Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log


  • This topic is locked This topic is locked
20 replies to this topic

#1 Bara no Uta

Bara no Uta

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 03 July 2011 - 01:28 AM

Hi, I would really appreciate some help...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:58:25 AM, on 7/3/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DDNI\Lenovo Smile Dock\CenterStage.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\CC\Desktop\hijackthis.exe
C:\windows\system32\taskeng.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TpShocks] C:\Windows\system32\TpShocks.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\CC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Lenovo Smile Dock.lnk = C:\Program Files\DDNi\Lenovo Smile Dock\Delay.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\CC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\CC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - (no CLSID) - (no file)
O18 - Protocol: skype4com - (no CLSID) - (no file)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: IdeaPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.exe

--
End of file - 8331 bytes

For the record, I'm pretty sure neither of the instances of Internet Explorer it says I'm running are legitimate, since I'm not actually running it and Firefox is my default browser, last I checked.

Edited by Bara no Uta, 03 July 2011 - 01:32 AM.


BC AdBot (Login to Remove)

 


#2 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:12:05 PM

Posted 12 July 2011 - 09:13 PM

Hello and :welcome: I apologize for the delay in responding to your post. We do try to answer as quickly as possible.

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
  • Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  • Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  • Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!


If you are still having problems with your computer please do the following and also provide me with a description of what problems you are having. I did not see anything unusual in the HijackThis log.

The instances of Internet Explorer you see are most likely related to Windows Update as well as the Windows Live installer that appear to be running.

HijackThis has largely been replaced by other tools. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. DDS includes all the scan locations of HijackThis and more.


Download and Run DDS by sUBs

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Save both reports to your desktop.
---------------------------------------------------

Please Please copy / paste the scan reults.

DDS.txt

Please attach the second file; Attach.txt.



Download and Run GMER

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Right-click and choose Run as Administrator on GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that may have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one - make sure it is UNCHECKED)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#3 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:12:05 PM

Posted 15 July 2011 - 01:27 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#4 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:12:05 PM

Posted 16 July 2011 - 11:55 AM

I have received your PM and reopened the topic. Please go ahead and run the logs and we will see if we can take care of the problems.

Can you please also tell me what symptoms your machine is showing at the moment that have you concerned?

Edited by patndoris, 16 July 2011 - 11:56 AM.
added note

~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#5 Bara no Uta

Bara no Uta
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 16 July 2011 - 02:20 PM

First, thank you for your patience. :)
Symptoms... Well, my Firefox startred redirecting my Google searches to all sorts of sites when I clicked on a result, until I turned HTTP redirecting off, which stops it from being able to do that. However, if I turn it back on, I get redirected again.
Then, my Avast has been popping up and telling me it is stopping Internet Explorer from opening a harmful webpage. My IE also has sites in its history that I have never visited, particularly since I almost never use IE.
My computer has gotten the Blue Screen of Death a couple times, too.

Unfortunately, I am currently unable to provide any logs. I ran GMER as described in your post, and my computer froze. I tried everything I could to make it respond, but eventually had to force shutdown by holding the power button. It won't start up. It looks like it will, but at a certain point - when it has the bar with the part moving through it, the loading bar - it gets the Blue Screen of Death and reboots. I tried running startup repair, but it can't fix the problem, apparently. I am currently sending this from my Wii while I try to find out if I have a bootdisc anywhere in an effort to not completely freak out over my computer not starting... A bootdisc will work, right? D:

#6 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:12:05 PM

Posted 16 July 2011 - 05:26 PM

Please see if you can start your computer in safe mode.


Boot your computer in Safe Mode
  • Turn the computer on or Restart the computer
  • As soon as BIOS is loaded, start tapping the F8 key.
  • The Windows Advanced Options Menu appears.
    If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Use the arrow keys to select the Safe Mode menu option.
  • Press Enter.
  • The computer then begins to start in Safe mode.
  • Log into your usual account
  • When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.


