Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Rootkit or some other rootkit problem


  • This topic is locked This topic is locked
30 replies to this topic

#1 IHateAbnormalities

IHateAbnormalities

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 04 September 2011 - 02:51 PM

AVG had been detecting several threats and there were numerous browser redirects in Firefox for a while (not sure about IE, because I don't like using it). Afterwards, AVG had been disabled for a few days and there were still numerous browser redirects in Firefox, which lead me to download Avira, and a complete system scan from it in Safe Mode resulted in detections of the Zero Access Rootkit (tdx.sys). After removing everything that Avira detected (a couple of the other files detected were Seaport.exe, Avira's own scheduler file, SupServ.exe, and other files detected as FakeRean. I cannot really remember everything else.) I found that I could no longer connect to the internet because of tdx.sys having been removed. I shut the laptop down and hit the F8 key and used System Restore to restore to an earlier point. AVG was still disabled although I remember AVG being functional at that point, but I could connect to the internet now. I have not seen any more browser redirects. I have logs for DDS and GMER below.


.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Brian at 12:33:15 on 2011-09-04
Microsoft Windows 7 Professional 6.1.7601.1.950.852.1033.18.2039.932 [GMT -6:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SndVol.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://centercomputer.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /systray /nologon
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{918534EB-33E3-47C4-B14B-000DD5FD48C6} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{918534EB-33E3-47C4-B14B-000DD5FD48C6}\16C616D6163686F6F6 : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{918534EB-33E3-47C4-B14B-000DD5FD48C6}\35570716D6F6D6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{918534EB-33E3-47C4-B14B-000DD5FD48C6}\5405350294E6475627E6564702F4E6C697 : DhcpNameServer = 10.0.5.3 10.0.4.1
TCP: Interfaces\{918534EB-33E3-47C4-B14B-000DD5FD48C6}\7414D414023545F42554 : DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242
TCP: Interfaces\{918534EB-33E3-47C4-B14B-000DD5FD48C6}\9555 : DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\yeawku95.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-11 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-11 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-11 243152]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-9-25 90112]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-12 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 135664]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-19 18848]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-11 135664]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-9-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-9-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-9-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-9-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-9-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-9-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-9-25 109864]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-19 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-12 1343400]
.
=============== Created Last 30 ================
.
2011-09-01 03:29:37 -------- d-----w- c:\users\brian\appdata\roaming\Avira
2011-09-01 03:25:10 -------- d-----w- c:\programdata\Avira
2011-09-01 03:25:10 -------- d-----w- c:\program files\Avira
2011-08-28 23:35:17 -------- d-----w- c:\users\brian\appdata\roaming\Malwarebytes
2011-08-28 23:35:02 -------- d-----w- c:\programdata\Malwarebytes
2011-08-28 23:34:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-11 01:47:24 -------- d-----w- C:\a9baa48b8985e961bd57
.
==================== Find3M ====================
.
2011-07-08 20:53:34 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-21 18:14:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:34:29.10 ===============


-------


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-04 13:26:02
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\Brian\AppData\Local\Temp\agloqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A53339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8CD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 ACC8C000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 ACC8C123 629 Bytes [75, C8, AC, FE, 05, 34, 75, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 ACC8C399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F ACC8C3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B ACC8C4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3428] USER32.dll!RegisterMessagePumpHook + 2F1 77C58B9E 7 Bytes JMP 0011BF70 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3428] USER32.dll!PostMessageW + 43A 77C648B5 7 Bytes JMP 0011BE30 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3428] USER32.dll!SetDlgItemTextA + 25 77C7709F 7 Bytes JMP 0011BF50 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3428] USER32.dll!MessageBoxIndirectA + F5 77CAE95E 7 Bytes JMP 0011BFC0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3428] USER32.dll!MessageBoxIndirectW + 61 77CAE9C4 7 Bytes JMP 0011C090 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3428] USER32.dll!MessageBoxExA + 1F 77CAE9E8 7 Bytes JMP 0011C040 C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001d92c85506
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001d92c85506 (not active ControlSet)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB21255$\2708342285 0 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075 0 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\L 0 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\L\xadqgnnk 74752 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\U 0 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\U\@00000001 41360 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\U\@000000c0 2560 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\U\@000000cb 2048 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\U\@000000cf 1536 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\U\@80000000 24576 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\U\@800000c0 33280 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\U\@800000cb 27648 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\U\@800000cf 27648 bytes
File C:\Windows\$NtUninstallKB21255$\3890957075\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 04 September 2011 - 11:21 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image P2P - I see you have P2P software (Vuze) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at BC are complete.

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 05 September 2011 - 11:57 AM

I tried uninstalling Vuze before I ran TDSSKiller and ComboFix, but it didn't work. Would you like me to try again? It seems that I had both the TDSS rootkit and the Zero Access Rootkit. I have the logs ready for you. There are Chinese characters in the ComboFix log and I am not sure why that occurred. Thank you for your help.



