Jump to content

Indyjhl

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Indyjhl
    Hi, Have managed to do the ESET online scan: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=e098177303d5ae4d99d0207440913f47 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-24 08:50:02 # local_time=2011-05-24 09:50:02 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 40724669 40724669 0 0 # compatibility_mode=8192 67108863 100 0 285 285 0 0 # scanned=159307 # found=4 # cleaned=4 # scan_time=4876 C:\Documents and Settings\Indy\My Documents\Downloads\lavv311ik\lavv311ik\LinPlug.Albino.VSTi.v3.1.1.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Indy\My Documents\Downloads\Legacy\Korg Legacy Complete\Analog\keygen.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Indy\My Documents\Downloads\Legacy\Korg Legacy Complete\Digital\keygen.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7ABA1C9C-78FE-42E9-A187-2F1936532779}\RP922\A0192667.exe a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Thanks Indy
  2. Indyjhl
    That file in the windows folder is not something I recognise to be honest. Neither of the next two steps seem to be working for me at the moment. I've included the combofix log below but there was an error uploading the file for scanning. I tried it a number of times, but it wouldn't work. I had a full internet connection throughout. With the ESET scanner, I click start after agreeing the terms, it loads for a little bit and then takes me back to the EULA page. I've been doing this on IE8 and have tried repeatedly but with no success... Maybe I should just try these again a little later... ComboFix 11-05-22.02 - Indy 23/05/2011 18:49:33.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.1498 [GMT 1:00] Running from: c:\documents and settings\Indy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Indy\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . file zipped: c:\windows\setupa.exe . . ((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 ))))))))))))))))))))))))))))))) . . 2011-05-19 08:43 . 2011-05-19 08:43 -------- d-----w- c:\program files\Common Files\Java 2011-05-19 08:43 . 2011-05-19 08:43 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-19 08:43 . 2011-05-19 08:43 -------- d-----w- c:\program files\Java 2011-05-18 14:55 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-18 13:40 . 2011-05-18 13:40 -------- d-----w- c:\documents and settings\Indy\Local Settings\Application Data\Threat Expert 2011-05-18 13:24 . 2011-05-18 15:30 -------- d-----w- c:\program files\PC Tools Security 2011-05-18 13:20 . 2011-05-18 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-05-18 13:03 . 2011-05-22 15:44 -------- d-----w- c:\documents and settings\Indy\Application Data\uTorrent 2011-05-18 13:03 . 2011-05-18 13:03 -------- d-----w- c:\program files\Common Files\Apple 2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\documents and settings\Indy\Application Data\Malwarebytes 2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-17 21:40 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-17 21:40 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-17 20:20 . 2011-05-17 20:20 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2011-05-15 10:14 . 2011-05-15 10:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-08 16:48 . 2004-06-22 15:05 90112 ----a-w- c:\windows\system32\hpovst08.dll 2011-05-08 16:48 . 2004-06-22 15:05 581632 ----a-w- c:\windows\system32\hpotscl.dll 2011-05-08 16:48 . 2004-06-22 15:05 180315 ----a-w- c:\windows\system32\hpzsnt10.dll 2011-05-01 10:56 . 2011-05-01 10:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A} 2011-05-01 10:56 . 2011-05-01 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments 2011-05-01 10:48 . 2008-03-11 15:37 143624 ----a-w- c:\windows\system32\drivers\mausb.sys 2011-05-01 10:48 . 2008-03-11 15:37 28680 ----a-w- c:\windows\system32\mausbasio.dll 2011-05-01 10:48 . 2008-03-11 15:37 252424 ----a-w- c:\windows\system32\M-AudioFastTrackProControlPanelApplet.cpl 2011-05-01 10:48 . 2008-03-11 15:37 2519712 ----a-w- c:\windows\system32\madiousb.dll 2011-05-01 10:48 . 2011-05-01 10:48 -------- d-----w- c:\documents and settings\Indy\Application Data\InstallShield 2011-04-30 19:04 . 2011-04-30 19:04 -------- d-----w- c:\program files\ASIO4ALL v2 2011-04-30 19:00 . 2008-05-15 16:45 356864 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-19 08:43 . 2011-01-09 19:11 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-17 20:32 . 2010-02-20 12:06 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-10 12:10 . 2010-09-01 13:56 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2007-10-12 18:18 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2008-04-03 09:39 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2007-10-12 18:19 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 12:02 . 2007-10-12 18:18 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-05-10 12:02 . 2007-10-12 18:18 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-05-10 11:59 . 2007-10-12 18:19 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2007-10-12 18:19 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-05-10 11:59 . 2008-04-03 09:39 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-01 10:25 . 2011-03-23 14:05 45547520 --sha-w- c:\windows\setupa.exe 2011-03-07 05:33 . 