If you can, please try running DDS from there. Do not yet run GMER again - let me take a look at the DDS log. If you are unable to boot in safe mode please let me know.
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#7 Bara no Uta

Bara no Uta
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 16 July 2011 - 10:54 PM

Alright, so it wouldn't boot all the way up into safe mode either. As a last resort, I had to use system restore... I restored it to the last time I did Windows updates, which, unfortunately, was like a month ago, but that was all I could do to get it up and running again. Mind you, I did already try that when my computer first started acting differently, and it didn't solve the problem, so I doubt it's solved much.
Firefox and Avast won't start now, meaning I'm using IE, and my computer is unprotected, since anything other than Avast I installed more recently than a month ago...

Here is my DDS report, and the other is attached.
DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by CC at 22:40:23 on 2011-07-16
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.193 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\System32\IgrsSvcs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\System32\TPHDEXLG.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k bthsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Google Update] "c:\users\cc\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TpShocks] c:\windows\system32\TpShocks.exe
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRunOnce: [WLStart] "c:\program files\windows live\installer\wlstart.exe" /nosearch /nohomepage
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lenovo~1.lnk - c:\program files\ddni\lenovo smile dock\Delay.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\cc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\cc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{9D0F5E08-E21B-4CBD-9BD4-5A9597AF3968} : DHCPNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{9D0F5E08-E21B-4CBD-9BD4-5A9597AF3968}\651637175756A7 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9D0F5E08-E21B-4CBD-9BD4-5A9597AF3968}\753525D253030303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9D0F5E08-E21B-4CBD-9BD4-5A9597AF3968}\D60737D27657563747 : DHCPNameServer = 172.16.64.4
TCP: Interfaces\{E90F88F2-B248-470A-8B5D-DB6DB463A1DC} : DHCPNameServer = 61.13.0.1 61.13.0.2
Handler: msdaipp - <Clsid value has no data>
Handler: skype-ie-addon-data - <Clsid value has no data>
Handler: skype4com - <Clsid value has no data>
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cc\appdata\roaming\mozilla\firefox\profiles\s6abq7or.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\cc\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-10-16 20496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-24 307928]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-14 218688]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-24 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-4-24 53592]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-12-29 331776]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-10-15 13336]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-10-16 21520]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-5 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-10-15 29472]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-15 189440]
R3 usbsmi;Lenovo EasyCamera;c:\windows\system32\drivers\SMIksdrv.sys [2010-10-15 172160]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2010-10-16 11792]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-9 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2010-10-16 63240]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2010-10-16 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2010-10-16 579400]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-10-15 175104]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
.
=============== Created Last 30 ================
.
2011-07-17 01:01:52 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c0e056eb-ac0a-4db9-b479-c04d1adee555}\mpengine.dll
2011-07-16 04:49:17 -------- d-----w- c:\users\cc\appdata\local\CrashDumps
2011-07-16 04:09:58 -------- d-----w- c:\users\cc\appdata\local\NPE
2011-07-15 22:45:14 -------- d-----w- c:\program files\common files\Symantec Shared
2011-07-15 22:42:58 -------- d-----w- c:\program files\Norton Security Suite
2011-07-15 22:42:33 -------- d-----w- c:\programdata\NortonInstaller
2011-07-15 22:42:33 -------- d-----w- c:\program files\NortonInstaller
2011-07-15 22:39:25 -------- d-----w- c:\programdata\Norton
2011-07-10 20:44:36 -------- d-----w- c:\users\cc\appdata\local\ElevatedDiagnostics
2011-07-01 22:05:15 -------- d-----w- c:\windows\system32\MpEngineStore
2011-07-01 22:01:10 -------- d-----w- C:\c905b7245c47c3b8dcaf
2011-06-27 04:22:01 -------- d-----w- c:\program files\Alarm
2011-06-23 00:51:19 -------- d-----w- c:\users\cc\appdata\local\Google
.
==================== Find3M ====================
.
2011-06-14 20:54:49 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-02 02:08:29 876544 ----a-w- c:\users\cc\appdata\roaming\defender.exe
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
============= FINISH: 22:41:59.43 ===============

#8 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:12:05 PM

Posted 17 July 2011 - 12:36 PM

P2P - I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.

If you choose to leave them on the machine, please refrain from using them while we are cleaning the machine to prevent further infection.



