Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit Facebook Clickjacking (type 1911)


  • This topic is locked This topic is locked
23 replies to this topic

#1 jidady

jidady

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 12 June 2011 - 07:45 PM

Over the weekend, our web site was hacked. In researching the information about how to fix it, my investigation of .htacess redirects led me to a site where I immediately gained an AVG notification of an active threat. This may have impacted two different computers of mine as I working simultaneously from that web site on each one. My gmail account was hacked this morning; I have since locked it down with the two-step verification (I feel like a fool for not doing this previously), but I am now also receiving an AVG warning repeatedly on the laptop. It's been a bad enough computer weekend that I wish I'd become a carpenter.

The specifics of the AVG message are:

Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection.
The page you are trying to access has been identified as a known exploit, phishing, or social engineering web site and therefore has been blocked for your safety. Without protection, such as that in the AVG Security Toolbar and AVG, your computer is at risk of being compromised, corrupted or having your identity stolen. Please follow one of the suggestions below to continue.

URL: rss.alexa.com/urls?m=3&h=1&n=10&r=1&u=1
Name: Facebook Clickjacking (type 1911)

Threat was blocked!

File name: rss.alexa.com/urls?m=3&h=1&n=10&r=1&u=1
Threat name: Exploit Facebook Clickjacking (type 1911)

When I click on Show Details, I get the following:
Process name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Process ID: 6168

When I click on the More info hyperlink, AVG's search database has no further details.

When I ran the GMER application as requested, I was only able to check the boxes for service, registry, files and ADS. All of the others were grayed out. I'm not sure if the software has changed since the tutorial was written or if this is indicative of a serious issue on my laptop. I presume the former but I wanted to notate it to give you as much information as possible.

I also reviewed my AVG virus vault history. I see that on December 6, there was a file moved to the vault that was labeled as TR/FakeAV.AF. On June 3 (a week earlier than my problems began), Trojan.FAKEMS was also quarantined.

Please note that the ark.txt file is attached but that it is also blank. I had no error message and when I saved the file afterward, it was blank. I presume this is because I did a less comprehensive test due to the grayed out boxes. I included a period to circumvent the "no file was selected for upload" error given to a blank file. I did not want you to think I had intentionally ignored one of your steps required.

Here are the requested DDS files:

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_15
Run by Scruffy Lives at 19:51:19 on 2011-06-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1215 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Galleon\bin\Wrapper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\java.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Scruffy Lives\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\AVG\AVG10\avgsrmax.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5643
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)

\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [googletalk] C:\Users\Scruffy Lives\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [<NO NAME>]
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6F1424E6-C738-4AF7-9061-6E05E1F5D802} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C2370A83-364F-4105-905A-275EB21DFC24} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO-X64: AskBar BHO - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)

\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [(Default)]
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Scruffy Lives\AppData\Roaming\Mozilla\Firefox\Profiles\3h1glto4.default\
FF - prefs.js: browser.search.selectedengine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.boxofficeprophets.com/
FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=alxf-2.11&src=ab&aid=WBONb1ooJ%2B00ok&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Users\Scruffy Lives\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Scruffy Lives\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 03:20:32];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe --> C:\Windows\System32

\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 ASKService;ASKService;C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2009-8-31 464264]
R2 ASKUpgrade;ASKUpgrade;C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-8-31 234888]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 Galleon;Galleon;C:\Program Files (x86)\Galleon\bin\Wrapper.exe [2009-3-24 204800]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-3-2 583640]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m

"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125

\ccSvcHst.exe [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-8-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-8-24 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\SCRUFF~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\SCRUFF~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-17 89920]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 222512]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-8-31

1038088]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys

[?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-8-24 1083888]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-06-12 07:24:36 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AB646BF-2AB2-4D4B-B188-CC3EDB0F42C1}\mpengine.dll
2011-06-12 00:01:35 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-21 02:53:03 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{389F9F25-19D2-49B5-95DA-68AEA9ABF815}\gapaengine.dll
.
==================== Find3M ====================
.
2011-04-15 01:28:12 117328 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-05 04:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-03-16 20:03:18 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 19:51:58.11 ===============

Attached Files


Edited by jidady, 12 June 2011 - 07:49 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:57 PM

