 2010-04-29 20:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2010-04-24 19:31 . 2010-04-29 20:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys

2010-04-24 19:31 . 2010-04-24 19:31 -------- d-----w- e:\programdata\Malwarebytes

2010-04-24 19:31 . 2010-05-15 18:08 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2010-04-23 10:22 . 2010-04-23 10:22 2898232 ----a-w- e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-15 22:58 . 2009-10-24 13:25 -------- d-----w- e:\program files\Java

2010-05-15 18:03 . 2009-11-10 03:37 -------- d-----w- e:\program files\Common Files\InstallShield

2010-05-15 18:03 . 2009-11-10 03:38 -------- d--h--w- e:\program files\InstallShield Installation Information

2010-05-14 23:57 . 2009-10-24 13:31 -------- d-----w- e:\program files\DivX

2010-05-14 23:57 . 2009-10-24 13:31 -------- d-----w- e:\program files\Common Files\DivX Shared

2010-05-14 23:46 . 2010-05-14 23:46 56766 ----a-w- e:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-05-14 23:46 . 2010-05-14 23:43 -------- d-----w- e:\programdata\DivX

2010-05-14 23:46 . 2010-05-14 23:46 56978 ----a-w- e:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-05-14 23:46 . 2010-05-14 23:46 53600 ----a-w- e:\programdata\DivX\Update\Uninstaller.exe

2010-05-14 23:46 . 2010-05-14 23:46 57409 ----a-w- e:\programdata\DivX\ControlPanel\Uninstaller.exe

2010-05-14 23:46 . 2010-05-14 23:46 52963 ----a-w- e:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-05-14 23:46 . 2010-05-14 23:46 54073 ----a-w- e:\programdata\DivX\Qt4.5\Uninstaller.exe

2010-05-14 23:43 . 2010-05-14 23:43 144696 ----a-w- e:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-14 23:43 . 2010-05-14 23:46 754984 ----a-w- e:\programdata\DivX\Setup\Resource.dll

2010-05-14 23:43 . 2010-05-14 23:46 1180952 ----a-w- e:\programdata\DivX\Setup\DivXSetup.exe

2010-05-14 23:19 . 2009-07-14 02:37 -------- d-----w- e:\program files\Windows Mail

2010-05-14 04:40 . 2009-10-20 22:12 -------- d-----w- e:\program files\Microsoft.NET

2010-05-11 02:52 . 2009-10-20 04:36 -------- d-----w- e:\program files\uTorrent

2010-05-11 02:51 . 2009-10-20 04:36 -------- d-----w- e:\users\Ganesh\AppData\Roaming\uTorrent

2010-05-09 19:03 . 2010-02-06 21:40 -------- d-----w- e:\users\Ganesh\AppData\Roaming\vlc

2010-05-09 18:01 . 2010-01-05 00:24 -------- d-----w- e:\program files\Alwil Software

2010-05-08 22:40 . 2010-02-25 04:32 -------- d-----w- e:\program files\Google

2010-05-06 20:59 . 2010-01-05 00:25 38848 ----a-w- e:\windows\system32\avastSS.scr

2010-05-06 20:59 . 2010-01-05 00:24 165032 ----a-w- e:\windows\system32\aswBoot.exe

2010-05-06 20:39 . 2010-01-05 00:25 46672 ----a-w- e:\windows\system32\drivers\aswTdi.sys

2010-05-06 20:39 . 2010-01-05 00:25 164048 ----a-w- e:\windows\system32\drivers\aswSP.sys

2010-05-06 20:34 . 2010-01-05 00:25 23376 ----a-w- e:\windows\system32\drivers\aswRdr.sys

2010-05-06 20:34 . 2010-01-05 00:24 51792 ----a-w- e:\windows\system32\drivers\aswMonFlt.sys

2010-05-06 20:33 . 2010-01-05 00:25 19024 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys

2010-04-24 19:29 . 2009-11-21 05:42 -------- d-----w- e:\users\Admin\AppData\Roaming\uTorrent

2010-04-24 19:28 . 2009-07-13 23:11 43088 ----a-w- e:\windows\system32\drivers\pcw.sys

2010-03-21 05:14 . 2009-07-13 23:16 6656 ----a-w- e:\windows\system32\lpcio.dll

2010-03-08 21:33 . 2010-04-25 15:57 427520 ----a-w- e:\windows\system32\vbscript.dll

2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- e:\windows\system32\dpl100.dll

2010-03-04 18:42 . 2010-03-04 18:42 277536 ----a-w- e:\windows\system32\drivers\Rt86win7.sys