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now



You may reinstall your Avast so that you have anti-virus protection.
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#9 Bara no Uta

Bara no Uta
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 17 July 2011 - 04:40 PM

I uninstalled uTorrent as you suggested, and reinstalled Avast. I also ran ComboFix... but, I don't see a log...
It ran, and I saw it mention uninstalling a couple of things and removing a folder. I saw it saying that it was generating a log and not to run any programs until it was finished. Then it restarted, so I figured it was finished and looked on my desktop for a log. ...There isn't a log there. So I waited a while longer, but nothing was happening, so I searched under the start menu for things like 'log' and 'combofix,' but nothing (except the combofix program, of course... which came up both as a program and music, by the way, if that's unusual) came up. I also checked under notepad, wordpad, and Microsoft Word's recent files, and it wasn't there, either.

I tried Googling (using Internet Explorer) where the logfile should be and it redirected me still when I clicked on the results. Not long after, Avast (the shields automatically went back on when the computer finished restarting...) popped up saying it had stopped Internet Explorer from viewing a harmful webpage, and it's happened a couple times while typing this reply. On the other hand, though, my computer was able to start up normally.

#10 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:12:05 PM

Posted 17 July 2011 - 04:50 PM

Please navigate to C:\ComboFix.txt and see if that file exists. If it does, please open it with Notepad and copy and paste the results in your reply. If it does not exist, please let me know.
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#11 Bara no Uta

Bara no Uta
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 17 July 2011 - 05:58 PM

I did that, and C:\ComboFix.txt does not exist...

#12 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:12:05 PM

Posted 17 July 2011 - 06:11 PM

That would indicate that Combofix did not run in it's entirety. Please try running it again.

It is not unusual for Combofix to reboot a machine. Sometimes it takes several minutes for Combofix to run and several more for a log to be produced. It may appear that the machine is locked up, but please give it at plenty of time to run. It can take as much as 20 minutes for Combofix to run depending on the machine.

Please let me know the results and post the log.
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#13 Bara no Uta

Bara no Uta
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 17 July 2011 - 07:17 PM

Well, the same symptoms before are still happening (Google redirecting, Avast messages about IE), but I did succeed in getting a log this time, at least.

EDIT: It also won't let me open some things from the start menu. I had to open IE from the link to this from its history, and I seem to be unable to open Word at all, both due to "Illegal operation attempted on a registry key that has been marked for deletion."

ComboFix 11-07-17.03 - CC 07/17/2011 18:43:55.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.291 [GMT -5:00]
Running from: c:\users\CC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\users\CC\AppData\Roaming\defender.exe
c:\users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))
.
.
2011-07-18 00:01 . 2011-07-18 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-17 21:10 . 2011-07-18 00:01 -------- d-----w- c:\users\CC\AppData\Local\temp
2011-07-17 01:01 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0E056EB-AC0A-4DB9-B479-C04D1ADEE555}\mpengine.dll
2011-07-16 04:49 . 2011-07-16 04:49 -------- d-----w- c:\users\CC\AppData\Local\CrashDumps
2011-07-16 04:09 . 2011-07-16 06:49 -------- d-----w- c:\users\CC\AppData\Local\NPE
2011-07-15 22:45 . 2011-07-17 03:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-15 22:42 . 2011-07-15 22:43 -------- d-----w- c:\program files\Norton Security Suite
2011-07-15 22:42 . 2011-07-15 22:42 -------- d-----w- c:\program files\NortonInstaller
2011-07-15 22:39 . 2011-07-16 05:48 -------- d-----w- c:\programdata\Norton
2011-07-10 20:44 . 2011-07-10 20:44 -------- d-----w- c:\users\CC\AppData\Local\ElevatedDiagnostics
2011-07-01 22:05 . 2011-07-06 03:15 -------- d-----w- c:\windows\system32\MpEngineStore
2011-07-01 22:01 . 2011-07-17 03:48 -------- d-----w- C:\c905b7245c47c3b8dcaf
2011-06-27 04:22 . 2011-07-17 03:48 -------- d-----w- c:\program files\Alarm
2011-06-23 00:51 . 2011-06-23 00:53 -------- d-----w- c:\users\CC\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-04-25 02:27 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-04-25 02:27 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-04-25 02:27 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-04-25 02:27 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-04-25 02:27 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2011-04-25 02:27 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-04-25 02:27 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2011-04-25 02:27 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-14 20:54 . 2011-06-14 20:54 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-22 19:36 . 2011-05-25 01:48 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-10-16 05:14 1410400 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-26 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-18 9210400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-05-18 1407520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-25 1594664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"TpShocks"="c:\windows\system32\TpShocks.exe" [2009-09-02 186208]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2010-10-16 3122528]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-10-23 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-10-23 5064560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-9-22 795936]
Lenovo Smile Dock.lnk - c:\program files\DDNi\Lenovo Smile Dock\Delay.exe [2010-6-30 9728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-30 175104]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-21 20496]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-14 218688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-12-29 331776]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2010-01-22 172160]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\CC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\CC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.87.77.134 68.87.72.134
FF - ProfilePath - c:\users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\s6abq7or.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Google Chrome - c:\users\CC\AppData\Local\Google\Chrome\Application\12.0.742.122\Installer\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5360)
c:\windows\system32\IcnOvrly.dll
c:\program files\Lenovo\Bluetooth Software\btmmhook.dll
.
Completion time: 2011-07-17 19:07:44
ComboFix-quarantined-files.txt 2011-07-18 00:07
.
Pre-Run: 115,247,570,944 bytes free
Post-Run: 114,974,355,456 bytes free
.
- - End Of File - - DD19830371145354C5E521866CB923FA