Posted 20 June 2011 - 07:36 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 jidady

jidady
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 20 June 2011 - 07:38 PM

Hello, I am here. Thanks in advance for your assistance.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:57 PM

Posted 20 June 2011 - 07:44 PM

Please run aswMBR so we can check for rootkits

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 jidady

jidady
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 20 June 2011 - 08:20 PM

I am having no luck with this. It's given me a blue screen twice now. Here are the messages:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: d1
BCP1: 0000000000000428
BCP2: 0000000000000002
BCP3: 0000000000000001
BCP4: FFFFFA6000B5CEE8
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini062011-01.dmp
C:\Users\Scruffy Lives\AppData\Local\Temp\WER-164097-0.sysdata.xml
C:\Users\Scruffy Lives\AppData\Local\Temp\WER5D0D.tmp.version.txt


Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: d1
BCP1: 0000000000000428
BCP2: 0000000000000002
BCP3: 0000000000000001
BCP4: FFFFFA6000B6FEE8
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini062011-02.dmp
C:\Users\Scruffy Lives\AppData\Local\Temp\WER-148341-0.sysdata.xml
C:\Users\Scruffy Lives\AppData\Local\Temp\WER17F2.tmp.version.txt

I'm going to try to run it from Safe mode to see if that works.

#6 jidady

jidady
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 20 June 2011 - 08:31 PM

I get a bluescreen in Safe mode as well. I cannot run this program without blowing up my system.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:57 PM

Posted 21 June 2011 - 01:33 PM

Okay, let's try TDSSKiller and see how we go

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:57 PM

Posted 25 June 2011 - 05:54 PM

Hi,

I have not had a reply from you for 4 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#9 jidady

jidady
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 25 June 2011 - 06:57 PM

I sincerely apologize. I do still need help. We had a storm knock out power for 125,000 people in Knoxville, Tennessee on Tuesday and then a tornado touched down on Thursday. I need to get this fixed, but there were more pressing issues over the past four days. I'm here now and will review your prior post.

#10 jidady

jidady
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 25 June 2011 - 07:03 PM

No infections were found. Here is the cut and paste:

