Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan - services.exe crash after internet connection


  • This topic is locked This topic is locked
2 replies to this topic

#1 zadoc

zadoc

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 30 May 2010 - 05:26 AM

Hello,

My Vista Home Basic SP2 is infected with a trojan that probably is the reason my computer crashes after the internet connection starts (not without internet).

GMER immediately finds rootikit. When I perform the scan, I get a blue screen referring to fgrdipow.sys.
GMER picks up at start the following:
- svchost.exe (hidden) -> mwawym
- yuoeuts (BOOT)

GMER crashes when run in safe mode.

Referred from previous post:
http://www.bleepingcomputer.com/forums/ind...p;#entry1778481
I´m not sure if it helps, but I also added logs from VWS, Systemlook and hijackthis (run for previous post)

Thanks in advance for help!

DDS log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Max at 10:22:44,84 on zo 30-05-2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.2014.985 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\IPSSVC.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Max\AppData\Local\Google\Update\1.2.183.27\GoogleCrashHandler.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Max\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.shopping-net.nl/
uDefault_Page_URL = hxxp://lenovo.live.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Google Update] "c:\users\max\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\max\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\max\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\update~1.lnk - c:\program files\kpn dashboard\mobiel internet dashboard\AutoUpdateSrv.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
TCP: {FE9DD219-A550-492A-BB72-563A37F9F4E4} = 208.67.222.222,62.58.50.20,208.67.220.220,62.58.50.6
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\max\appdata\roaming\mozilla\firefox\profiles\yc7y67m4.default\
FF - prefs.js: browser.search.selectedEngine - Google Nederland
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=.
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\max\appdata\local\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-1-31 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-25 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-25 29512]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-8 242896]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-16 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-1-31 132456]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2010-1-9 285744]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-9-29 75112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-28 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 TPHKSVC;Weergave op scherm;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-6-6 520192]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-18 4247552]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-1-17 48192]
S2 gupdate1c98a1ec3be695e;Google Update Service (gupdate1c98a1ec3be695e);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-5-20 44984]
S2 mwawym;Task Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-28 360448]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-1-17 29736]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-5-27 15944]
S3 Tomcat5;Apache Tomcat;c:\program files\apache software foundation\tomcat 5.5\bin\tomcat5.exe [2008-1-28 57344]

=============== Created Last 30 ================

2010-05-30 06:58:08 0 d-----w- C:\A
2010-05-30 06:54:36 396 ----a-w- c:\windows\system32\.crusader
2010-05-28 17:42:16 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-05-28 17:10:05 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-28 17:10:05 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-28 11:09:08 0 d-sh--w- C:\found.000
2010-05-28 09:46:26 0 d-----w- c:\users\max\DoctorWeb
2010-05-27 21:22:40 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-27 21:21:10 0 d-----w- c:\programdata\Hitman Pro
2010-05-27 21:21:07 0 d-----w- c:\program files\Hitman Pro 3.5
2010-05-27 20:41:59 0 d-----w- c:\users\max\appdata\roaming\Malwarebytes
2010-05-27 20:41:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 20:41:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 20:41:43 0 d-----w- c:\programdata\Malwarebytes
2010-05-27 20:41:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 20:18:14 0 d-----w- C:\Rustbfix
2010-05-27 20:17:17 0 d-s---w- C:\ComboFix
2010-05-27 13:33:36 98816 ----a-w- c:\windows\sed.exe
2010-05-27 13:33:36 77312 ----a-w- c:\windows\MBR.exe
2010-05-27 13:33:36 256512 ----a-w- c:\windows\PEV.exe
2010-05-27 13:33:36 161792 ----a-w- c:\windows\SWREG.exe
2010-05-27 12:28:19 772096 ----a-w- c:\windows\system32\drivers\yuoeuts.sys
2010-05-27 12:27:56 12 ----a-w- c:\users\max\appdata\roaming\vqdlkr.dat
2010-05-26 16:33:18 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 14:38:16 0 d-----w- C:\www
2010-05-24 13:20:14 0 d-----w- c:\program files\PHP
2010-05-20 12:40:10 0 d-----w- c:\programdata\Intel
2010-05-20 12:21:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-05-20 12:20:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-20 12:19:49 3 ----a-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2010-05-20 12:19:47 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-05-20 12:19:47 4052 ----a-w- c:\windows\system32\wbem\Wdf01000.mof
2010-05-20 12:19:47 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-05-20 12:19:47 118 ----a-w- c:\windows\system32\wbem\Wdf01000Uninstall.mof
2010-05-20 12:17:44 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-05-20 12:17:42 230832 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-20 12:17:40 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2010-05-12 12:33:55 0 d-----w- C:\d9be1c35eeb9c0c799f0
2010-05-12 12:28:52 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-12 12:15:11 0 d-----w- c:\program files\TomTom DesktopSuite
2010-05-10 19:59:00 0 d-----w- c:\program files\JRE
2010-05-10 15:17:04 0 d-----w- c:\users\max\appdata\roaming\Dropbox
2010-05-01 19:23:48 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-01 19:23:48 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-01 19:23:48 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-01 19:23:45 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-01 19:23:45 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-01 19:23:43 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-01 19:23:42 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-01 19:23:42 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-01 19:23:41 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-01 19:23:40 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-01 19:23:40 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-01 19:21:46 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-01 19:21:44 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-30 08:21:00 117149 ----a-w- c:\programdata\nvModes.dat
2010-05-30 07:14:26 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-30 07:14:26 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-30 07:14:25 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-28 18:18:51 711898 ----a-w- c:\windows\system32\perfh013.dat
2010-05-28 18:18:51 147502 ----a-w- c:\windows\system32\perfc013.dat
2010-05-27 19:52:25 1732 ----a-w- C:\tvtpktfilter.dat
2010-05-02 07:53:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-16 18:29:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 02:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 01:20:00 394600 ------w- c:\windows\PWMBTHLV.EXE
2009-10-31 09:30:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-07-03 07:50:54 41976 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2008-07-03 07:50:54 41976 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2008-07-03 07:50:54 336440 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2008-07-03 07:50:54 336440 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-09-04 21:01:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008090420080905\index.dat
2008-11-18 07:51:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008111820081119\index.dat
2008-08-09 14:07:23 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-08-09 14:07:23 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-08-09 14:07:23 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2008-07-03 07:53:44 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:26:03,67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 zadoc

zadoc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 31 May 2010 - 03:14 AM

Reset my PC with factory restore.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 31 May 2010 - 05:28 PM

As the issue appears to be solved I am closing this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users