Edited by Bara no Uta, 17 July 2011 - 07:25 PM.


#14 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:12:05 PM

Posted 17 July 2011 - 07:28 PM

We need to get additional information about some files.

Please go to the following site:
http://www.virustotal.com/
Click on Choose File, and then upload the following file for analysis:
c:\windows\system32\IcnOvrly.dll

Then click Send File and allow the file to be scanned.

Please ensure the scan is complete and the results saved before submitting the next.
If a pop-up appears saying the file has been scanned already, please select the ReScan button.

Please copy and paste the results here for me to see.





Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and right-click and choose Run as Administrator on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#15 Bara no Uta

Bara no Uta
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 17 July 2011 - 07:55 PM

VirusTotal had next to no information on that file, unfortunately.
Result: 0/ 43 (0.0%)
None of the antiviruses said anything about it. Should I copy the additional information as well? (I saved a link to the results.)

Anyway, TDSSKiller found something, and since rebooting my computer, I have not had any Avast popups about IE, and when I tested a Google search, it didn't redirect this time! Also, I'm able to open things again!

Here is the log:
2011/07/17 19:40:56.0547 0468 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/17 19:40:57.0187 0468 ================================================================================
2011/07/17 19:40:57.0187 0468 SystemInfo:
2011/07/17 19:40:57.0187 0468
2011/07/17 19:40:57.0187 0468 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/17 19:40:57.0187 0468 Product type: Workstation
2011/07/17 19:40:57.0187 0468 ComputerName: CC-PC
2011/07/17 19:40:57.0187 0468 UserName: CC
2011/07/17 19:40:57.0187 0468 Windows directory: C:\windows
2011/07/17 19:40:57.0187 0468 System windows directory: C:\windows
2011/07/17 19:40:57.0187 0468 Processor architecture: Intel x86
2011/07/17 19:40:57.0187 0468 Number of processors: 2
2011/07/17 19:40:57.0187 0468 Page size: 0x1000
2011/07/17 19:40:57.0187 0468 Boot type: Normal boot
2011/07/17 19:40:57.0187 0468 ================================================================================
2011/07/17 19:40:58.0045 0468 Initialize success
2011/07/17 19:41:00.0712 4320 ================================================================================
2011/07/17 19:41:00.0712 4320 Scan started
2011/07/17 19:41:00.0712 4320 Mode: Manual;
2011/07/17 19:41:00.0712 4320 ================================================================================
2011/07/17 19:41:01.0867 4320 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/07/17 19:41:02.0070 4320 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/07/17 19:41:02.0226 4320 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/07/17 19:41:02.0382 4320 ACPIVPC (87114efedeb94af49323ca61f344716d) C:\windows\system32\DRIVERS\AcpiVpc.sys
2011/07/17 19:41:02.0569 4320 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/17 19:41:02.0772 4320 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/17 19:41:02.0912 4320 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/17 19:41:03.0146 4320 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/07/17 19:41:03.0333 4320 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/07/17 19:41:03.0536 4320 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/07/17 19:41:03.0832 4320 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/07/17 19:41:03.0910 4320 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/07/17 19:41:03.0988 4320 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/07/17 19:41:04.0066 4320 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/17 19:41:04.0113 4320 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/17 19:41:04.0269 4320 amdsata (e8887df31600cee28eddd5e6ffaaeed7) C:\windows\system32\DRIVERS\amdsata.sys
2011/07/17 19:41:04.0441 4320 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/17 19:41:04.0488 4320 amdxata (2d31914d521c5d36613063cb06d1b12c) C:\windows\system32\DRIVERS\amdxata.sys
2011/07/17 19:41:04.0566 4320 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/07/17 19:41:04.0675 4320 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/07/17 19:41:04.0737 4320 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/17 19:41:04.0862 4320 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\windows\system32\drivers\aswFsBlk.sys
2011/07/17 19:41:05.0018 4320 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\windows\system32\drivers\aswMonFlt.sys
2011/07/17 19:41:05.0112 4320 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\windows\system32\drivers\aswRdr.sys
2011/07/17 19:41:05.0236 4320 aswSnx (17230708a2028cd995656df455f2e303) C:\windows\system32\drivers\aswSnx.sys
2011/07/17 19:41:05.0377 4320 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\windows\system32\drivers\aswSP.sys
2011/07/17 19:41:05.0502 4320 aswTdi (984cfce2168286c2511695c2f9621475) C:\windows\system32\drivers\aswTdi.sys