2011/06/25 20:01:13.0922 5460 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/25 20:01:14.0359 5460 ================================================================================
2011/06/25 20:01:14.0359 5460 SystemInfo:
2011/06/25 20:01:14.0359 5460
2011/06/25 20:01:14.0359 5460 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/25 20:01:14.0359 5460 Product type: Workstation
2011/06/25 20:01:14.0360 5460 ComputerName: SCRUFFYLIVES
2011/06/25 20:01:14.0360 5460 UserName: Scruffy Lives
2011/06/25 20:01:14.0360 5460 Windows directory: C:\Windows
2011/06/25 20:01:14.0360 5460 System windows directory: C:\Windows
2011/06/25 20:01:14.0360 5460 Running under WOW64
2011/06/25 20:01:14.0360 5460 Processor architecture: Intel x64
2011/06/25 20:01:14.0360 5460 Number of processors: 2
2011/06/25 20:01:14.0360 5460 Page size: 0x1000
2011/06/25 20:01:14.0360 5460 Boot type: Normal boot
2011/06/25 20:01:14.0360 5460 ================================================================================
2011/06/25 20:01:16.0113 5460 Initialize success
2011/06/25 20:01:22.0729 8852 ================================================================================
2011/06/25 20:01:22.0729 8852 Scan started
2011/06/25 20:01:22.0729 8852 Mode: Manual;
2011/06/25 20:01:22.0729 8852 ================================================================================
2011/06/25 20:01:23.0816 8852 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/06/25 20:01:23.0927 8852 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/06/25 20:01:24.0040 8852 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/06/25 20:01:24.0169 8852 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/06/25 20:01:24.0296 8852 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/06/25 20:01:24.0349 8852 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/06/25 20:01:24.0446 8852 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/06/25 20:01:24.0608 8852 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/06/25 20:01:24.0753 8852 AgereSoftModem (6051b172930f3b2723d04c555f7ec55a) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/06/25 20:01:24.0894 8852 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/06/25 20:01:25.0000 8852 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/06/25 20:01:25.0117 8852 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
2011/06/25 20:01:25.0147 8852 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
2011/06/25 20:01:25.0241 8852 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/06/25 20:01:25.0330 8852 AnyDVD (aa10a90af32ba0682820a51fbc4ace90) C:\Windows\system32\Drivers\AnyDVD.sys
2011/06/25 20:01:25.0438 8852 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/06/25 20:01:25.0528 8852 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/06/25 20:01:25.0695 8852 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/25 20:01:25.0762 8852 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/06/25 20:01:26.0118 8852 AVGIDSDriver (593868a578b40da9bc155b22316bc9a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/25 20:01:26.0176 8852 AVGIDSEH (0994ba65388c7d5282242d1124fe8373) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/06/25 20:01:26.0278 8852 AVGIDSFilter (bf9ebe32b3827991d2100fcebca1af01) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/25 20:01:26.0383 8852 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/06/25 20:01:26.0436 8852 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/06/25 20:01:26.0529 8852 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/06/25 20:01:26.0592 8852 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/06/25 20:01:26.0754 8852 BCM43XX (f509c4fd2eba6af4fd8794aeb6f3efb7) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/25 20:01:26.0923 8852 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/06/25 20:01:27.0050 8852 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/25 20:01:27.0152 8852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/25 20:01:27.0199 8852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/06/25 20:01:27.0303 8852 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/06/25 20:01:27.0356 8852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/06/25 20:01:27.0441 8852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/25 20:01:27.0496 8852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/06/25 20:01:27.0603 8852 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/06/25 20:01:27.0715 8852 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/25 20:01:27.0865 8852 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/25 20:01:27.0966 8852 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/25 20:01:28.0052 8852 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/06/25 20:01:28.0174 8852 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/25 20:01:28.0209 8852 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
2011/06/25 20:01:28.0312 8852 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/25 20:01:28.0399 8852 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/25 20:01:28.0562 8852 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/06/25 20:01:28.0697 8852 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/06/25 20:01:28.0883 8852 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/06/25 20:01:29.0028 8852 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/25 20:01:29.0139 8852 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/06/25 20:01:29.0287 8852 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/06/25 20:01:29.0408 8852 ElbyCDIO (65e0ec00c209d4f2618f8ff0dd4ea444) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/06/25 20:01:29.0495 8852 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/06/25 20:01:29.0595 8852 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
2011/06/25 20:01:29.0685 8852 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/06/25 20:01:29.0830 8852 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/06/25 20:01:29.0951 8852 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/06/25 20:01:30.0058 8852 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/25 20:01:30.0177 8852 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/06/25 20:01:30.0269 8852 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/06/25 20:01:30.0396 8852 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/25 20:01:30.0523 8852 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/06/25 20:01:30.0620 8852 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/25 20:01:30.0719 8852 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/25 20:01:30.0849 8852 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/25 20:01:30.0975 8852 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/06/25 20:01:31.0433 8852 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/25 20:01:31.0545 8852 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/06/25 20:01:31.0622 8852 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/25 20:01:31.0741 8852 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/25 20:01:31.0856 8852 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/06/25 20:01:31.0935 8852 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/06/25 20:01:32.0009 8852 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/06/25 20:01:32.0178 8852 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/06/25 20:01:32.0281 8852 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/06/25 20:01:32.0371 8852 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/25 20:01:32.0470 8852 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/06/25 20:01:32.0776 8852 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/25 20:01:33.0052 8852 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/06/25 20:01:33.0186 8852 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
2011/06/25 20:01:33.0298 8852 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
2011/06/25 20:01:33.0366 8852 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/25 20:01:33.0498 8852 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/25 20:01:33.0642 8852 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/25 20:01:33.0742 8852 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/25 20:01:33.0869 8852 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/06/25 20:01:33.0966 8852 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/06/25 20:01:34.0085 8852 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/25 20:01:34.0183 8852 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/06/25 20:01:34.0289 8852 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/06/25 20:01:34.0379 8852 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/25 20:01:34.0487 8852 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/25 20:01:34.0616 8852 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/25 20:01:34.0737 8852 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/06/25 20:01:34.0932 8852 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/25 20:01:35.0048 8852 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/25 20:01:35.0141 8852 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/25 20:01:35.0238 8852 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/25 20:01:35.0329 8852 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/06/25 20:01:35.0451 8852 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/06/25 20:01:35.0573 8852 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/06/25 20:01:35.0713 8852 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/06/25 20:01:35.0804 8852 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/25 20:01:35.0890 8852 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/25 20:01:35.0988 8852 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/25 20:01:36.0083 8852 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/06/25 20:01:36.0195 8852 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/25 20:01:36.0297 8852 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/06/25 20:01:36.0664 8852 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/25 20:01:36.0905 8852 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/25 20:01:36.0975 8852 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/25 20:01:37.0061 8852 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/25 20:01:37.0170 8852 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/25 20:01:37.0237 8852 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/25 