Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.agent.gen and Rootkit.TDSS found on my computer


  • This topic is locked This topic is locked
No replies to this topic

#1 thomasato

thomasato

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 01 November 2010 - 07:30 PM

64 bit, Windows 7

I was having issues with youtube. Streaming was very slow and would often times stop altogether. At first, I thought I had an issue with flash player and so I uninstalled it, installed it again, and checked on updates. I still had the same issues.

I ran Spyware Doctor and Malwarebytes to see if the issue was malware. Previously, when I ran either program, it would show a lot of infections, but now there were none. I then thought that it could be a browser issue so I downloaded Google Chrome. Though it downloaded, Google Chrome would not open any sites. I got an error code. This is what it says:

"This webpage is not available. The webpage at http://google.com/ might be temporarily down or it may have been moved permanently to a new web address. Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error."

It said a couple of times that I wasn't connected to the server, but to me that didn't make sense because I was online and surf the web with Firefox.

I downloaded other types of anti virus and malware programs to see if it would help. This is a list: spybots, ad aware, bitdefender, avg, kaspersky.

None downloaded. I received messages saying that the files were corrupted. There would be a bunch of programs opening while doing this. They were moving so fast so I couldn't catch any of them.

I tried to do online scans. Those didn't work either. Same message.

I tried to download these programs in safe mode with networks. They did not download. I tried to run scans I already had in safe mode. The scans did not produce anything. I tried using a different computer to download Avira and another program. It worked but did not produce any type of infections at all.

Another odd thing: there is a weird bluish tinge on my computer. It only shows up sometimes. Sometimes when I try to watch videos or look through pictures, the bluish lines would flash into red squares. I thought that maybe my computer was physically damaged but it kept changing with different formats and programs.

I went into previous logs from Malwarebytes Anti Malware, and I saw that it had quarantined Rootkit.agent.gen and Rootkit.tdss. Though it says that those were removed, I think that it may still be active because my laptop is still acting up. I'm concerned that my info can be compromised if I am infected with a rootkit. I don't know how to fix my computer. I'd really appreciate the help.


DDS (Ver_10-11-01.01) - NTFS_AMD64
Run by Hlub at 20:34:00.23 on Mon 11/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1490 [GMT -4:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\windows\system32\Dwm.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Hlub\Downloads\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uWindows: Load=C:\Users\Hlub\AppData\Local\Temp\dwm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Speech Recognition] "C:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [Google Update] "C:\Users\Hlub\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Hlub\AppData\Roaming\Mozilla\Firefox\Profiles\zces4bs9.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50371
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hlub\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 42211932;42211932 Boot Guard Driver;C:\Windows\System32\drivers\42211932.sys [2010-11-1 40464]
R0 52608322;52608322 Boot Guard Driver;C:\Windows\System32\drivers\52608322.sys [2010-11-1 40464]
R0 72553262;72553262 Boot Guard Driver;C:\Windows\System32\drivers\72553262.sys [2010-11-1 40464]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-11-1 69152]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-7-25 233488]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-18 55280]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-2-18 482384]
R1 42211931;42211931;C:\Windows\System32\drivers\42211931.sys [2010-11-1 157712]
R1 52608321;52608321;C:\Windows\System32\drivers\52608321.sys [2010-11-1 157712]
R1 72553261;72553261;C:\Windows\System32\drivers\72553261.sys [2010-11-1 157712]
R1 myfile.exedrv;myfile.exedrv;C:\Windows\System32\drivers\5260832.sys [2010-11-1 352784]
R1 setup_9.0.0.722_01.11.2010_22-09drv;setup_9.0.0.722_01.11.2010_22-09drv;C:\Windows\System32\drivers\7255326.sys [2010-11-1 352784]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-1 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-1 267432]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-11-1 81072]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-7-25 112592]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 1357464]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-7-25 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-7-25 1142224]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-2-18 9216]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 16928]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-2-18 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-18 236544]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-2-18 943616]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-2-18 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-15 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-18 222208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-17 1255736]