2011/07/17 19:41:05.0564 4320 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/17 19:41:05.0642 4320 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/07/17 19:41:05.0767 4320 athr (6a661d017c4e5cd313f6a55acf1d7465) C:\windows\system32\DRIVERS\athr.sys
2011/07/17 19:41:06.0048 4320 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/07/17 19:41:06.0141 4320 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/07/17 19:41:06.0297 4320 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/07/17 19:41:06.0422 4320 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/17 19:41:06.0562 4320 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/07/17 19:41:06.0625 4320 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/17 19:41:06.0672 4320 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/17 19:41:06.0765 4320 Bridge0 (b35bb97b6dd9913093579f5c83962636) C:\windows\system32\drivers\WDBridge.sys
2011/07/17 19:41:06.0859 4320 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/07/17 19:41:06.0890 4320 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/17 19:41:06.0937 4320 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/17 19:41:06.0984 4320 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/17 19:41:07.0077 4320 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/07/17 19:41:07.0108 4320 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/17 19:41:07.0155 4320 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/07/17 19:41:07.0249 4320 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/07/17 19:41:07.0311 4320 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/07/17 19:41:07.0389 4320 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
2011/07/17 19:41:07.0514 4320 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\windows\system32\drivers\btwaudio.sys
2011/07/17 19:41:07.0608 4320 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\drivers\btwavdt.sys
2011/07/17 19:41:07.0732 4320 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/07/17 19:41:07.0779 4320 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys
2011/07/17 19:41:08.0107 4320 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/17 19:41:08.0263 4320 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/07/17 19:41:08.0388 4320 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/07/17 19:41:08.0512 4320 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/07/17 19:41:08.0731 4320 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/17 19:41:08.0856 4320 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/07/17 19:41:08.0934 4320 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/07/17 19:41:09.0012 4320 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/17 19:41:09.0074 4320 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/07/17 19:41:09.0152 4320 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/17 19:41:09.0277 4320 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/07/17 19:41:09.0402 4320 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/07/17 19:41:09.0526 4320 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/07/17 19:41:09.0651 4320 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/07/17 19:41:09.0729 4320 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\windows\system32\DRIVERS\dtsoftbus01.sys
2011/07/17 19:41:09.0823 4320 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/17 19:41:10.0026 4320 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/07/17 19:41:10.0291 4320 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/17 19:41:10.0369 4320 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/07/17 19:41:10.0462 4320 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/07/17 19:41:10.0525 4320 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/07/17 19:41:10.0572 4320 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/07/17 19:41:10.0681 4320 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/07/17 19:41:10.0728 4320 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/07/17 19:41:10.0790 4320 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/17 19:41:12.0740 4320 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/07/17 19:41:12.0912 4320 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/07/17 19:41:12.0990 4320 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/17 19:41:13.0083 4320 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/17 19:41:13.0208 4320 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/17 19:41:13.0286 4320 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/07/17 19:41:13.0364 4320 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/07/17 19:41:13.0442 4320 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/07/17 19:41:13.0504 4320 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/17 19:41:13.0536 4320 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/17 19:41:13.0598 4320 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/07/17 19:41:13.0723 4320 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/07/17 19:41:13.0941 4320 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/07/17 19:41:14.0019 4320 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/07/17 19:41:14.0082 4320 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/07/17 19:41:14.0222 4320 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/07/17 19:41:14.0331 4320 iaStor (26541a068572f650a2fa490726fe81be) C:\windows\system32\DRIVERS\iaStor.sys