2010-02-27 18:11 . 2010-02-27 18:11 593920 ----a-w- e:\users\Ganesh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv305hw-0910190-0-main.dll

2010-02-27 18:10 . 2010-02-27 18:10 319488 ----a-w- e:\users\Ganesh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

2010-02-27 12:07 . 2010-04-25 15:57 3899280 ----a-w- e:\windows\system32\ntoskrnl.exe

2010-02-27 12:07 . 2010-04-25 15:57 3954568 ----a-w- e:\windows\system32\ntkrnlpa.exe

2010-02-27 07:32 . 2010-04-25 15:57 221696 ----a-w- e:\windows\system32\drivers\mrxsmb10.sys

2010-02-27 07:32 . 2010-04-25 15:57 95744 ----a-w- e:\windows\system32\drivers\mrxsmb20.sys

2010-02-27 07:32 . 2010-04-25 15:57 123392 ----a-w- e:\windows\system32\drivers\mrxsmb.sys

2010-02-24 15:16 . 2009-10-14 09:58 181632 ------w- e:\windows\system32\MpSigStub.exe

2010-02-23 07:56 . 2010-04-25 15:57 977920 ----a-w- e:\windows\system32\wininet.dll

2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- e:\windows\system32\GPhotos.scr

2009-12-23 21:40 . 2009-12-23 21:40 151392 ----a-w- e:\program files\mozilla firefox\components\FFConnectorLauncher.dll

2009-12-23 21:40 . 2009-12-23 21:40 296800 ----a-w- e:\program files\mozilla firefox\components\FFSource.dll

2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll

2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- e:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- e:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-05-06 21:02 151648 ----a-w- e:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SansaDispatch"="e:\users\Ganesh\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-12-09 79872]

"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"Windows Mobile Device Center"="e:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"avast5"="e:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]

"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"UnlockerAssistant"="e:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

R2 avast! Firewall;avast! Firewall;e:\program files\Alwil Software\Avast5\afwServ.exe [2010-05-06 119200]

R2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 136176]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-18 1291544]

R3 diskchk;diskchk;e:\windows\system32\diskchk.sys [x]

R3 MEMSWEEP2;MEMSWEEP2;e:\windows\system32\3033.tmp [x]

R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;e:\windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]

S0 aswNdis;avast! Firewall NDIS Filter Service;e:\windows\system32\DRIVERS\aswNdis.sys [2010-03-19 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SAVRKBootTasks;Boot Tasks Driver;e:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]

S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]

S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\DRIVERS\RTL8187B.sys [2009-11-05 376832]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB

*Deregistered* - klmdb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

2010-05-19 e:\windows\Tasks\Ad-Aware Update (Weekly).job

- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 03:45]

2010-05-19 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:33]

2010-05-19 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=

FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: e:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: e:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: e:\program files\TVUPlayer\npTVUAx.dll

FF - plugin: e:\program files\Veetle\Player\npvlc.dll

FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: e:\users\Ganesh\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

---- FIREFOX POLICIES ----

e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\e:\windows\system32\3033.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-05-18 20:29:21

ComboFix-quarantined-files.txt 2010-05-19 01:29

ComboFix2.txt 2010-05-16 19:22

Pre-Run: 86,643,982,336 bytes free

Post-Run: 86,527,131,648 bytes free

- - End Of File - - DB829D41B8D34B01559044CE74DF6AA7

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

1. Please open Notepad

  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

=============

Link to post
Share on other sites
Pritz

Pritz

Posted
  • Author
Posted

Thanks kahdah.

Below is my new Combofix log.

ComboFix 10-05-19.02 - Ganesh 05/19/2010 18:40:49.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2430.1578 [GMT -5:00]

Running from: e:\users\Ganesh\Desktop\ComboFix.exe

Command switches used :: e:\users\Ganesh\Desktop\CFScript.txt

.

((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 )))))))))))))))))))))))))))))))

.