2007-10-12 17:35 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2002-09-03 20:01 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2002-09-03 20:03 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2002-09-03 20:03 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2002-09-03 19:42 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2002-09-03 19:40 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-14 16:41 . 2011-05-21 17:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . --- c:\windows\setupa.exe --- Company: Native Instruments File Description: Traktor 2 Setup File Version: 2.0.1.10169 Product Name: Copyright: All rights reserved Original Filename: File size: 45547520 Created time: 2011-03-23 14:05 Modified time: 2011-05-01 10:25 MD5: 097E7B9C3AF6AC2B87471AF34D61A4C9 SHA1: 8C9196D15FD290AC69D0D416A6F9B6FE20D902B1 . . ((((((((((((((((((((((((((((( SnapShot@2011-05-20_20.29.41 ))))))))))))))))))))))))))))))))))))))))) . + 2011-05-23 17:08 . 2011-05-23 17:08 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Midi1"=mapledxp.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Novation\\Automap\\AutomapServer.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= . R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [12/10/2007 23:42 11264] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/05/2011 15:55 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/04/2008 10:39 307928] R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [05/04/2004 09:44 24720] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 10:39 19544] R3 automap;Automap MIDI Driver Service;c:\windows\system32\drivers\automap.sys [28/12/2008 22:34 7168] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [12/10/2007 20:15 33792] R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\drivers\mausb.sys [01/05/2011 11:48 143624] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [24/12/2010 15:15 17280] S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [24/01/2008 14:01 29292] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [01/05/2011 11:48 143624] S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys --> c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [?] S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [28/12/2008 22:34 33792] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/01/2008 13:43 682232] . Contents of the 'Scheduled Tasks' folder . 2011-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {1CB63E7F-2788-4868-A443-3AB8623A0979} = 194.74.65.69,194.72.9.34 TCP: {C179380E-DE3D-4D16-96E9-26741B960348} = 192.168.1.1 TCP: {C6425A40-FC6E-4B4B-A335-2FF9E3EA7ED9} = 194.74.65.69,194.72.9.34 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Indy\Application Data\Mozilla\Firefox\Profiles\mbpegohj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?rls=ig . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-23 18:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a9,d8,11,9a,79,d6,45,84,cb,1e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a9,d8,11,9a,79,d6,45,84,cb,1e,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1800) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-05-23 19:00:01 ComboFix-quarantined-files.txt 2011-05-23 17:59 ComboFix2.txt 2011-05-23 17:39 ComboFix3.txt 2011-05-22 16:52 ComboFix4.txt 2011-05-20 20:33 . Pre-Run: 100,980,797,440 bytes free Post-Run: 100,916,199,424 bytes free . - - End Of File - - CFA701A851CBA2E483902A1C617D7F73
  3. Indyjhl
    Hi there... Step 0: Wouldn't let me upload this, told me the file was too big ie above 20mb Step 1: Utorrent and Soulseek removed Step 2: ComboFix 11-05-21.03 - Indy 22/05/2011 17:29:53.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.1505 [GMT 1:00] Running from: c:\documents and settings\Indy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Indy\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\windows\system32\drivers\mqces.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_aconbeu . . ((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 ))))))))))))))))))))))))))))))) . . 2011-05-19 08:43 . 2011-05-19 08:43 -------- d-----w- c:\program files\Common Files\Java 2011-05-19 08:43 . 2011-05-19 08:43 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-19 08:43 . 2011-05-19 08:43 -------- d-----w- c:\program files\Java 2011-05-18 14:55 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-18 13:40 . 2011-05-18 13:40 -------- d-----w- c:\documents and settings\Indy\Local Settings\Application Data\Threat Expert 2011-05-18 13:24 . 2011-05-18 15:30 -------- d-----w- c:\program files\PC Tools Security 2011-05-18 13:20 . 2011-05-18 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-05-18 13:03 . 2011-05-22 15:44 -------- d-----w- c:\documents and settings\Indy\Application Data\uTorrent 2011-05-18 13:03 . 2011-05-18 13:03 -------- d-----w- c:\program files\Common Files\Apple 2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\documents and settings\Indy\Application Data\Malwarebytes 2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-17 21:40 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-17 21:40 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-17 20:20 . 2011-05-17 20:20 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2011-05-15 10:14 . 2011-05-15 10:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-08 16:48 . 2004-06-22 15:05 90112 ----a-w- c:\windows\system32\hpovst08.dll 2011-05-08 16:48 . 