2011/07/17 19:41:14.0487 4320 iaStorV (2d2918606673c46769fb516a5ace958e) C:\windows\system32\DRIVERS\iaStorV.sys
2011/07/17 19:41:14.0784 4320 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/07/17 19:41:15.0127 4320 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/17 19:41:15.0314 4320 IntcAzAudAddService (0d8c36a8020898bea12ad3087c22ff7f) C:\windows\system32\drivers\RTKVHDA.sys
2011/07/17 19:41:15.0470 4320 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/07/17 19:41:15.0610 4320 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/17 19:41:15.0704 4320 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/07/17 19:41:15.0751 4320 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/07/17 19:41:15.0829 4320 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/07/17 19:41:15.0891 4320 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/07/17 19:41:15.0954 4320 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/07/17 19:41:16.0032 4320 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\windows\system32\DRIVERS\k57nd60x.sys
2011/07/17 19:41:16.0172 4320 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/07/17 19:41:16.0297 4320 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/07/17 19:41:16.0344 4320 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/07/17 19:41:16.0422 4320 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/17 19:41:16.0687 4320 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/17 19:41:16.0843 4320 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/17 19:41:16.0905 4320 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/17 19:41:16.0968 4320 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/17 19:41:17.0014 4320 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/17 19:41:17.0092 4320 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/07/17 19:41:17.0170 4320 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/07/17 19:41:17.0233 4320 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/17 19:41:17.0295 4320 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/07/17 19:41:17.0373 4320 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/07/17 19:41:17.0436 4320 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/07/17 19:41:17.0514 4320 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/17 19:41:17.0576 4320 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/07/17 19:41:17.0623 4320 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/07/17 19:41:17.0685 4320 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/07/17 19:41:17.0748 4320 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/07/17 19:41:17.0841 4320 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/17 19:41:17.0888 4320 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/17 19:41:17.0950 4320 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/17 19:41:18.0013 4320 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/07/17 19:41:18.0075 4320 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/07/17 19:41:18.0169 4320 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/07/17 19:41:18.0247 4320 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/17 19:41:18.0294 4320 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/07/17 19:41:18.0403 4320 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/17 19:41:18.0465 4320 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/17 19:41:18.0512 4320 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/07/17 19:41:18.0574 4320 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/07/17 19:41:18.0637 4320 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/07/17 19:41:18.0699 4320 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/07/17 19:41:18.0746 4320 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/17 19:41:18.0793 4320 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/07/17 19:41:18.0902 4320 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/17 19:41:18.0980 4320 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/07/17 19:41:19.0074 4320 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/17 19:41:19.0152 4320 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/17 19:41:19.0230 4320 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/17 19:41:19.0261 4320 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/17 19:41:19.0308 4320 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/07/17 19:41:19.0370 4320 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/07/17 19:41:19.0432 4320 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/07/17 19:41:19.0682 4320 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\windows\system32\DRIVERS\netw5v32.sys
2011/07/17 19:41:19.0885 4320 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/17 19:41:20.0010 4320 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/07/17 19:41:20.0072 4320 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/07/17 19:41:20.0197 4320 Ntfs (b0ff28fef1c6b51bc1ac91b9ffd5d00e) C:\windows\system32\drivers\Ntfs.sys
2011/07/17 19:41:20.0306 4320 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/07/17 19:41:20.0368 4320 nvraid (d71feb6fcb0912eb238f0cfe5cb085b8) C:\windows\system32\DRIVERS\nvraid.sys