2011/09/05 10:11:42.0546 2096 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 10:11:43.0097 2096 ================================================================================
2011/09/05 10:11:43.0097 2096 SystemInfo:
2011/09/05 10:11:43.0097 2096
2011/09/05 10:11:43.0097 2096 OS Version: 6.1.7601 ServicePack: 1.0
2011/09/05 10:11:43.0097 2096 Product type: Workstation
2011/09/05 10:11:43.0098 2096 ComputerName: BRIAN-PC
2011/09/05 10:11:43.0098 2096 UserName: Brian
2011/09/05 10:11:43.0098 2096 Windows directory: C:\Windows
2011/09/05 10:11:43.0098 2096 System windows directory: C:\Windows
2011/09/05 10:11:43.0098 2096 Processor architecture: Intel x86
2011/09/05 10:11:43.0098 2096 Number of processors: 2
2011/09/05 10:11:43.0098 2096 Page size: 0x1000
2011/09/05 10:11:43.0098 2096 Boot type: Normal boot
2011/09/05 10:11:43.0098 2096 ================================================================================
2011/09/05 10:11:44.0630 2096 Initialize success
2011/09/05 10:12:30.0784 3544 ================================================================================
2011/09/05 10:12:30.0784 3544 Scan started
2011/09/05 10:12:30.0784 3544 Mode: Manual;
2011/09/05 10:12:30.0784 3544 ================================================================================
2011/09/05 10:12:31.0799 3544 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/09/05 10:12:31.0902 3544 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/09/05 10:12:31.0993 3544 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/09/05 10:12:32.0082 3544 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/05 10:12:32.0141 3544 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/05 10:12:32.0193 3544 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/05 10:12:32.0344 3544 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/09/05 10:12:32.0515 3544 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/09/05 10:12:32.0613 3544 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/09/05 10:12:32.0670 3544 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/09/05 10:12:32.0731 3544 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/09/05 10:12:32.0779 3544 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/09/05 10:12:32.0806 3544 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/09/05 10:12:32.0863 3544 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/05 10:12:32.0900 3544 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/05 10:12:32.0992 3544 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/09/05 10:12:33.0054 3544 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/05 10:12:33.0092 3544 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/09/05 10:12:33.0172 3544 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/09/05 10:12:33.0305 3544 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/09/05 10:12:33.0348 3544 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/05 10:12:33.0402 3544 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/05 10:12:33.0449 3544 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/09/05 10:12:33.0560 3544 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2011/09/05 10:12:33.0753 3544 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2011/09/05 10:12:33.0804 3544 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2011/09/05 10:12:33.0837 3544 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys
2011/09/05 10:12:33.0929 3544 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/09/05 10:12:34.0023 3544 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/05 10:12:34.0128 3544 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/09/05 10:12:34.0212 3544 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/05 10:12:34.0309 3544 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/05 10:12:34.0347 3544 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/05 10:12:34.0373 3544 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/05 10:12:34.0429 3544 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/09/05 10:12:34.0460 3544 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/05 10:12:34.0490 3544 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/05 10:12:34.0517 3544 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/05 10:12:34.0603 3544 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/09/05 10:12:34.0656 3544 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/05 10:12:34.0728 3544 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/05 10:12:34.0781 3544 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
2011/09/05 10:12:34.0857 3544 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
2011/09/05 10:12:34.0917 3544 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/05 10:12:35.0008 3544 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/09/05 10:12:35.0089 3544 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/05 10:12:35.0144 3544 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/09/05 10:12:35.0219 3544 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/05 10:12:35.0268 3544 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/09/05 10:12:35.0316 3544 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/09/05 10:12:35.0369 3544 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/05 10:12:35.0431 3544 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/05 10:12:35.0500 3544 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/05 10:12:35.0607 3544 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/09/05 10:12:35.0717 3544 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/09/05 10:12:35.0759 3544 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/09/05 10:12:35.0837 3544 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/09/05 10:12:35.0926 3544 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/09/05 10:12:36.0001 3544 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/05 10:12:36.0181 3544 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/09/05 10:12:36.0402 3544 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/05 10:12:36.0459 3544 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/09/05 10:12:36.0511 3544 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/09/05 10:12:36.0564 3544 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/09/05 10:12:36.0604 3544 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/05 10:12:36.0664 3544 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/09/05 10:12:36.0696 3544 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/09/05 10:12:36.0718 3544 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/05 10:12:36.0766 3544 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/09/05 10:12:36.0833 3544 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/09/05 10:12:36.0871 3544 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/05 10:12:36.0930 3544 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/05 10:12:36.0988 3544 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/05 10:12:37.0061 3544 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/05 10:12:37.0171 3544 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/05 10:12:37.0250 3544 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/09/05 10:12:37.0308 3544 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/05 10:12:37.0329 3544 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/05 10:12:37.0358 3544 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/05 10:12:37.0394 3544 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/05 10:12:37.0481 3544 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/09/05 10:12:37.0638 3544 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/05 10:12:37.0717 3544 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/09/05 10:12:37.0773 3544 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/05 10:12:37.0859 3544 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/09/05 10:12:37.0950 3544 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/09/05 10:12:38.0212 3544 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/05 10:12:38.0438 3544 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/05 10:12:38.0517 3544 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/09/05 10:12:38.0578 3544 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/05 10:12:38.0642 3544 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/05 10:12:38.0697 3544 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/05 10:12:38.0721 3544 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/09/05 10:12:38.0797 3544 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/09/05 10:12:38.0842 3544 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/09/05 10:12:38.0907 3544 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/09/05 10:12:38.0976 3544 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/09/05 10:12:39.0047 3544 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/09/05 10:12:39.0117 3544 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/05 10:12:39.0179 3544 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/05 10:12:39.0278 3544 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/05 10:12:39.0353 3544 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/05 10:12:39.0396 3544 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/05 10:12:39.0430 3544 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/05 10:12:39.0468 3544 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/05 10:12:39.0504 3544 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/09/05 10:12:39.0561 3544 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/05 10:12:39.0604 3544 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/05 10:12:39.0678 3544 MLPTDR_Q (b39bf953a3a304a2d12751692ec355a0) C:\Windows\system32\MLPTDR_Q.sys
2011/09/05 10:12:39.0738 3544 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/09/05 10:12:39.0787 3544 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/05 10:12:39.0856 3544 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/09/05 10:12:39.0909 3544 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/05 10:12:39.0966 3544 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/09/05 10:12:40.0035 3544 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/09/05 10:12:40.0098 3544 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/05 10:12:40.0167 3544 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/09/05 10:12:40.0225 3544 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/05 10:12:40.0287 3544 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/05 10:12:40.0335 3544 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/05 10:12:40.0395 3544 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/09/05 10:12:40.0445 3544 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/09/05 10:12:40.0523 3544 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/09/05 10:12:40.0581 3544 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/05 10:12:40.0643 3544 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/09/05 10:12:40.0725 3544 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/05 10:12:40.0747 3544 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/05 10:12:40.0775 3544 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/09/05 10:12:40.0822 3544 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/09/05 10:12:40.0873 3544 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/09/05 10:12:40.0901 3544 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/09/05 10:12:40.0928 3544 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/05 10:12:40.0973 3544 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/09/05 10:12:41.0035 3544 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/05 10:12:41.0125 3544 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/09/05 10:12:41.0218 3544 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/05 10:12:41.0289 3544 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/05 10:12:41.0370 3544 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/05 10:12:41.0434 3544 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/05 10:12:41.0494 3544 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/09/05 10:12:41.0583 3544 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/05 10:12:41.0634 3544 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/05 10:12:41.0731 3544 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/05 10:12:41.0783 3544 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/09/05 10:12:41.0832 3544 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/05 10:12:41.0967 3544 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/09/05 10:12:42.0028 3544 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/09/05 10:12:42.0115 3544 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/09/05 10:12:42.0200 3544 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/09/05 10:12:42.0252 3544 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/09/05 10:12:42.0311 3544 O2MDRDR (634ff60f418792906887b3d6ceecb431) C:\Windows\system32\DRIVERS\o2media.sys