2004-06-22 15:05 581632 ----a-w- c:\windows\system32\hpotscl.dll 2011-05-08 16:48 . 2004-06-22 15:05 180315 ----a-w- c:\windows\system32\hpzsnt10.dll 2011-05-01 10:56 . 2011-05-01 10:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A} 2011-05-01 10:56 . 2011-05-01 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments 2011-05-01 10:48 . 2008-03-11 15:37 143624 ----a-w- c:\windows\system32\drivers\mausb.sys 2011-05-01 10:48 . 2008-03-11 15:37 28680 ----a-w- c:\windows\system32\mausbasio.dll 2011-05-01 10:48 . 2008-03-11 15:37 252424 ----a-w- c:\windows\system32\M-AudioFastTrackProControlPanelApplet.cpl 2011-05-01 10:48 . 2008-03-11 15:37 2519712 ----a-w- c:\windows\system32\madiousb.dll 2011-05-01 10:48 . 2011-05-01 10:48 -------- d-----w- c:\documents and settings\Indy\Application Data\InstallShield 2011-04-30 19:04 . 2011-04-30 19:04 -------- d-----w- c:\program files\ASIO4ALL v2 2011-04-30 19:00 . 2008-05-15 16:45 356864 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-19 08:43 . 2011-01-09 19:11 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-17 20:32 . 2010-02-20 12:06 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-10 12:10 . 2010-09-01 13:56 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2007-10-12 18:18 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2008-04-03 09:39 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2007-10-12 18:19 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 12:02 . 2007-10-12 18:18 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-05-10 12:02 . 2007-10-12 18:18 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-05-10 11:59 . 2007-10-12 18:19 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2007-10-12 18:19 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-05-10 11:59 . 2008-04-03 09:39 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-01 10:25 . 2011-03-23 14:05 45547520 --sha-w- c:\windows\setupa.exe 2011-03-07 05:33 . 2007-10-12 17:35 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2002-09-03 20:01 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2002-09-03 20:03 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2002-09-03 20:03 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2002-09-03 19:42 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2002-09-03 19:40 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2007-10-12 17:45 385024 ----a-w- c:\windows\system32\html.iec 2011-04-14 16:41 . 2011-05-21 17:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Midi1"=mapledxp.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Novation\\Automap\\AutomapServer.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= . R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [12/10/2007 23:42 11264] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/05/2011 15:55 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/04/2008 10:39 307928] R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [05/04/2004 09:44 24720] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 10:39 19544] R3 automap;Automap MIDI Driver Service;c:\windows\system32\drivers\automap.sys [28/12/2008 22:34 7168] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [12/10/2007 20:15 33792] R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\drivers\mausb.sys [01/05/2011 11:48 143624] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [24/12/2010 15:15 17280] S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [24/01/2008 14:01 29292] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [01/05/2011 11:48 143624] S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys --> c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [?] S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [28/12/2008 22:34 33792] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/01/2008 13:43 682232] . Contents of the 'Scheduled Tasks' folder . 2011-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {1CB63E7F-2788-4868-A443-3AB8623A0979} = 194.74.65.69,194.72.9.34 TCP: {C179380E-DE3D-4D16-96E9-26741B960348} = 192.168.1.1 TCP: {C6425A40-FC6E-4B4B-A335-2FF9E3EA7ED9} = 194.74.65.69,194.72.9.34 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Indy\Application Data\Mozilla\Firefox\Profiles\mbpegohj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?rls=ig . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-22 17:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a9,d8,11,9a,79,d6,45,84,cb,1e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a9,d8,11,9a,79,d6,45,84,cb,1e,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3768) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Java\jre6\bin\jqs.exe . ************************************************************************** . Completion time: 2011-05-22 17:52:03 - machine was rebooted ComboFix-quarantined-files.txt 2011-05-22 16:51 ComboFix2.txt 2011-05-20 20:33 . Pre-Run: 101,084,250,112 bytes free Post-Run: 101,010,210,816 bytes free . - - End Of File - - AC0995FF51D0DBD7891FEF9B9F681BF5 Step 3: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6610 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22/05/2011 18:56:02 mbam-log-2011-05-22 (18-56-02).txt Scan type: Quick scan Objects scanned: 159429 Time elapsed: 3 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) There seems to be no more redirections when using google and the cpu usage seems to have gone back to normal. Really appreciate your help, signs are looking good so far...