2011/07/17 19:41:20.0446 4320 nvstor (1d8b6a440dff2bdeaa4eb209fcba21bf) C:\windows\system32\DRIVERS\nvstor.sys
2011/07/17 19:41:20.0493 4320 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/07/17 19:41:20.0540 4320 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/07/17 19:41:20.0805 4320 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/07/17 19:41:20.0914 4320 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/07/17 19:41:21.0039 4320 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/07/17 19:41:21.0117 4320 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/07/17 19:41:21.0180 4320 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/07/17 19:41:21.0226 4320 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/17 19:41:21.0289 4320 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/07/17 19:41:21.0351 4320 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/07/17 19:41:21.0632 4320 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/17 19:41:21.0694 4320 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/07/17 19:41:21.0882 4320 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/07/17 19:41:22.0038 4320 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/17 19:41:22.0225 4320 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/17 19:41:22.0287 4320 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/07/17 19:41:22.0334 4320 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/17 19:41:22.0428 4320 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/17 19:41:22.0490 4320 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/17 19:41:22.0646 4320 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/17 19:41:22.0740 4320 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/17 19:41:22.0802 4320 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/17 19:41:22.0864 4320 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/17 19:41:22.0927 4320 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/17 19:41:23.0005 4320 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/07/17 19:41:23.0067 4320 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/07/17 19:41:23.0161 4320 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/07/17 19:41:23.0301 4320 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/07/17 19:41:23.0520 4320 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/07/17 19:41:23.0769 4320 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/17 19:41:23.0878 4320 RSUSBSTOR (7cc293d2f95f8d0a5a4883e21b303d89) C:\windows\system32\Drivers\RtsUStor.sys
2011/07/17 19:41:24.0019 4320 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/07/17 19:41:24.0190 4320 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/07/17 19:41:24.0300 4320 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/17 19:41:24.0534 4320 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/07/17 19:41:24.0736 4320 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/07/17 19:41:24.0830 4320 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/07/17 19:41:24.0939 4320 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/17 19:41:25.0080 4320 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/07/17 19:41:25.0158 4320 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/07/17 19:41:25.0220 4320 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/07/17 19:41:25.0282 4320 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/17 19:41:25.0392 4320 Shockprf (459874a6b52a7b786b5378b2d54e708e) C:\windows\system32\DRIVERS\Apsx86.sys
2011/07/17 19:41:25.0485 4320 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/07/17 19:41:25.0532 4320 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/17 19:41:25.0579 4320 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/17 19:41:25.0766 4320 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/07/17 19:41:25.0922 4320 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/07/17 19:41:26.0187 4320 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys
2011/07/17 19:41:26.0390 4320 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys
2011/07/17 19:41:26.0593 4320 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/17 19:41:26.0827 4320 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/17 19:41:26.0998 4320 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/07/17 19:41:27.0248 4320 SynTP (53d429d38e8fb5e0cd9225353006af0f) C:\windows\system32\DRIVERS\SynTP.sys
2011/07/17 19:41:27.0591 4320 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/07/17 19:41:27.0872 4320 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/17 19:41:28.0122 4320 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/07/17 19:41:28.0309 4320 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/07/17 19:41:28.0465 4320 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/07/17 19:41:28.0668 4320 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/07/17 19:41:28.0886 4320 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/07/17 19:41:29.0151 4320 TPDIGIMN (22f829dadacbe28a40f385bc2dcea2ef) C:\windows\system32\DRIVERS\ApsHM86.sys