2011/09/05 10:12:42.0393 3544 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/09/05 10:12:42.0522 3544 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/09/05 10:12:42.0575 3544 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/09/05 10:12:42.0609 3544 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/05 10:12:42.0761 3544 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/09/05 10:12:42.0811 3544 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/09/05 10:12:42.0866 3544 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/05 10:12:42.0903 3544 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/09/05 10:12:42.0950 3544 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/09/05 10:12:43.0107 3544 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/05 10:12:43.0139 3544 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/09/05 10:12:43.0218 3544 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/05 10:12:43.0313 3544 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/05 10:12:43.0423 3544 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/05 10:12:43.0473 3544 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/05 10:12:43.0515 3544 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/05 10:12:43.0592 3544 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/05 10:12:43.0647 3544 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/05 10:12:43.0709 3544 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/05 10:12:43.0773 3544 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/05 10:12:43.0843 3544 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/05 10:12:43.0885 3544 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/05 10:12:43.0963 3544 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/05 10:12:44.0054 3544 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/09/05 10:12:44.0142 3544 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/05 10:12:44.0196 3544 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/05 10:12:44.0263 3544 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/09/05 10:12:44.0344 3544 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/09/05 10:12:44.0458 3544 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/05 10:12:44.0581 3544 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/05 10:12:44.0665 3544 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/09/05 10:12:44.0781 3544 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/09/05 10:12:44.0844 3544 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/09/05 10:12:44.0893 3544 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/09/05 10:12:44.0960 3544 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/09/05 10:12:45.0027 3544 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/09/05 10:12:45.0077 3544 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/09/05 10:12:45.0114 3544 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/09/05 10:12:45.0172 3544 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/09/05 10:12:45.0262 3544 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/09/05 10:12:45.0340 3544 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/05 10:12:45.0422 3544 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
2011/09/05 10:12:45.0555 3544 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/05 10:12:45.0640 3544 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/05 10:12:45.0668 3544 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/09/05 10:12:45.0731 3544 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/05 10:12:45.0817 3544 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/09/05 10:12:45.0863 3544 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/05 10:12:45.0906 3544 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/05 10:12:45.0929 3544 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/05 10:12:46.0013 3544 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/09/05 10:12:46.0069 3544 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/05 10:12:46.0103 3544 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/05 10:12:46.0166 3544 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/09/05 10:12:46.0254 3544 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/09/05 10:12:46.0342 3544 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/09/05 10:12:46.0392 3544 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/05 10:12:46.0457 3544 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/05 10:12:46.0574 3544 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/05 10:12:46.0641 3544 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/09/05 10:12:46.0683 3544 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/09/05 10:12:46.0716 3544 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/09/05 10:12:46.0857 3544 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
2011/09/05 10:12:46.0986 3544 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/05 10:12:47.0063 3544 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/05 10:12:47.0130 3544 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/09/05 10:12:47.0156 3544 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/09/05 10:12:47.0222 3544 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/05 10:12:47.0258 3544 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/09/05 10:12:47.0355 3544 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/05 10:12:47.0424 3544 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/05 10:12:47.0503 3544 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/05 10:12:47.0575 3544 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/05 10:12:47.0631 3544 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/05 10:12:47.0711 3544 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/05 10:12:47.0972 3544 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/09/05 10:12:48.0033 3544 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/05 10:12:48.0123 3544 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/05 10:12:48.0192 3544 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/05 10:12:48.0258 3544 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/09/05 10:12:48.0319 3544 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/05 10:12:48.0389 3544 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/05 10:12:48.0433 3544 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/09/05 10:12:48.0496 3544 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/05 10:12:48.0540 3544 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/09/05 10:12:48.0569 3544 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/05 10:12:48.0640 3544 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/09/05 10:12:48.0715 3544 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/05 10:12:48.0760 3544 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/05 10:12:48.0791 3544 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/09/05 10:12:48.0837 3544 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/09/05 10:12:48.0882 3544 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/09/05 10:12:48.0915 3544 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/09/05 10:12:48.0955 3544 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/09/05 10:12:48.0998 3544 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/09/05 10:12:49.0036 3544 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/09/05 10:12:49.0067 3544 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/09/05 10:12:49.0099 3544 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/09/05 10:12:49.0135 3544 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/09/05 10:12:49.0192 3544 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/05 10:12:49.0238 3544 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/05 10:12:49.0300 3544 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/05 10:12:49.0360 3544 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/09/05 10:12:49.0426 3544 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/05 10:12:49.0470 3544 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 10:12:49.0490 3544 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/05 10:12:49.0578 3544 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/09/05 10:12:49.0623 3544 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/05 10:12:49.0740 3544 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/05 10:12:49.0774 3544 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/09/05 10:12:49.0926 3544 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/05 10:12:50.0032 3544 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/05 10:12:50.0162 3544 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/05 10:12:50.0245 3544 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/09/05 10:12:50.0305 3544 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/05 10:12:50.0417 3544 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/09/05 10:12:50.0425 3544 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/05 10:12:50.0440 3544 Boot (0x1200) (adec3c4c13ebf545adc968d84a3fbece) \Device\Harddisk0\DR0\Partition0
2011/09/05 10:12:50.0455 3544 ================================================================================
2011/09/05 10:12:50.0455 3544 Scan finished
2011/09/05 10:12:50.0455 3544 ================================================================================
2011/09/05 10:12:50.0472 2412 Detected object count: 1
2011/09/05 10:12:50.0472 2412 Actual detected object count: 1
2011/09/05 10:13:04.0574 2412 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/05 10:13:04.0574 2412 \Device\Harddisk0\DR0 - ok
2011/09/05 10:13:04.0576 2412 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/05 10:14:10.0167 2380 Deinitialize success