20:01:37.0347 8852 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/25 20:01:37.0439 8852 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/06/25 20:01:37.0500 8852 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/06/25 20:01:37.0570 8852 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/06/25 20:01:37.0655 8852 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/06/25 20:01:37.0736 8852 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/25 20:01:37.0825 8852 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/25 20:01:37.0906 8852 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/06/25 20:01:38.0015 8852 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/06/25 20:01:38.0066 8852 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/25 20:01:38.0178 8852 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/06/25 20:01:38.0264 8852 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/06/25 20:01:38.0397 8852 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/25 20:01:38.0617 8852 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/06/25 20:01:38.0734 8852 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/25 20:01:38.0840 8852 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/25 20:01:38.0948 8852 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/25 20:01:39.0009 8852 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/06/25 20:01:39.0120 8852 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/25 20:01:39.0244 8852 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/25 20:01:39.0464 8852 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
2011/06/25 20:01:39.0635 8852 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/06/25 20:01:39.0745 8852 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/25 20:01:39.0887 8852 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/06/25 20:01:39.0958 8852 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/25 20:01:40.0108 8852 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/06/25 20:01:40.0224 8852 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/06/25 20:01:40.0299 8852 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/06/25 20:01:40.0366 8852 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/06/25 20:01:40.0473 8852 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/06/25 20:01:40.0703 8852 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/25 20:01:40.0844 8852 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/06/25 20:01:40.0977 8852 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/06/25 20:01:41.0092 8852 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/06/25 20:01:41.0147 8852 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
2011/06/25 20:01:41.0250 8852 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/06/25 20:01:41.0380 8852 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/06/25 20:01:41.0613 8852 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/25 20:01:41.0722 8852 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/06/25 20:01:42.0033 8852 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/25 20:01:42.0153 8852 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/06/25 20:01:42.0235 8852 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/06/25 20:01:42.0344 8852 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/06/25 20:01:42.0400 8852 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/25 20:01:42.0501 8852 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/25 20:01:42.0583 8852 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/25 20:01:42.0690 8852 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/25 20:01:42.0790 8852 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/25 20:01:42.0868 8852 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/25 20:01:42.0961 8852 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/25 20:01:43.0035 8852 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/06/25 20:01:43.0129 8852 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/25 20:01:43.0228 8852 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/06/25 20:01:43.0452 8852 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/25 20:01:43.0571 8852 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/06/25 20:01:43.0680 8852 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/06/25 20:01:43.0827 8852 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/25 20:01:43.0934 8852 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/25 20:01:44.0016 8852 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/25 20:01:44.0115 8852 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/06/25 20:01:44.0202 8852 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/06/25 20:01:44.0294 8852 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/06/25 20:01:44.0419 8852 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/06/25 20:01:44.0508 8852 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/25 20:01:44.0595 8852 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/25 20:01:44.0636 8852 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/06/25 20:01:44.0739 8852 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/06/25 20:01:44.0829 8852 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/06/25 20:01:44.0967 8852 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/06/25 20:01:45.0118 8852 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/06/25 20:01:45.0369 8852 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/06/25 20:01:45.0501 8852 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/25 20:01:45.0631 8852 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/25 20:01:45.0773 8852 STHDA (fca841b6eab5d58b80d16285d301387d) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/06/25 20:01:45.0900 8852 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/25 20:01:46.0009 8852 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/06/25 20:01:46.0097 8852 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/06/25 20:01:46.0220 8852 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/06/25 20:01:46.0341 8852 SynTP (5790d18b440fb13583308bfae5f13fea) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/25 20:01:46.0525 8852 Tcpip (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\drivers\tcpip.sys
2011/06/25 20:01:46.0704 8852 Tcpip6 (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/25 20:01:46.0813 8852 tcpipreg (ce3ae2ba7a076f0ade9f48c598c1d15d) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/25 20:01:46.0888 8852 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/06/25 20:01:46.0964 8852 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/06/25 20:01:47.0243 8852 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/25 20:01:47.0473 8852 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/25 20:01:47.0590 8852 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/25 20:01:47.0699 8852 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/25 20:01:47.0836 8852 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/25 20:01:47.0990 8852 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/06/25 20:01:48.0110 8852 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/25 20:01:48.0246 8852 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/25 20:01:48.0363 8852 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/06/25 20:01:48.0468 8852 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/06/25 20:01:48.0567 8852 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/06/25 20:01:48.0662 8852 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/25 20:01:48.0814 8852 USBAAPL64 (a2d6c837f4bc7d0e084a67d7704c4ea8) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/25 20:01:48.0927 8852 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/25 20:01:49.0047 8852 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/06/25 20:01:49.0166 8852 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/25 20:01:49.0288 8852 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/25 20:01:49.0389 8852 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/06/25 20:01:49.0476 8852 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/25 20:01:49.0574 8852 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/25 20:01:49.0704 8852 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/25 20:01:49.0806 8852 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/25 20:01:49.0910 8852 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/25 20:01:50.0031 8852 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/25 20:01:50.0123 8852 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/06/25 20:01:50.0210 8852 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
2011/06/25 20:01:50.0325 8852 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/06/25 20:01:50.0447 8852 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/06/25 20:01:50.0594 8852 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/06/25 20:01:50.0675 8852 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/06/25 20:01:50.0790 8852 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/06/25 20:01:50.0919 8852 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/25 20:01:50.0941 8852 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/25 20:01:51.0084 8852 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/06/25 20:01:51.0244 8852 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
2011/06/25 20:01:51.0371 8852 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/25 20:01:51.0599 8852 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/25 20:01:51.0760 8852 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/25 20:01:51.0885 8852 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/25 20:01:52.0072 8852 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/25 20:01:52.0252 8852 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/06/25 20:01:52.0348 8852 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
2011/06/25 20:01:52.0441 8852 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
2011/06/25 20:01:52.0539 8852 ================================================================================
2011/06/25 20:01:52.0539 8852 Scan finished
2011/06/25 20:01:52.0539 8852 ================================================================================
2011/06/25 20:01:52.0559 9204 Detected object count: 0
2011/06/25 20:01:52.0559 9204 Actual detected object count: 0