2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- e:\users\Public\AppData\Local\temp

2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- e:\users\Default\AppData\Local\temp

2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- e:\users\Admin\AppData\Local\temp

2010-05-19 23:32 . 2010-05-19 23:33 -------- d-----w- E:\32788R22FWJFW

2010-05-18 05:50 . 2010-05-18 05:50 -------- d-----w- e:\program files\Unlocker

2010-05-18 05:49 . 2010-05-18 05:50 -------- d-----w- e:\program files\Bing Bar Installer

2010-05-18 04:24 . 2010-05-18 03:46 15880 ----a-w- e:\windows\system32\lsdelete.exe

2010-05-18 03:46 . 2010-02-04 15:53 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys

2010-05-18 03:46 . 2010-05-18 03:46 -------- dc----w- e:\windows\system32\DRVSTORE

2010-05-18 03:46 . 2010-05-18 03:46 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys

2010-05-18 02:51 . 2010-05-18 02:51 -------- dc-h--w- e:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-05-18 02:51 . 2010-02-04 15:53 2954656 -c--a-w- e:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-05-18 02:51 . 2010-05-18 03:46 -------- d-----w- e:\programdata\Lavasoft

2010-05-18 02:51 . 2010-05-18 02:51 -------- d-----w- e:\program files\Lavasoft

2010-05-18 02:47 . 2009-06-18 17:55 18816 ------w- e:\windows\system32\SAVRKBootTasks.sys

2010-05-18 00:39 . 2010-05-18 00:39 -------- d-----w- e:\program files\Sophos

2010-05-16 19:22 . 2010-05-19 23:59 -------- d-----w- e:\users\Ganesh\AppData\Local\temp

2010-05-15 22:58 . 2010-05-15 22:58 -------- d-----w- e:\program files\Common Files\Java

2010-05-15 22:58 . 2010-04-12 22:29 411368 ----a-w- e:\windows\system32\deployJava1.dll

2010-05-15 17:42 . 2010-05-15 17:42 -------- d-----w- e:\program files\CCleaner

2010-05-14 23:47 . 2010-05-14 23:47 57344 ----a-w- e:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-14 23:19 . 2010-03-04 07:33 740864 ----a-w- e:\windows\system32\inetcomm.dll

2010-05-10 23:18 . 2010-05-10 23:18 -------- d-----w- E:\Output Files

2010-05-10 23:16 . 2010-05-10 23:16 -------- d-----w- e:\windows\system32\tempdir

2010-05-10 23:16 . 2009-03-18 19:54 1103360 ----a-w- e:\windows\system32\cidfont.dll

2010-05-10 23:16 . 2005-05-31 08:25 1503232 ----a-w- e:\windows\system32\ptj.exe

2010-05-10 23:16 . 2007-06-27 21:15 4369408 ----a-w- e:\windows\system32\pdftk.exe

2010-05-10 23:16 . 2010-05-10 23:22 -------- d-----w- e:\program files\office Convert Pdf to Jpg Jpeg Tiff Free

2010-05-09 18:00 . 2010-05-06 20:41 307280 ----a-w- e:\windows\system32\drivers\aswSnx.sys

2010-05-09 18:00 . 2010-05-06 20:41 99280 ----a-w- e:\windows\system32\drivers\aswFW.sys

2010-05-09 17:59 . 2010-05-06 20:40 190416 ----a-w- e:\windows\system32\drivers\aswNdis2.sys

2010-05-09 17:58 . 2010-03-19 20:10 12112 ----a-w- e:\windows\system32\drivers\aswNdis.sys

2010-05-09 17:58 . 2010-05-09 17:58 -------- d-----w- e:\programdata\Alwil Software

2010-05-09 17:42 . 2009-10-10 02:57 12800 ----a-w- e:\windows\system32\drivers\sffp_sd.sys

2010-05-09 17:42 . 2009-10-10 02:31 84992 ----a-w- e:\windows\system32\drivers\sdbus.sys

2010-05-09 17:42 . 2009-12-11 07:44 133720 ----a-w- e:\windows\system32\drivers\ksecpkg.sys

2010-05-09 17:42 . 2009-12-11 07:38 1037312 ----a-w- e:\windows\system32\lsasrv.dll

2010-05-09 17:42 . 2009-09-26 05:58 194488 ----a-w- e:\windows\system32\drivers\fvevol.sys

2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\users\Ganesh\AppData\Local\TVU Networks

2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\programdata\TVU Networks

2010-05-05 02:52 . 2010-05-05 02:52 -------- d-----w- e:\program files\TVUPlayer

2010-04-25 15:40 . 2010-04-25 15:40 -------- d-----w- e:\users\Ganesh\AppData\Roaming\Malwarebytes

2010-04-24 19:47 . 2010-04-24 19:47 -------- d-----w- e:\users\Admin\AppData\Local\Adobe

2010-04-24 19:31 . 2010-04-24 19:31 -------- d-----w- e:\users\Admin\AppData\Roaming\Malwarebytes

2010-04-24 19:31 . 2010-04-29 20:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2010-04-24 19:31 . 2010-04-29 20:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys

2010-04-24 19:31 . 2010-04-24 19:31 -------- d-----w- e:\programdata\Malwarebytes