=============== Created Last 30 ================

2010-11-02 00:11:15 69152 ----a-w- C:\windows\System32\drivers\Lbd.sys
2010-11-02 00:00:55 -------- d-----w- C:\Users\Hlub\AppData\Local\Sunbelt Software
2010-11-02 00:00:12 -------- d-----w- C:\Program Files (x86)\Lavasoft
2010-11-01 23:32:55 -------- d-----w- C:\Users\Hlub\AppData\Roaming\Avira
2010-11-01 23:32:21 81072 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2010-11-01 23:32:20 -------- d-----w- C:\Program Files (x86)\Avira
2010-11-01 23:32:20 -------- d-----w- C:\PROGRA~3\Avira
2010-11-01 22:50:24 40464 ----a-w- C:\windows\System32\drivers\52608322.sys
2010-11-01 22:50:24 352784 ----a-w- C:\windows\System32\drivers\5260832.sys
2010-11-01 22:50:24 157712 ----a-w- C:\windows\System32\drivers\52608321.sys
2010-11-01 21:52:15 -------- d-----w- C:\Users\Hlub\AppData\Local\Microsoft Games
2010-11-01 21:32:33 -------- dc-h--w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-01 21:29:30 40464 ----a-w- C:\windows\System32\drivers\72553262.sys
2010-11-01 21:29:30 352784 ----a-w- C:\windows\System32\drivers\7255326.sys
2010-11-01 21:29:30 157712 ----a-w- C:\windows\System32\drivers\72553261.sys
2010-11-01 21:21:46 40464 ----a-w- C:\windows\System32\drivers\42211932.sys
2010-11-01 21:21:46 352784 ----a-w- C:\windows\System32\drivers\4221193.sys
2010-11-01 21:21:46 157712 ----a-w- C:\windows\System32\drivers\42211931.sys
2010-10-27 03:06:34 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
2010-10-27 02:45:13 961024 ----a-w- C:\windows\System32\CPFilters.dll
2010-10-27 02:45:13 641536 ----a-w- C:\windows\SysWow64\CPFilters.dll
2010-10-27 02:45:13 552960 ----a-w- C:\windows\System32\msdri.dll
2010-10-27 02:45:12 288256 ----a-w- C:\windows\System32\MSNP.ax
2010-10-27 02:45:12 258560 ----a-w- C:\windows\System32\mpg2splt.ax
2010-10-27 02:45:12 204288 ----a-w- C:\windows\SysWow64\MSNP.ax
2010-10-27 02:45:12 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2010-10-27 02:45:02 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2010-10-13 12:11:54 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-13 12:11:54 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-13 12:11:53 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2010-10-13 12:11:53 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2010-10-13 12:11:52 463360 ----a-w- C:\windows\System32\drivers\srv.sys
2010-10-13 12:11:51 9728 ----a-w- C:\windows\SysWow64\sscore.dll
2010-10-13 12:11:51 402944 ----a-w- C:\windows\System32\drivers\srv2.sys
2010-10-13 12:11:51 3123712 ----a-w- C:\windows\System32\win32k.sys
2010-10-13 12:11:51 236032 ----a-w- C:\windows\System32\srvsvc.dll
2010-10-13 12:11:51 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys

==================== Find3M ====================

2010-09-10 05:35:44 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-08-31 04:32:30 954752 ----a-w- C:\windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\windows\SysWow64\mfc40u.dll
2010-08-26 05:27:28 148992 ----a-w- C:\windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\windows\SysWow64\comctl32.dll
2010-08-10 09:15:58 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts

============= FINISH: 20:36:03.45 ===============


GMER did not produce any results.

Attached Files

  • Attached File  log2.txt   12.77KB   1 downloads

Edited by Blade Zephon, 05 November 2010 - 09:49 AM.
Closed at OP request. ~BZ


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users