----



ComboFix 11-09-05.03 - Brian 5/2011 Mon 10:32:27.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.950.852.1033.18.2039.1161 [GMT -6:00]
執行位置: c:\users\Brian\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20101208184307_yuanda101208cha15s.gif
c:\favoritevideo\InvisibleFolder\20101231151726_pingan101231bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110104120724_wanglaoji110104zhu15sps.swf
c:\favoritevideo\InvisibleFolder\20110105145904_wanmeishenguishijie110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105170002_tianyijue110106zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107171232_woyouwangluo110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107184650_jingjishijie110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110110150804_fenghuangchuanshuo110112zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110110151203_fenghuangchuanshuo110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110110161527_guangyuwendao110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110110185008_woyouwangluo110111zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111152957_shenguishijia110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112095745_fankong110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112160227_ruishishoubiao110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112160420_xiaogou110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112172412_tianxiaer110114zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112182915_taobao110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112183023_taobao110113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113152901_doufaxiuxian110113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113153747_doufa110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110113165903_qiantengwang110114zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110114093829_taobao110114cha15s.swf
c:\favoritevideo\InvisibleFolder\20110114101253_huiyuan110114zangting15s.jpg
c:\favoritevideo\InvisibleFolder\20110114105016_taobao110115cha15s.swf
c:\favoritevideo\InvisibleFolder\20110114105142_taobao110115zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110114105528_taobao110115zhu15s1.swf
c:\favoritevideo\InvisibleFolder\20110114164529_miaoxiandao110117qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110114175916_baokuang.swf
c:\favoritevideo\InvisibleFolder\20110117111638_wopaiwang110117zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117170905_yimaishang110118zhu8s.swf
c:\favoritevideo\InvisibleFolder\20110117171735_jinshan110120zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110117171818_jinshan110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117174757_baidushinianyijian110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117174846_baidushinianyijian110118zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110117183157_juedifanji110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118135104_shilijia110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118135212_shilijia110118cha15s.swf
c:\favoritevideo\InvisibleFolder\20110118151616_guangyu110122qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110118152610_guangyuwendao110119zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118173357_maoxiandao110119zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110119150345_shinianyijian110120zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110119151040_shinianyijian110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110119171755_wanglaoji110120zanting15sps.swf
c:\favoritevideo\InvisibleFolder\20110119172009_wanglaoji110120cha15s.swf
c:\favoritevideo\InvisibleFolder\20110119173551_wanglaoji110120jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110119174611_lumi110119zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110119222239_aiyaya110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110120120903_aiyaya110120jiaobiaob.png
c:\favoritevideo\InvisibleFolder\20110221162855_taobao110221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110221163330_taobao110221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110221163558_taobao110221cha15s.swf
c:\favoritevideo\InvisibleFolder\20110221185002_lvshou110221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110222180543_xiaochunzaixiang110222zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110222180855_xiaochunzaixian110222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110223084615_hongghuang110222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110224101138_haoya110224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110224101426_suning110224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110224112519_pinju110224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110224145001_haolemai110224cha15s.swf
c:\favoritevideo\InvisibleFolder\20110224145756_haolemai110224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110224164100_hudongbaike110225zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110224180735_aotuma110224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110225130901_aotuma110225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110225193446_kaixinwang110228qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110301141520_taohuawang110301bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110301142105_taohuawang110301zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110302155337_maiwang110303bkqipao.swf
c:\favoritevideo\InvisibleFolder\20110303155639_n8110303zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110303181200_maibaobao110304zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110304172051_zhengtu110305zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110305114814_jianeng100307zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110307111147_jianeng110307zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110307175225_DNF110307zhu8s.swf
c:\favoritevideo\InvisibleFolder\20110307175358_dnf110307zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110308141136_chuangshixiyou110309bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110309172753_diguowenming110309zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110309180637_baoma110309zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110310142427_maiwang110311zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110310142655_maiwang110311zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110310143056_maiwang110311cha15s.swf
c:\favoritevideo\InvisibleFolder\20110311134216_yaodian100110311zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311134354_yaodian100110311cha15s.swf
c:\favoritevideo\InvisibleFolder\20110311163707_shoubiao110311zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311175903_qigou1103111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311180214_qiangxianwang110313zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311181215_chuangshixiyou110313zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110311181259_chuangshixiyou110312zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110314163707_lanmiu110315zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110314163957_lanmiu110315zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110314164254_lanmiu110315cha15s.swf
c:\favoritevideo\InvisibleFolder\20110314165927_sasa110314zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110314170021_sasa110314cha15s.swf
c:\favoritevideo\InvisibleFolder\20110314173630_shoubiao110314zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110314195115_honghuangshidai110315zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110315094634_honghuang110315bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110315125550_bmw110315zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110315152058_yaodian110316cha15s.swf
c:\favoritevideo\InvisibleFolder\20110315152309_yaodian110316zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110315172101_changyou110317zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110315215843_fanren110316zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316172119_ouluna110317zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316181043_fanrenxiuxian110317zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110316182151_tankeshijie110317zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316195754_wushen110317zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316215945_alibaba110317zhu8s.swf
c:\favoritevideo\InvisibleFolder\20110316220050_alibaba110317cha15s.swf
c:\favoritevideo\InvisibleFolder\20110316220331_alibaba110317zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110316221211_caipiao110316zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110316221307_caipiao110316bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110402150520_xingji2110406qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110408231004_pangu110409zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110411105817_honghuangshenhua110411bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110411140706_jiaoyunbao110411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110411141351_jiaoyuebao110411zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110411154758_fanke110408zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110411162852_baojun110412cha15s.swf
c:\favoritevideo\InvisibleFolder\20110411163011_baojun110412zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110411163057_maiwang110412zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110411163328_maiwang110412zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110411163736_zhengtu110412zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110411171616_jiangxinglu110411zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110411175217_mengbasha110412jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110412113218_xiayishijie110413zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110412113406_xiayishijie110413zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110412140320_haiyang110412zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110412140526_haiyang110412zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110412161732_shushanshenhua110413qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110412162400_shushanshenhua110415zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110413144451_shushanshenhua110414qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110413150134_shushanshenhua110414zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110413185602_souhuweibo110415qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110413194822_furenguo110414zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110414133404_lanqiu110414zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110414133913_lanqiu110414zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110414155452_zhengtu110414zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110414155700_zhengtu110415qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110414165702_zhihan110415zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110414173501_maiwang110415cha15s.swf
c:\favoritevideo\InvisibleFolder\20110415093235_hapi110415zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110415110625_alibaba110415zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110415110754_alibaba110415cha15s.swf