  4. Indyjhl
    Thanks for your speedy reply. Have done as you have asked. Here are the logs: 2011/05/20 20:52:21.0390 2896 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/20 20:52:21.0625 2896 ================================================================================ 2011/05/20 20:52:21.0625 2896 SystemInfo: 2011/05/20 20:52:21.0625 2896 2011/05/20 20:52:21.0625 2896 OS Version: 5.1.2600 ServicePack: 3.0 2011/05/20 20:52:21.0625 2896 Product type: Workstation 2011/05/20 20:52:21.0625 2896 ComputerName: INDY-PC 2011/05/20 20:52:21.0625 2896 UserName: Indy 2011/05/20 20:52:21.0625 2896 Windows directory: C:\WINDOWS 2011/05/20 20:52:21.0625 2896 System windows directory: C:\WINDOWS 2011/05/20 20:52:21.0625 2896 Processor architecture: Intel x86 2011/05/20 20:52:21.0625 2896 Number of processors: 2 2011/05/20 20:52:21.0625 2896 Page size: 0x1000 2011/05/20 20:52:21.0625 2896 Boot type: Normal boot 2011/05/20 20:52:21.0625 2896 ================================================================================ 2011/05/20 20:52:21.0968 2896 Initialize success 2011/05/20 20:52:38.0703 3520 ================================================================================ 2011/05/20 20:52:38.0703 3520 Scan started 2011/05/20 20:52:38.0703 3520 Mode: Manual; 2011/05/20 20:52:38.0703 3520 ================================================================================ 2011/05/20 20:52:38.0937 3520 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/05/20 20:52:39.0062 3520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/20 20:52:39.0125 3520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/05/20 20:52:39.0203 3520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/05/20 20:52:39.0265 3520 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/05/20 20:52:39.0359 3520 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys 2011/05/20 20:52:39.0500 3520 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/05/20 20:52:39.0578 3520 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/05/20 20:52:39.0609 3520 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/05/20 20:52:39.0656 3520 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys 2011/05/20 20:52:39.0703 3520 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys 2011/05/20 20:52:39.0750 3520 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/05/20 20:52:39.0781 3520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/20 20:52:39.0812 3520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/20 20:52:39.0859 3520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/20 20:52:39.0937 3520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/20 20:52:39.0968 3520 automap (99288f6ff063cfb9b3f1d3238c9208ab) C:\WINDOWS\system32\DRIVERS\automap.sys 2011/05/20 20:52:40.0000 3520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/20 20:52:40.0031 3520 bfturboh (fd4427b3538997b8333723fd500b4f8c) C:\WINDOWS\system32\drivers\bfturboh.sys 2011/05/20 20:52:40.0062 3520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/20 20:52:40.0296 3520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/20 20:52:40.0343 3520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/20 20:52:40.0359 3520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/20 20:52:40.0437 3520 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys 2011/05/20 20:52:40.0562 3520 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 2011/05/20 20:52:40.0671 3520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/20 20:52:40.0734 3520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/20 20:52:40.0750 3520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/20 20:52:40.0781 3520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/20 20:52:40.0812 3520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/20 20:52:40.0921 3520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/20 20:52:41.0000 3520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/20 20:52:41.0031 3520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/05/20 20:52:41.0046 3520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/20 20:52:41.0062 3520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/05/20 20:52:41.0125 3520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/05/20 20:52:41.0140 3520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/20 20:52:41.0187 3520 FTD2XX (ab40574f179b60be08fe87df70ecf9eb) C:\WINDOWS\system32\Drivers\FTD2XX.sys 2011/05/20 20:52:41.0234 3520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/20 20:52:41.0328 3520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/20 20:52:41.0375 3520 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/05/20 20:52:41.0406 3520 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/05/20 20:52:41.0484 3520 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/05/20 20:52:41.0531 3520 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/05/20 20:52:41.0593 3520 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/05/20 20:52:41.0640 3520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/20 20:52:41.0687 3520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 2011/05/20 20:52:41.0937 3520 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/05/20 20:52:42.0093 3520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/20 20:52:42.0234 3520 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/05/20 20:52:42.0265 3520 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/05/20 20:52:42.0328 