2010-04-24 19:31 . 2010-05-15 18:08 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2010-04-23 10:22 . 2010-04-23 10:22 2898232 ----a-w- e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-15 22:58 . 2009-10-24 13:25 -------- d-----w- e:\program files\Java

2010-05-15 18:03 . 2009-11-10 03:37 -------- d-----w- e:\program files\Common Files\InstallShield

2010-05-15 18:03 . 2009-11-10 03:38 -------- d--h--w- e:\program files\InstallShield Installation Information

2010-05-14 23:57 . 2009-10-24 13:31 -------- d-----w- e:\program files\DivX

2010-05-14 23:57 . 2009-10-24 13:31 -------- d-----w- e:\program files\Common Files\DivX Shared

2010-05-14 23:46 . 2010-05-14 23:46 56766 ----a-w- e:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-05-14 23:46 . 2010-05-14 23:43 -------- d-----w- e:\programdata\DivX

2010-05-14 23:46 . 2010-05-14 23:46 56978 ----a-w- e:\programdata\DivX\WebPlayer\Uninstaller.exe

2010-05-14 23:46 . 2010-05-14 23:46 53600 ----a-w- e:\programdata\DivX\Update\Uninstaller.exe

2010-05-14 23:46 . 2010-05-14 23:46 57409 ----a-w- e:\programdata\DivX\ControlPanel\Uninstaller.exe

2010-05-14 23:46 . 2010-05-14 23:46 52963 ----a-w- e:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-05-14 23:46 . 2010-05-14 23:46 54073 ----a-w- e:\programdata\DivX\Qt4.5\Uninstaller.exe

2010-05-14 23:43 . 2010-05-14 23:43 144696 ----a-w- e:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-14 23:43 . 2010-05-14 23:46 754984 ----a-w- e:\programdata\DivX\Setup\Resource.dll

2010-05-14 23:43 . 2010-05-14 23:46 1180952 ----a-w- e:\programdata\DivX\Setup\DivXSetup.exe

2010-05-14 23:19 . 2009-07-14 02:37 -------- d-----w- e:\program files\Windows Mail

2010-05-14 04:40 . 2009-10-20 22:12 -------- d-----w- e:\program files\Microsoft.NET

2010-05-11 02:52 . 2009-10-20 04:36 -------- d-----w- e:\program files\uTorrent

2010-05-11 02:51 . 2009-10-20 04:36 -------- d-----w- e:\users\Ganesh\AppData\Roaming\uTorrent

2010-05-09 19:03 . 2010-02-06 21:40 -------- d-----w- e:\users\Ganesh\AppData\Roaming\vlc

2010-05-09 18:01 . 2010-01-05 00:24 -------- d-----w- e:\program files\Alwil Software

2010-05-08 22:40 . 2010-02-25 04:32 -------- d-----w- e:\program files\Google

2010-05-06 20:59 . 2010-01-05 00:25 38848 ----a-w- e:\windows\system32\avastSS.scr

2010-05-06 20:59 . 2010-01-05 00:24 165032 ----a-w- e:\windows\system32\aswBoot.exe

2010-05-06 20:39 . 2010-01-05 00:25 46672 ----a-w- e:\windows\system32\drivers\aswTdi.sys

2010-05-06 20:39 . 2010-01-05 00:25 164048 ----a-w- e:\windows\system32\drivers\aswSP.sys

2010-05-06 20:34 . 2010-01-05 00:25 23376 ----a-w- e:\windows\system32\drivers\aswRdr.sys

2010-05-06 20:34 . 2010-01-05 00:24 51792 ----a-w- e:\windows\system32\drivers\aswMonFlt.sys

2010-05-06 20:33 . 2010-01-05 00:25 19024 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys

2010-04-24 19:29 . 2009-11-21 05:42 -------- d-----w- e:\users\Admin\AppData\Roaming\uTorrent

2010-04-24 19:28 . 2009-07-13 23:11 43088 ----a-w- e:\windows\system32\drivers\pcw.sys

2010-03-21 05:14 . 2009-07-13 23:16 6656 ----a-w- e:\windows\system32\lpcio.dll

2010-03-08 21:33 . 2010-04-25 15:57 427520 ----a-w- e:\windows\system32\vbscript.dll

2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- e:\windows\system32\dpl100.dll

2010-03-04 18:42 . 2010-03-04 18:42 277536 ----a-w- e:\windows\system32\drivers\Rt86win7.sys

2010-02-27 18:11 . 2010-02-27 18:11 593920 ----a-w- e:\users\Ganesh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv305hw-0910190-0-main.dll