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:57 PM

Posted 25 June 2011 - 07:35 PM

Hope you're okay there. I understand it's been a bit more windy than usual in the US this year :blink: .

TDSSKiller ran fine so now it's a 50/50 call as to whether there's any rootkit blocking occurring. I'm going for "No" and instead we are going to run Combofix to take a look and remove what it finds

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#12 jidady

jidady
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 25 June 2011 - 08:46 PM

We've had enough inclement weather this year to make wonder if the Mayans are right. Thanks for your well wishes.

I appear to have had some infection. The details are in the attached file.

Attached Files



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:57 PM

Posted 26 June 2011 - 04:45 AM

We've had enough inclement weather this year to make wonder if the Mayans are right


:lol:


the Ask toolbar is not recommended. This toolbar enhances internet browsing and provides a direct link to the "ask.com" search engine. This program is not known to be bundled with spyware - The company strongly denies the toolbar as being malware.

Please read why it might be good to remove it here.

If you choose to remove it then follow the instructions below.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick (or right-click, if you are using Vista) the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":



AskBarDis


Additional instructions can be found here if needed.


Good news though, Combofix has removed the LOWAKODA trojan. Just a quick clean up

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

DDS::
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5643

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#14 jidady

jidady
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 26 June 2011 - 05:58 PM

I think I've uninstalled Ask. It wasn't listed as its own install but appears to have been a portion of a couple of other programs I didn't need anyway. The file is attached.

Attached Files


Edited by jidady, 26 June 2011 - 05:58 PM.


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:57 PM

Posted 26 June 2011 - 06:46 PM

Visit ESET to do a bit of a clean up next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users