c:\favoritevideo\InvisibleFolder\20110415151859_changhong110418zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110415152155_baidu110418zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110415162949_guangfa110418zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110415163334_guangfa110415zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110415193120_zhengtu2110416zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110415202935_sanling110418zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110416210637_fanrenxiuzhen110417zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110418173151_20110415165924_baojun110415zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110418173323_20110415165825_baojun110415cha15s.swf
c:\favoritevideo\InvisibleFolder\20110418173558_pangu110419zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110418174526_feixue110419zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110418174651_feixue110419zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110419175755_zuoxuan110420zhu15s.gif
c:\favoritevideo\InvisibleFolder\20110419184450_zhengtu110421zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110419185317_zhengtu110422zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110419185516_zhengtu110422zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110419185938_zhengtu110423zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110419190241_zhengtu110423zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110419193628_tuanxiuwang110420zhu15.swf
c:\favoritevideo\InvisibleFolder\20110419211259_yingxiongyuanzheng110420zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110419212155_yingxiongyuanzheng110420bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110420111752_fanke110420back15s.swf
c:\favoritevideo\InvisibleFolder\20110420114715_jiyejia110420zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110420163112_sinaweibo110420zanting.swf
c:\favoritevideo\InvisibleFolder\20110420172514_maiwang110421zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110420172727_maiwang110421zanting.swf
c:\favoritevideo\InvisibleFolder\20110420180529_caipiao110420zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110420180645_qiannvyouhun110421zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110420180759_qiannvyouhun110421zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110420180808_baidu110421zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110420180814_qiangxianwang110420zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110420180923_baidu110421zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110420181302_sinuotao110420zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110420181927_guomei110420jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110420182200_guomei110420zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110420190511_fangbushengfang110420zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110420191022_fangbushengfang110420zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110421000727_suning110421zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110421153218_zhengtu2110422zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110421155302_qiannvyouhun110422zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110421155459_qiannvyouhun110422qipao.swf
c:\favoritevideo\InvisibleFolder\20110421160347_qiannvyouhun110423zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110421162307_1haodian110421zanting.swf
c:\favoritevideo\InvisibleFolder\20110421162753_1haodian110421qipao.swf
c:\favoritevideo\InvisibleFolder\20110421165254_zhongqingbaoxuanwu110422cha15s.swf
c:\favoritevideo\InvisibleFolder\20110421180635_pangu110422zanting.swf
c:\favoritevideo\InvisibleFolder\20110421180823_pangu110422qipao.swf
c:\favoritevideo\InvisibleFolder\20110421183809_moyu110428qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110421190458_pptv110421zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110422110854_aojian110422zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110422114555_moshou110425qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110422115546_ellezhihuan110422zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110422132137_xinlangchezhan110422zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110422141515_qiantengwang110422zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110422142304_maibaobao110422zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110422161207_pangu110423zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110422161416_pangu110423zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110422161728_jiangxinglu110424zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110422163521_woyouwang110422zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110422173708_zhengtu2110424zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110422174053_zhengtu2110423zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110422175806_xingjizhimen110423zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110422175954_xingjizhimen110423zanting.swf
c:\favoritevideo\InvisibleFolder\20110422182329_qiangxianwang110422zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110422182953_zhongqingbaoxuanwu110425zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110422190336_zhongqingbaoxuanwu110423qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110422190457_zhongqingbaoxuanwu110425zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110422191824_gaopeng110422zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110422192224_gaopeng110423cha15s.swf
c:\favoritevideo\InvisibleFolder\20110422193751_shenghuojia110425back15s.swf
c:\favoritevideo\InvisibleFolder\20110422195529_shenghuojia110425zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110422201623_shenghuojia110425ikanback.swf
c:\favoritevideo\InvisibleFolder\20110429170103_lianxiang110504zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110429170746_lianxiang110504zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110503184320_shasha110503zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110503184727_shasha110503zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110503184837_shasha110503cha15s.swf
c:\favoritevideo\InvisibleFolder\20110509115933_lianyun110509zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110512135039_kappa110512zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110512135319_kappa110512zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110512141004_pingan110512zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110516180854_nandibeigai110517zanting.swf
c:\favoritevideo\InvisibleFolder\20110516181120_nandibeigai110517cha15s.swf
c:\favoritevideo\InvisibleFolder\20110517112023_shenghuojia110517back15s.swf
c:\favoritevideo\InvisibleFolder\20110517112106_shenghuojia110517zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110517112202_shenghuojia110517cha15s.jpg
c:\favoritevideo\InvisibleFolder\20110518155235_hapi110518zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110518155412_hapi110518zanting.swf
c:\favoritevideo\InvisibleFolder\20110523183612_maidong110523jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110524174220_mofafengyun110525zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110524180950_mofafengyun110525cha15s.swf
c:\favoritevideo\InvisibleFolder\20110527120150_shinianyijian110528zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110527174914_dongfengrichan110528zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110527175154_dongfengrichan110528cha15s.swf
c:\favoritevideo\InvisibleFolder\20110527180412_suteng110528zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110527194421_shinianyijian110528cha15s.swf
c:\favoritevideo\InvisibleFolder\20110530103704_dongfengbiaozhi110530zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110530151439_maiwang110530zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110530151555_maiwang110530zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110530151721_maiwang110530cha15s.swf
c:\favoritevideo\InvisibleFolder\20110530180926_zhongguoliantong110601zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110530185052_diguofengyun110530zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110530190643_diguowenming110530cha15s.swf
c:\favoritevideo\InvisibleFolder\20110531120453_aierlan110601zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110531120619_aierlan110601cha15s.swf
c:\favoritevideo\InvisibleFolder\20110531120733_aierlan110601zanting.swf
c:\favoritevideo\InvisibleFolder\20110531184246_kangshifu110601cha15s.swf
c:\favoritevideo\InvisibleFolder\20110531184333_kangshifu110601zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110531184520_kangshifu110601zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110601104025_haohaizi110601zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110601105643_haohaizi110601zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110601164523_yili110601jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110601193508_sanchuan110601zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110601193736_jianfei110601zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110601202818_dongfengbiaozhi110607cha15s.swf
c:\favoritevideo\InvisibleFolder\20110601211143_bishengyuan110601jiao15schangrun.swf
c:\favoritevideo\InvisibleFolder\20110602141942_yujianjianghu110603zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110602142025_yujianjianghu110603zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110602142423_yujianjianghu110603cha15s.swf
c:\favoritevideo\InvisibleFolder\20110602212330_qianheng110602zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110602215951_maibaobao110603cha15s1.swf
c:\favoritevideo\InvisibleFolder\20110602220945_guomei110603zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110602221038_guomei110603zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110603122214_lvshou110603zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110603190358_suningyigou110603zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110603190530_suningyigou110603zanting.swf
c:\favoritevideo\InvisibleFolder\20110606225307_tiandiyingxiong110607cha15s.swf
c:\favoritevideo\InvisibleFolder\20110606225353_tiandiyingxiong110607zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110607111802_aojian110607zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110607111934_aojian110607zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110607144501_paipaiwang110607zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110607144741_paipaiwang110607zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110607155938_guomei110607zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110607160211_guomei110607zanting.swf
c:\favoritevideo\InvisibleFolder\20110607174804_tankedazhan110607zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110608180138_tankeshijie110609zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110609122300_youyihutong110609zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110609132100_zhengtu2110609qipao.swf
c:\favoritevideo\InvisibleFolder\20110609132257_zhengtu2110610zanting.swf
c:\favoritevideo\InvisibleFolder\20110609162358_maibaobao110610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110609162617_maibaobao110610zanting.swf
c:\favoritevideo\InvisibleFolder\20110609172153_xiaoxiaorenzhe110610cha15s.swf
c:\favoritevideo\InvisibleFolder\20110609172302_xiaoxiaorenzhe110610zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110610111237_xinshangwang110610zanting.swf
c:\favoritevideo\InvisibleFolder\20110610135043_zhengtu2110611qipao.swf
c:\favoritevideo\InvisibleFolder\20110610135228_zhengtu2110612qipao.swf
c:\favoritevideo\InvisibleFolder\20110610135508_zhengtu2110611zanting.swf