3520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/05/20 20:52:42.0375 3520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/20 20:52:42.0406 3520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/20 20:52:42.0437 3520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/20 20:52:42.0484 3520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/20 20:52:42.0515 3520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/20 20:52:42.0531 3520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/20 20:52:42.0546 3520 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/05/20 20:52:42.0609 3520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/20 20:52:42.0640 3520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/20 20:52:42.0781 3520 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/05/20 20:52:42.0937 3520 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/05/20 20:52:43.0093 3520 mapledxp (71fb2c9d23e62d42f7a8af56e5dd8414) C:\WINDOWS\System32\drivers\mapledxp.SYS 2011/05/20 20:52:43.0140 3520 MAUSB (a07af79cac2b923d65d51eaad5dafc69) C:\WINDOWS\system32\DRIVERS\mausb.sys 2011/05/20 20:52:43.0171 3520 MAUSBFTP (a07af79cac2b923d65d51eaad5dafc69) C:\WINDOWS\system32\DRIVERS\mausb.sys 2011/05/20 20:52:43.0218 3520 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys 2011/05/20 20:52:43.0265 3520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/20 20:52:43.0328 3520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/20 20:52:43.0359 3520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/20 20:52:43.0390 3520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/05/20 20:52:43.0421 3520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/20 20:52:43.0453 3520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/20 20:52:43.0515 3520 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/20 20:52:43.0546 3520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/20 20:52:43.0593 3520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/20 20:52:43.0640 3520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/20 20:52:43.0656 3520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/20 20:52:43.0671 3520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/20 20:52:43.0687 3520 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/20 20:52:43.0750 3520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/20 20:52:43.0796 3520 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/20 20:52:43.0828 3520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/20 20:52:43.0843 3520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/20 20:52:43.0921 3520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/20 20:52:43.0984 3520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/20 20:52:44.0031 3520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/20 20:52:44.0046 3520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/20 20:52:44.0093 3520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/20 20:52:44.0140 3520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/20 20:52:44.0187 3520 NvnUsbAudio (f0cc13e9d347c9b0393429773ff4a0f0) C:\WINDOWS\system32\DRIVERS\nvnusbaudio.sys 2011/05/20 20:52:44.0250 3520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/20 20:52:44.0281 3520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/20 20:52:44.0359 3520 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 2011/05/20 20:52:44.0421 3520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/05/20 20:52:44.0453 3520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/20 20:52:44.0515 3520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/20 20:52:44.0531 3520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/20 20:52:44.0625 3520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/05/20 20:52:44.0671 3520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/05/20 20:52:44.0843 3520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/20 20:52:44.0890 3520 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/05/20 20:52:44.0906 3520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/20 20:52:44.0968 3520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/20 20:52:45.0031 3520 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/05/20 20:52:45.0171 3520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/20 20:52:45.0250 3520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/20 20:52:45.0265 3520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/20 20:52:45.0296 3520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/20 20:52:45.0343 3520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/20 20:52:45.0375 3520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/20 20:52:45.0437 3520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/05/20 20:52:45.0484 3520 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/20 20:52:45.0531 3520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/20 20:52:45.0593 3520 rt2870 (24a0d16d170194b5812ea08542ebdb62) C:\WINDOWS\system32\DRIVERS\rt2870.sys 2011/05/20 20:52:45.0656 3520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/20 20:52:45.0734 3520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/05/20 20:52:45.0765 3520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/05/20 20:52:45.0843 3520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/20 20:52:45.0906 3520 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\System32\Drivers\sptd.sys 2011/05/20 20:52:46.0000 3520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/20 