2011/07/17 19:41:29.0416 4320 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/17 19:41:29.0650 4320 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/17 19:41:29.0853 4320 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/17 19:41:30.0056 4320 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/07/17 19:41:30.0352 4320 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/07/17 19:41:30.0586 4320 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/07/17 19:41:30.0789 4320 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/07/17 19:41:31.0023 4320 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/17 19:41:31.0226 4320 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/07/17 19:41:31.0413 4320 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/07/17 19:41:31.0632 4320 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/17 19:41:31.0803 4320 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/07/17 19:41:31.0975 4320 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/17 19:41:32.0100 4320 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/07/17 19:41:32.0302 4320 usbsmi (ff04ee7750229600a59b900d663164b1) C:\windows\system32\DRIVERS\SMIksdrv.sys
2011/07/17 19:41:32.0505 4320 USBSTOR (694c991cd0b8138888f086da6009adbc) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/07/17 19:41:32.0739 4320 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/07/17 19:41:32.0958 4320 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/07/17 19:41:33.0207 4320 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/07/17 19:41:33.0426 4320 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/17 19:41:33.0628 4320 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/07/17 19:41:33.0847 4320 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/07/17 19:41:34.0065 4320 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/07/17 19:41:34.0268 4320 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/07/17 19:41:34.0455 4320 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/07/17 19:41:34.0658 4320 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/07/17 19:41:34.0830 4320 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/07/17 19:41:35.0048 4320 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/17 19:41:35.0064 4320 Suspicious file (Forged): C:\windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/07/17 19:41:35.0079 4320 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/17 19:41:35.0298 4320 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/17 19:41:35.0516 4320 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/07/17 19:41:35.0719 4320 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/07/17 19:41:35.0922 4320 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/17 19:41:37.0450 4320 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/17 19:41:37.0513 4320 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/17 19:41:37.0653 4320 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/07/17 19:41:37.0716 4320 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/07/17 19:41:37.0840 4320 wdmirror (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\windows\system32\DRIVERS\WDMirror.sys
2011/07/17 19:41:38.0043 4320 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/17 19:41:38.0137 4320 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys
2011/07/17 19:41:38.0230 4320 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/07/17 19:41:38.0511 4320 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/07/17 19:41:38.0620 4320 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/07/17 19:41:38.0776 4320 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/17 19:41:38.0964 4320 wsvd (baedc491374defd5e76336901d6d397d) C:\windows\system32\DRIVERS\wsvd.sys
2011/07/17 19:41:39.0073 4320 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/07/17 19:41:39.0151 4320 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/07/17 19:41:39.0338 4320 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/17 19:41:39.0369 4320 Boot (0x1200) (83ba5d31b6e8932f687649ff5f691c7d) \Device\Harddisk0\DR0\Partition0
2011/07/17 19:41:39.0416 4320 Boot (0x1200) (7189d4e7422d82e77369c71d7c477f0f) \Device\Harddisk0\DR0\Partition1
2011/07/17 19:41:39.0478 4320 Boot (0x1200) (fee2e2f77438450d5983997082133352) \Device\Harddisk0\DR0\Partition2
2011/07/17 19:41:39.0494 4320 ================================================================================
2011/07/17 19:41:39.0494 4320 Scan finished
2011/07/17 19:41:39.0494 4320 ================================================================================
2011/07/17 19:41:39.0556 5904 Detected object count: 1
2011/07/17 19:41:39.0556 5904 Actual detected object count: 1
2011/07/17 19:42:12.0394 5904 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/17 19:42:12.0410 5904 Suspicious file (Forged): C:\windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/07/17 19:42:14.0688 5904 Backup copy found, using it..
2011/07/17 19:42:14.0734 5904 C:\windows\system32\DRIVERS\volsnap.sys - will be cured after reboot
2011/07/17 19:42:14.0734 5904 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/07/17 19:42:53.0378 3668 Deinitialize success

Edited by Bara no Uta, 17 July 2011 - 07:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users