c:\favoritevideo\InvisibleFolder\20110610164414_taobao110615zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110610174456_tengxundnf110614zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110610175315_kc110610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110610181128_tengxundnf110613zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110610205544_paipaiwang110611zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110628183241_ipad110628zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110628183325_ipad110628zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110701201118_haiyanggongyuan110704cha15s.swf
c:\favoritevideo\InvisibleFolder\20110701201256_haiyanggongyuan110704zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110701201555_haiyanggongyuan110704jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110705150125_pinganchexian110705zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110706153126_zhenai110706zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110708110551_alibaba110711zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110714133021_pinganchexian110714zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110715105349_shenghuojia110715zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110715105538_shenghuojia110715zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110718115546_xinhuanzhugege110718zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110721145327_hushubao110701zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110721145938_hushubao110701cha15s.swf
c:\favoritevideo\InvisibleFolder\20110722215436_dongpeng110723jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110726144544_modengxinrenlei110726zanting.jpg
c:\favoritevideo\InvisibleFolder\20110726144832_modengxinrenlei110726zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110726145145_modengxinrenlei110726cha15s.jpg
c:\favoritevideo\InvisibleFolder\20110726145412_xinhuanzhugege110726cha15s.jpg
c:\favoritevideo\InvisibleFolder\20110726165531_csol110805qipao.swf
c:\favoritevideo\InvisibleFolder\20110729164352_maibaobao110801cha15s.swf
c:\favoritevideo\InvisibleFolder\20110802115704_wenjuan110802zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110802175327_maibaobao110803zanting.swf
c:\favoritevideo\InvisibleFolder\20110803132011_taobao110803cha15s.swf
c:\favoritevideo\InvisibleFolder\20110803132200_taobao110803zanting.swf
c:\favoritevideo\InvisibleFolder\20110803132715_taobao110803qipao.swf
c:\favoritevideo\InvisibleFolder\20110803171724_qishan110804qipao.swf
c:\favoritevideo\InvisibleFolder\20110803171845_qishan110804zanting.swf
c:\favoritevideo\InvisibleFolder\20110803172239_xinshuihu110803zhu15s.jpg
c:\favoritevideo\InvisibleFolder\20110803172440_xinshuihu110803zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110803172633_xinshuihu110803cha15s.jpg
c:\favoritevideo\InvisibleFolder\20110803174807_ludingji110804zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110803182133_hrs110804zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110805093234_shenmozhetian110805zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110805093427_shenmozhetian110805zanting.swf
c:\favoritevideo\InvisibleFolder\20110805093623_shenmozhetian110805cha15s.swf
c:\favoritevideo\InvisibleFolder\20110805154211_zhengtu2110807qipao.swf
c:\favoritevideo\InvisibleFolder\20110805154720_zhengtu2110806zanting.swf
c:\favoritevideo\InvisibleFolder\20110805164138_shandongliantong110805zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110809092713_tianzi110809zanting.jpg
c:\favoritevideo\InvisibleFolder\20110809182539_91wan110810qipao.swf
c:\favoritevideo\InvisibleFolder\20110809192159_1haodian110810cha15s.swf
c:\favoritevideo\InvisibleFolder\20110809192620_1haodian110810zanting.swf
c:\favoritevideo\InvisibleFolder\20110809194200_guangqi110810cha15s.swf
c:\favoritevideo\InvisibleFolder\20110809194320_guangqi110810zanting.swf
c:\favoritevideo\InvisibleFolder\20110809194437_guangqi110810zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110810135502_shenxiandao110811zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110810135900_shenxiandao110811zanting.swf
c:\favoritevideo\InvisibleFolder\20110810140244_shenxiandao110811cha15s.swf
c:\favoritevideo\InvisibleFolder\20110810140512_shenxiandao110811qipao.swf
c:\favoritevideo\InvisibleFolder\20110810155839_renbaochexian110810houtie.swf
c:\favoritevideo\InvisibleFolder\20110810160157_renbaochexian110810cha15s.swf
c:\favoritevideo\InvisibleFolder\20110810160522_renbaochexian110810zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110810165108_maibaobao110811zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110810165314_maibaobao110811zanting.swf
c:\favoritevideo\InvisibleFolder\20110811104453_taobao110813qipao.swf
c:\favoritevideo\InvisibleFolder\20110811104812_taobao110813zanting.swf
c:\favoritevideo\InvisibleFolder\20110811105056_taobao110813cha15s.swf
c:\favoritevideo\InvisibleFolder\20110811115654_hrs110811cha15s.swf
c:\favoritevideo\InvisibleFolder\20110812094740_tianzi110812zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110812114859_yiqizaixian110812zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110812120801_yougou110812zanting.swf
c:\favoritevideo\InvisibleFolder\20110812120948_yougou110812cha15s.swf
c:\favoritevideo\InvisibleFolder\20110812161006_qijishijie110813zanting.swf
c:\favoritevideo\InvisibleFolder\20110812161227_qijishijie110813qipao.swf
c:\favoritevideo\InvisibleFolder\20110812163227_ludingji110813zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110812164307_zhengtu2110813qipao.swf
c:\favoritevideo\InvisibleFolder\20110812165057_zhengtu2110813zanting.swf
c:\favoritevideo\InvisibleFolder\20110812181724_tankeshijie110813zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110812195646_yitiantulong110813zhu15s.swf
c:\favoritevideo\InvisibleFolder\condisp.dll
c:\favoritevideo\InvisibleFolder\externtab(1.0.0.7).zip
c:\favoritevideo\InvisibleFolder\externtab(1.0.0.8).zip
c:\favoritevideo\InvisibleFolder\mir.dll
c:\favoritevideo\InvisibleFolder\peer(0).dll
c:\favoritevideo\InvisibleFolder\peer(1).dll
c:\favoritevideo\InvisibleFolder\peer(2).dll
c:\favoritevideo\InvisibleFolder\peer.dll
c:\favoritevideo\InvisibleFolder\pprepair.dll
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0031_s.exe
c:\favoritevideo\InvisibleFolder\sqlite3.dll
c:\favoritevideo\InvisibleFolder\TipsClient.dll
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011010120110101145808.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011010220110102060812.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011021820110219042746.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011031620110317034240.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011032820110328071634.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011040120110401121201.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011040620110406114936.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110119.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110218.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110223.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110315.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110324.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110329.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110406.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2010123020110101.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2011021820110218.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2011031520110316.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2011032420110327.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2011040620110406.zip
c:\programdata\hpe6566.dll
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Templates\75a04845tllb68xf7y3xp54210y10ofo2eyrjo6thr42
c:\users\Brian\Documents\~WRL0005.tmp
c:\users\Brian\Documents\~WRL3929.tmp
c:\users\Brian\videos\Combined-Community-Codec-Pack-2008-09-21.exe
c:\users\Brian\videos\JAD7_BASIC.exe
c:\windows\$NtUninstallKB21255$
c:\windows\$NtUninstallKB21255$\2708342285
c:\windows\$NtUninstallKB21255$\3890957075\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB21255$\3890957075\L\xadqgnnk
c:\windows\$NtUninstallKB21255$\3890957075\U\@00000001
c:\windows\$NtUninstallKB21255$\3890957075\U\@000000c0
c:\windows\$NtUninstallKB21255$\3890957075\U\@000000cb
c:\windows\$NtUninstallKB21255$\3890957075\U\@000000cf
c:\windows\$NtUninstallKB21255$\3890957075\U\@80000000
c:\windows\$NtUninstallKB21255$\3890957075\U\@800000c0
c:\windows\$NtUninstallKB21255$\3890957075\U\@800000cb
c:\windows\$NtUninstallKB21255$\3890957075\U\@800000cf
.
.
((((((((((((((((((((((((( 2011-08-05 至 2011-09-05 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2011-09-04 22:01 . 2011-09-04 22:03 -------- d-----w- C:\a7213f4a75751c7ec2395bb8076744a3
2011-09-04 18:11 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-04 18:11 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-01 03:29 . 2011-09-01 03:29 -------- d-----w- c:\users\Brian\AppData\Roaming\Avira
2011-09-01 03:25 . 2011-09-01 03:25 -------- d-----w- c:\programdata\Avira
2011-09-01 03:25 . 2011-09-01 03:25 -------- d-----w- c:\program files\Avira
2011-08-28 23:35 . 2011-08-28 23:35 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
2011-08-28 23:35 . 2011-08-28 23:35 -------- d-----w- c:\programdata\Malwarebytes
2011-08-28 23:34 . 2011-09-04 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-27 03:50 . 2011-08-27 03:50 -------- d-----w- c:\windows\Sun
2011-08-11 01:47 . 2011-09-04 19:40 -------- d-----w- C:\a9baa48b8985e961bd57
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 20:53 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-25 22:36 . 2011-06-25 22:36 0 ---ha-w- c:\users\Brian\AppData\Local\BITC273.tmp
2011-06-21 18:14 . 2011-06-21 18:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 02:29 . 2011-07-13 03:19 2334208 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-10-28 126976]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PPTV.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PPTV.lnk
backup=c:\windows\pss\PPTV.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 21:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-10-28 05:08 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 21:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-07-05 02:01 185784 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-27 00:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-11 21:01 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-12 308136]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 135664]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2004-11-19 18848]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 135664]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-12 1343400]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-08-12 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-05 243152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
‘計劃任務’ 文件夾 裡的內容
.
2011-09-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-11 20:55]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 20:56]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 20:56]
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://centercomputer.ca/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\yeawku95.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-FileRestorePlusis1 - e:\filerestoreplus\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2011-09-05 10:45:47
ComboFix-quarantined-files.txt 2011-09-05 16:45
.
Pre-Run: 175,877,566,464 bytes free
Post-Run: 177,958,154,240 bytes free
.
- - End Of File - - 9AB474BF5551253828C9C9DB9BD4D44E