20:52:46.0015 3520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/20 20:52:46.0078 3520 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys 2011/05/20 20:52:46.0093 3520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/20 20:52:46.0156 3520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/20 20:52:46.0265 3520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/20 20:52:46.0312 3520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/20 20:52:46.0343 3520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/20 20:52:46.0406 3520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/20 20:52:46.0437 3520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/20 20:52:46.0484 3520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/20 20:52:46.0578 3520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/20 20:52:46.0640 3520 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/05/20 20:52:46.0656 3520 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/05/20 20:52:46.0687 3520 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/20 20:52:46.0703 3520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/20 20:52:46.0718 3520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/20 20:52:46.0734 3520 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/05/20 20:52:46.0812 3520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/05/20 20:52:46.0828 3520 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/20 20:52:46.0843 3520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/05/20 20:52:46.0890 3520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/05/20 20:52:46.0953 3520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/20 20:52:47.0000 3520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/20 20:52:47.0046 3520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/20 20:52:47.0125 3520 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/05/20 20:52:47.0156 3520 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/05/20 20:52:47.0234 3520 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/05/20 20:52:47.0250 3520 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/05/20 20:52:47.0375 3520 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys 2011/05/20 20:52:47.0406 3520 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/05/20 20:52:47.0421 3520 ================================================================================ 2011/05/20 20:52:47.0421 3520 Scan finished 2011/05/20 20:52:47.0421 3520 ================================================================================ 2011/05/20 20:52:47.0421 3512 Detected object count: 1 2011/05/20 20:53:14.0718 3512 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/05/20 20:53:14.0718 3512 \HardDisk0 - ok 2011/05/20 20:53:14.0718 3512 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/05/20 20:53:44.0265 4064 Deinitialize success ComboFix 11-05-19.02 - Indy 20/05/2011 21:17:16.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.1570 [GMT 1:00] Running from: c:\documents and settings\Indy\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Indy\WINDOWS c:\windows\system32\Data c:\windows\system32\install.exe . . ((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 ))))))))))))))))))))))))))))))) . . 2011-05-19 08:43 . 2011-05-19 08:43 -------- d-----w- c:\program files\Common Files\Java 2011-05-19 08:43 . 2011-05-19 08:43 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-19 08:43 . 2011-05-19 08:43 -------- d-----w- c:\program files\Java 2011-05-18 14:55 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-18 13:40 . 2011-05-18 13:40 -------- d-----w- c:\documents and settings\Indy\Local Settings\Application Data\Threat Expert 2011-05-18 13:24 . 2011-05-18 15:30 -------- d-----w- c:\program files\PC Tools Security 2011-05-18 13:20 . 2011-05-18 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-05-18 13:03 . 2011-05-18 13:11 -------- d-----w- c:\documents and settings\Indy\Application Data\uTorrent 2011-05-18 13:03 . 2011-05-18 13:03 -------- d-----w- c:\program files\Common Files\Apple 2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\documents and settings\Indy\Application Data\Malwarebytes 2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-17 21:40 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-17 21:40 . 2011-05-17 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-17 21:40 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-17 21:39 . 2011-05-17 20:32 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-05-17 20:24 . 2011-04-29 11:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-05-17 20:20 . 2011-05-17 20:20 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2011-05-15 10:14 . 2011-05-15 10:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-08 16:48 . 2004-06-22 15:05 90112 ----a-w- c:\windows\system32\hpovst08.dll 2011-05-08 16:48 . 2004-06-22 15:05 581632 ----a-w- c:\windows\system32\hpotscl.dll 2011-05-08 16:48 . 2004-06-22 15:05 180315 ----a-w- c:\windows\system32\hpzsnt10.dll 2011-05-01 10:56 . 2011-05-01 10:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A} 2011-05-01 10:56 . 2011-05-01 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Native Instruments 2011-05-01 10:48 . 2008-03-11 15:37 143624 ----a-w- c:\windows\system32\drivers\mausb.sys 2011-05-01 10:48 . 2008-03-11 15:37 28680 ----a-w- c:\windows\system32\mausbasio.dll 2011-05-01 10:48 . 2008-03-11 15:37 252424 ----a-w- c:\windows\system32\M-AudioFastTrackProControlPanelApplet.cpl 2011-05-01 10:48 . 