2010-02-27 18:10 . 2010-02-27 18:10 319488 ----a-w- e:\users\Ganesh\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

2010-02-27 12:07 . 2010-04-25 15:57 3899280 ----a-w- e:\windows\system32\ntoskrnl.exe

2010-02-27 12:07 . 2010-04-25 15:57 3954568 ----a-w- e:\windows\system32\ntkrnlpa.exe

2010-02-27 07:32 . 2010-04-25 15:57 221696 ----a-w- e:\windows\system32\drivers\mrxsmb10.sys

2010-02-27 07:32 . 2010-04-25 15:57 95744 ----a-w- e:\windows\system32\drivers\mrxsmb20.sys

2010-02-27 07:32 . 2010-04-25 15:57 123392 ----a-w- e:\windows\system32\drivers\mrxsmb.sys

2010-02-24 15:16 . 2009-10-14 09:58 181632 ------w- e:\windows\system32\MpSigStub.exe

2010-02-23 07:56 . 2010-04-25 15:57 977920 ----a-w- e:\windows\system32\wininet.dll

2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- e:\windows\system32\GPhotos.scr

2009-12-23 21:40 . 2009-12-23 21:40 151392 ----a-w- e:\program files\mozilla firefox\components\FFConnectorLauncher.dll

2009-12-23 21:40 . 2009-12-23 21:40 296800 ----a-w- e:\program files\mozilla firefox\components\FFSource.dll

2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- e:\program files\mozilla firefox\plugins\libdivx.dll

2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- e:\program files\mozilla firefox\plugins\ssldivx.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- e:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- e:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-05-06 21:02 151648 ----a-w- e:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SansaDispatch"="e:\users\Ganesh\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-12-09 79872]

"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]

"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"Windows Mobile Device Center"="e:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"avast5"="e:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]

"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"UnlockerAssistant"="e:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

R2 avast! Firewall;avast! Firewall;e:\program files\Alwil Software\Avast5\afwServ.exe [2010-05-06 119200]

R2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 136176]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-18 1291544]

R3 diskchk;diskchk;e:\windows\system32\diskchk.sys [x]

R3 MEMSWEEP2;MEMSWEEP2;e:\windows\system32\3033.tmp [x]

R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;e:\windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]

S0 aswNdis;avast! Firewall NDIS Filter Service;e:\windows\system32\DRIVERS\aswNdis.sys [2010-03-19 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SAVRKBootTasks;Boot Tasks Driver;e:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]

S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]

S3 RTL8167;Realtek 8167 NT Driver;e:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\DRIVERS\RTL8187B.sys [2009-11-05 376832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

2010-05-19 e:\windows\Tasks\Ad-Aware Update (Weekly).job

- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 03:45]

2010-05-19 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:33]

2010-05-19 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- e:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=

FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: e:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: e:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: e:\program files\TVUPlayer\npTVUAx.dll

FF - plugin: e:\program files\Veetle\Player\npvlc.dll

FF - plugin: e:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: e:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: e:\users\Ganesh\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: e:\users\Ganesh\AppData\Roaming\Mozilla\Firefox\Profiles\wxmphqh2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

---- FIREFOX POLICIES ----

e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\e:\windows\system32\3033.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-05-19 19:02:34

ComboFix-quarantined-files.txt 2010-05-20 00:02

ComboFix2.txt 2010-05-19 01:29

ComboFix3.txt 2010-05-16 19:22

Pre-Run: 86,308,810,752 bytes free

Post-Run: 86,029,672,448 bytes free

- - End Of File - - 122F4881B0273052A484778A53E2DB2E

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Please go to Start>Run type in Notepad.

Copy what is in the code box below into the open Notepad window.

Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop.

@Echo off

sc stop "diskchk"
sc delete "diskchk"
sc stop "MEMSWEEP2"
sc delete "MEMSWEEP2"
sc stop "aswNdis2"
sc delete "aswNdis2"
sc stop "aswFW"
sc delete "aswFW"
sc stop "aswSnx"
sc delete "aswSnx"
sc stop "aswSP"
sc delete "aswSP"
sc stop "aswFsBlk"
sc delete "aswFsBlk"

del %0

Then please double click on fixthis.bat a window will open and close quickly.This is normal.

===================

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites
Pritz

Pritz

Posted
  • Author
Posted

The file fixthis.bat gave me blue screen of death and restarted my computer.

Below is my MB log.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4122

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

5/20/2010 6:52:40 PM

mbam-log-2010-05-20 (18-52-40).txt

Scan type: Quick scan

Objects scanned: 129113

Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.