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 05 September 2011 - 07:46 PM

IHateAbnormalities:

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

DirLook::
C:\a7213f4a75751c7ec2395bb8076744a3
C:\a9baa48b8985e961bd57

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 06 September 2011 - 12:20 PM

IHateAbnormalities:

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

DirLook::
C:\a7213f4a75751c7ec2395bb8076744a3
C:\a9baa48b8985e961bd57


Because of your emphasis on File, I will assume that you meant File instead of DirLook. Edit: I used File:: instead of DirLook:: and now I regret it. I am sorry if this causes any inconvenience for you. Do you still want me to run MalwareBytes' Anti-Malware or do you want me to use System Restore and bring it back to before I messed up the code and used ComboFix?



ComboFix 11-09-06.03 - Brian 6/2011 Tue 11:25:35.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.950.852.1033.18.2039.1310 [GMT -6:00]
執行位置: c:\users\Brian\Desktop\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\a7213f4a75751c7ec2395bb8076744a3"
"C:\a9baa48b8985e961bd57"
.
.
((((((((((((((((((((((((( 2011-08-06 至 2011-09-06 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2011-09-06 17:32 . 2011-09-06 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-05 16:45 . 2011-09-06 17:32 -------- d-----w- c:\users\Brian\AppData\Local\temp
2011-09-04 22:01 . 2011-09-04 22:03 -------- d-----w- C:\a7213f4a75751c7ec2395bb8076744a3
2011-09-04 18:11 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-04 18:11 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-09-04 18:11 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-04 18:11 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-01 03:29 . 2011-09-01 03:29 -------- d-----w- c:\users\Brian\AppData\Roaming\Avira
2011-09-01 03:25 . 2011-09-01 03:25 -------- d-----w- c:\programdata\Avira
2011-09-01 03:25 . 2011-09-01 03:25 -------- d-----w- c:\program files\Avira
2011-08-28 23:35 . 2011-08-28 23:35 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
2011-08-28 23:35 . 2011-08-28 23:35 -------- d-----w- c:\programdata\Malwarebytes
2011-08-28 23:34 . 2011-09-04 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-27 03:50 . 2011-08-27 03:50 -------- d-----w- c:\windows\Sun
2011-08-11 01:47 . 2011-09-04 19:40 -------- d-----w- C:\a9baa48b8985e961bd57
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 20:53 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-25 22:36 . 2011-06-25 22:36 0 ---ha-w- c:\users\Brian\AppData\Local\BITC273.tmp
2011-06-21 18:14 . 2011-06-21 18:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 02:29 . 2011-07-13 03:19 2334208 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-10-28 126976]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PPTV.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PPTV.lnk
backup=c:\windows\pss\PPTV.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 21:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-10-28 05:08 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 21:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-07-05 02:01 185784 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-27 00:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-11 21:01 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-12 308136]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 135664]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2004-11-19 18848]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 135664]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-12 1343400]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-08-12 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-05 243152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
‘計劃任務’ 文件夾 裡的內容
.
2011-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-11 20:55]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 20:56]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 20:56]
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://centercomputer.ca/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\yeawku95.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2011-09-06 11:35:39
ComboFix-quarantined-files.txt 2011-09-06 17:35
ComboFix2.txt 2011-09-05 16:45
.
Pre-Run: 179,207,729,152 bytes free
Post-Run: 178,929,672,192 bytes free
.
- - End Of File - - 3361EB69243193143930ADE4C15E9937