2008-03-11 15:37 2519712 ----a-w- c:\windows\system32\madiousb.dll 2011-05-01 10:48 . 2011-05-01 10:48 -------- d-----w- c:\documents and settings\Indy\Application Data\InstallShield 2011-04-30 19:04 . 2011-04-30 19:04 -------- d-----w- c:\program files\ASIO4ALL v2 2011-04-30 19:00 . 2008-05-15 16:45 356864 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-19 08:43 . 2011-01-09 19:11 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-17 20:32 . 2010-02-20 12:06 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-10 12:10 . 2010-09-01 13:56 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2007-10-12 18:18 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2008-04-03 09:39 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2007-10-12 18:19 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 12:02 . 2007-10-12 18:18 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-05-10 12:02 . 2007-10-12 18:18 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-05-10 11:59 . 2007-10-12 18:19 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2007-10-12 18:19 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-05-10 11:59 . 2008-04-03 09:39 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-01 10:25 . 2011-03-23 14:05 45547520 --sha-w- c:\windows\setupa.exe 2011-03-07 05:33 . 2007-10-12 17:35 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2002-09-03 20:01 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2002-09-03 20:03 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2002-09-03 20:03 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2002-09-03 19:42 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2002-09-03 19:40 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2007-10-12 17:45 385024 ----a-w- c:\windows\system32\html.iec 2011-04-14 16:41 . 2011-05-19 20:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Midi1"=mapledxp.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Novation\\Automap\\AutomapServer.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/05/2011 21:24 64512] R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [12/10/2007 23:42 11264] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/05/2011 15:55 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/04/2008 10:39 307928] R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [05/04/2004 09:44 24720] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 10:39 19544] R3 automap;Automap MIDI Driver Service;c:\windows\system32\drivers\automap.sys [28/12/2008 22:34 7168] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [12/10/2007 20:15 33792] R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\drivers\mausb.sys [01/05/2011 11:48 143624] S0 aconbeu;aconbeu;c:\windows\system32\drivers\mqces.sys --> c:\windows\system32\drivers\mqces.sys [?] S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [24/12/2010 15:15 17280] S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [24/01/2008 14:01 29292] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [29/04/2011 12:11 2151128] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [29/04/2011 12:11 15232] S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [01/05/2011 11:48 143624] S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys --> c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [?] S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [28/12/2008 22:34 33792] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/01/2008 13:43 682232] . Contents of the 'Scheduled Tasks' folder . 2011-05-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 09:11] . 2011-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {1CB63E7F-2788-4868-A443-3AB8623A0979} = 194.74.65.69,194.72.9.34 TCP: {C179380E-DE3D-4D16-96E9-26741B960348} = 192.168.1.1 TCP: {C6425A40-FC6E-4B4B-A335-2FF9E3EA7ED9} = 194.74.65.69,194.72.9.34 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Indy\Application Data\Mozilla\Firefox\Profiles\mbpegohj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?rls=ig . - - - - ORPHANS REMOVED - - - - . AddRemove-db audioware Sidechain Compressor VST v1.1.0 - c:\docume~1\Indy\MYDOCU~1\Ableton\VSTPLU~2\SIDECH~1\UNWISE.EXE AddRemove-Sonoma Wire Works Sonoma 7 VST v1.1 - c:\progra~1\STEINB~1\VSTPLU~1\Sonoma\UNWISE.EXE AddRemove-SyncroSoft Emu - c:\program files\SyncroSoft\Pos\H2O\Uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-20 21:29 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a9,d8,11,9a,79,d6,45,84,cb,1e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,a9,d8,11,9a,79,d6,45,84,cb,1e,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2011-05-20 21:33:06 ComboFix-quarantined-files.txt 2011-05-20 20:33 . Pre-Run: 87,704,162,304 bytes free Post-Run: 100,264,755,200 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - EF40FCCE0BAEC8CDC063454A953EF257 Thank You. Indy
  5. Indyjhl