Edited by IHateAbnormalities, 06 September 2011 - 01:00 PM.


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 06 September 2011 - 04:04 PM

Sorry, that was my fault. DirLook:: was the correct command, but no harm was done by using File::, so don't use system restore. Just run the ComboFix script again using DirLook::, then run MBAM and post both logs for me.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 06 September 2011 - 08:30 PM

ComboFix 11-09-06.03 - Brian 6/2011 Tue 17:42:53.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.950.852.1033.18.2039.1313 [GMT -6:00]
執行位置: c:\users\Brian\Desktop\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( 2011-08-06 至 2011-09-06 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2011-09-06 23:48 . 2011-09-06 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-05 16:45 . 2011-09-06 23:48 -------- d-----w- c:\users\Brian\AppData\Local\temp
2011-09-04 22:01 . 2011-09-04 22:03 -------- d-----w- C:\a7213f4a75751c7ec2395bb8076744a3
2011-09-04 18:11 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-09-04 18:11 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-09-04 18:11 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-04 18:11 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-01 03:29 . 2011-09-01 03:29 -------- d-----w- c:\users\Brian\AppData\Roaming\Avira
2011-09-01 03:25 . 2011-09-01 03:25 -------- d-----w- c:\programdata\Avira
2011-09-01 03:25 . 2011-09-01 03:25 -------- d-----w- c:\program files\Avira
2011-08-28 23:35 . 2011-08-28 23:35 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
2011-08-28 23:35 . 2011-08-28 23:35 -------- d-----w- c:\programdata\Malwarebytes
2011-08-28 23:34 . 2011-09-04 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-27 03:50 . 2011-08-27 03:50 -------- d-----w- c:\windows\Sun
2011-08-11 01:47 . 2011-09-04 19:40 -------- d-----w- C:\a9baa48b8985e961bd57
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 20:53 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-25 22:36 . 2011-06-25 22:36 0 ---ha-w- c:\users\Brian\AppData\Local\BITC273.tmp
2011-06-21 18:14 . 2011-06-21 18:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 02:29 . 2011-07-13 03:19 2334208 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\a7213f4a75751c7ec2395bb8076744a3 ----
.
2011-09-04 22:01 . 2011-09-04 22:01 52390856 ----a-w- c:\a7213f4a75751c7ec2395bb8076744a3\MRT.exe
.
---- Directory of C:\a9baa48b8985e961bd57 ----
.
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-10-28 126976]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PPTV.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PPTV.lnk
backup=c:\windows\pss\PPTV.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 21:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-10-28 05:08 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 21:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-07-05 02:01 185784 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-27 00:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-11 21:01 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-12 308136]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 135664]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2004-11-19 18848]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 135664]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-12 1343400]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-08-12 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-05 243152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
‘計劃任務’ 文件夾 裡的內容
.
2011-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-11 20:55]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 20:56]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-11 20:56]
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://centercomputer.ca/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\yeawku95.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2011-09-06 17:50:58
ComboFix-quarantined-files.txt 2011-09-06 23:50
ComboFix2.txt 2011-09-06 17:35
ComboFix3.txt 2011-09-05 16:45
.
Pre-Run: 178,970,308,608 bytes free
Post-Run: 178,920,562,688 bytes free
.
- - End Of File - - 83492712BB0754D9076009AA412C6F39


-------------



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7666

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9/6/2011 7:24:28 PM
mbam-log-2011-09-06 (19-24-28).txt

Scan type: Full scan (aC:\|)
Objects scanned: 278560
Time elapsed: 45 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Brian\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 06 September 2011 - 09:53 PM

IHateAbnormalities:

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version
  • Run the installer you just downloaded
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 07 September 2011 - 08:25 PM

I removed Update 22 and then after that, Java didn't show up anymore. Was one removal all it took? Sorry for taking longer than normal. I still have not installed the latest version of Java or run an online scan ESET.

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 07 September 2011 - 08:38 PM

HI,

If no more Java entries are showing up then go ahead with the update and the ESET scan.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 08 September 2011 - 01:25 AM

AVG is still disabled and attempts to uninstall it won't work properly. I haven't seen any browser redirects for a while. When I try to uninstall Vuze with the Control Panel, I get a "Couldn't load main class." error.

C:\Users\Brian\Downloads\winzip155.exe Win32/OpenCandy application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIK313YX\a8d29[1].pdf JS/Exploit.Pdfka.PDM.Gen trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5a3a4a92-46619060 a variant of Java/Agent.DM trojan

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 08 September 2011 - 09:19 PM

IHateAbnormalities:

Posted Image Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start > Run or press the Windows key + r Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
  • A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.
Please include the following in your next post:
  • Junction log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 08 September 2011 - 11:49 PM

I apologize for this, but I just realized that I installed the wrong version of Java, and have just repeated the Java step. Do you want me to run the ESET scan again?

Also, I can't extract Junction to C:\\Windows.

! C:\Users\Brian\Downloads\Junction.zip: Cannot create Eula.txt
Access is denied.
! C:\Users\Brian\Downloads\Junction.zip: Cannot create junction.exe
Access is denied.

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 09 September 2011 - 09:58 PM

You have administrator rights on this machine, right?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 IHateAbnormalities

IHateAbnormalities
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 09 September 2011 - 11:31 PM

I'm actually not sure about that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users