    Hello, For a few days I've been finding my google searches have been redirecting to random sites or stopzilla. This happens with either mozilla or internet explorer. My resident scanner is avast which is fully up to date. It will occasionally pop up saying 'malicious url blocked' with the process listed as svchost.exe. I have done quick, full and boot scans with avast and mbam and it hasn't cleared the issue. Any help would be greatly appreciated. Here are my latest logs: Malware Bytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6610 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 19/05/2011 23:27:15 mbam-log-2011-05-19 (23-27-15).txt Scan type: Full scan (C:\|H:\|) Objects scanned: 483198 Time elapsed: 2 hour(s), 10 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Indy at 23:57:18 on 2011-05-19 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.1493 [GMT 1:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\System32\M-AudioTaskBarIcon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Indy\Desktop\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe mRun: [hidfind] "c:\program files\hidfind.exe" -update mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {1CB63E7F-2788-4868-A443-3AB8623A0979} = 194.74.65.69,194.72.9.34 TCP: {C179380E-DE3D-4D16-96E9-26741B960348} = 192.168.1.1 TCP: {C6425A40-FC6E-4B4B-A335-2FF9E3EA7ED9} = 194.74.65.69,194.72.9.34 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\indy\application data\mozilla\firefox\profiles\mbpegohj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?rls=ig FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-17 64512] R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2007-10-12 11264] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-18 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-3 307928] R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2004-4-5 24720] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-3 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-6 42184] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2151128] R3 automap;Automap MIDI Driver Service;c:\windows\system32\drivers\automap.sys [2008-12-28 7168] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-10-12 33792] R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\drivers\mausb.sys [2011-5-1 143624] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-9-30 829792] S0 aconbeu;aconbeu;c:\windows\system32\drivers\mqces.sys --> c:\windows\system32\drivers\mqces.sys [?] S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2010-12-24 17280] S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2008-1-24 29292] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232] S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [2011-5-1 143624] S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\maudiofasttrackpro.sys --> c:\windows\system32\drivers\MAudioFastTrackPro.sys [?] S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [2008-12-28 33792] . =============== Created Last 30 ================ . 2011-05-19 08:43:32 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-18 14:55:37 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-18 13:40:24 -------- d-----w- c:\documents and settings\indy\local settings\application data\Threat Expert 2011-05-18 13:24:25 -------- d-----w- c:\program files\PC Tools Security 2011-05-18 13:20:44 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2011-05-18 13:03:51 -------- d-----w- c:\documents and settings\indy\application data\uTorrent 2011-05-17 21:55:38 154112 ----a-w- c:\program files\hidfind.exe 2011-05-17 21:40:53 -------- d-----w- c:\documents and settings\indy\application data\Malwarebytes 2011-05-17 21:40:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-17 21:40:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-05-17 21:40:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-17 21:40:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-17 21:39:53 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-05-17 20:24:40 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-05-15 10:14:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-08 16:48:52 90112 ----a-w- c:\windows\system32\hpovst08.dll 2011-05-08 16:48:52 581632 ----a-w- c:\windows\system32\hpotscl.dll 2011-05-08 16:48:49 180315 ----a-w- c:\windows\system32\hpzsnt10.dll 2011-05-01 10:56:54 -------- dc-h--w- c:\documents and settings\all users\application data\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A} 2011-05-01 10:56:31 -------- d-----w- c:\documents and settings\all users\application data\Native Instruments 2011-05-01 10:48:44 28680 ----a-w- c:\windows\system32\mausbasio.dll 2011-05-01 10:48:44 252424 ----a-w- c:\windows\system32\M-AudioFastTrackProControlPanelApplet.cpl 2011-05-01 10:48:44 2519712 ----a-w- c:\windows\system32\madiousb.dll 2011-05-01 10:48:44 143624 ----a-w- c:\windows\system32\drivers\mausb.sys 2011-04-30 19:04:07 -------- d-----w- c:\program files\ASIO4ALL v2 2011-04-30 19:00:55 356864 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe 2011-04-30 18:45:51 -------- d-----w- c:\windows\pss . ==================== Find3M ==================== . 2011-05-19 08:43:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-17 20:32:49 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-05-01 10:25:58 45547520 --sha-w- c:\windows\setupa.exe 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST3250820AS rev.3.ADG -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6EA6F0]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a6f0a10]; MOV EAX, [0x8a6f0a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A775AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000074[0x8A77E030] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A777D98] \Driver\atapi[0x8A74D270] -> IRP_MJ_CREATE -> 0x8A6EA6F0 error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8A6EA53B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 0:01:16.04 =============== Attach and Ark are in the zip file Thank you Indy attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.