Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

suspected hijack

scrd01

By scrd01
in Spyware-Malware Removal Help!

Recommended Posts

scrd01 Newbie

scrd01

Posted
Posted

Hello, i would be gratefull if you would check the attached HJT & GMER logs for possible hijack/infection.

 

Background

 

paid for AV ran out 3mths ago not protected since (this is not my computer its the granddaughters aged 11 SAYS EVERYTHING).

 

I installed and ran avast free home IOBIT360 windows defender MBAM SAS,

 

between them numerous spyware/malware and the Vundo virus items were found and removed

I also ran ESET on line which found and quaratined a trojan

 

MBAM & SAS scans now appear clean

 

However when i ran a preboot scan with Avast it got bout half way thru and BSOD, rebooted and reran during this a rootkit pop up appeared/dissappeared but the scan finished normally on checking the scan log NOTHING showed up and reported as clean.

 

i have been clearing out lots of toolbars and other apps/programs

 

since then the OS has been shuttingdown abnormally on a few occassions twice while saving gmer/hjt logs to desktop.

NO redirects

 

thanking you in advance

 

ROY

hijackthis.txt

rgmer.txt

removed eset.txt

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Re-running ComboFix to remove infections:

 

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
     
    File::
    c:\windows\system32\9B64.tmp
     
    Driver::
    MEMSWEEP2
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe
     
    http://img19.imageshack.us/img19/5660/cfscriptb4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

**********************************************

Link to comment
Share on other sites
scrd01 Newbie

scrd01

Posted
  • Author
Posted

combofix log

 

Hi Dave,

 

Combofix log attached.

 

FYI

Combofix updated to a newer version before running,

During log creation error pop up ???142 (all i could get) appeared

The laptop then rebooted and came back to preparing log, and

completed successfully???.

 

I will rerun if required

 

thanks Dave

 

 

Roy

ComboFix.txt

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Please download 7-Zip and install it. If you already have it, no need to reinstall.

 

Then, download RootkitUnhooker and save the setup to your Desktop.

 

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Download OTM by OldTimer to your desktop.

 

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

 

* Save it to your Desktop.

* Double-click OTM.exe to run it.

* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

 

:Processes
explorer.exe

:files
C:\Users\Melaine\AppData\Local\temp\~DF4E50.tmp::$DATA
C:\Users\Melaine\AppData\Local\temp\~DF529C.tmp::$DATA
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

 

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

* Click the red Moveit! button.

* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTM

 

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Link to comment
Share on other sites
scrd01 Newbie

scrd01

Posted
  • Author
Posted

otm log

 

Dave,

copy of OTM log as requested

 

cheers

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

File/Folder C:\Users\Melaine\AppData\Local\temp\~DF4E50.tmp::$DATA not found.

File/Folder C:\Users\Melaine\AppData\Local\temp\~DF529C.tmp::$DATA not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Kids

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 44608413 bytes

->Java cache emptied: 25802324 bytes

->Flash cache emptied: 19543 bytes

 

User: Melaine

->Temp folder emptied: 74551 bytes

->Temporary Internet Files folder emptied: 149159966 bytes

->Java cache emptied: 51106893 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1557 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3198 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1291807 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 259.00 mb

 

 

OTM by OldTimer - Version 3.1.16.1 log created on 10052010_214249

 

Files moved on Reboot...

C:\Users\Melaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\81L2KA4C\showthread[2].php moved successfully.

C:\Users\Melaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\Users\Melaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

Roy

Link to comment
Share on other sites
scrd01 Newbie

scrd01

Posted
  • Author
Posted

update

 

Dave, its still running but,

 

THE TWO TEMP files have changed id's

now DFA848.tmp/DFB159.tmp,

 

do you want me to run OTM again, but with, the 2 above ids.

BEFORE i turn my pc off

 

It looks like those files get changed every time the pc is shut down.

 

 

ROY

Link to comment
Share on other sites
scrd01 Newbie

scrd01

Posted
  • Author
Posted

log

 

have to sRkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>SSDT State

==============================================

==============================================

>Shadow

==============================================

==============================================

>Processes

==============================================

0x876A6658 [12] C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation, TOSHIBA Power Saver)

0x84A6A020 [188] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation, Windows Live Messenger)

0x84B7E020 [212] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)

0x84A4CD90 [340] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation, Macrovision Software Manager)

0x8665E300 [484] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)

0x849B9AA0 [524] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION, ConfigFree tray)

0x87655870 [540] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x868A1D90 [552] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x876938A8 [592] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)

0x86D1DD08 [596] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)

0x86854D90 [608] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x84A7DD90 [636] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation, GrooveMonitor Utility)

0x86A4DAA0 [640] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)

0x86A4F570 [652] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)

0x8627A8D8 [660] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)

0x86BC4480 [744] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)

0x86A4F2E0 [852] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x86C08D90 [912] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation, PresentationFontCache.exe)

0x84B87BF0 [952] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation, TOSHIBA Power Saver)

0x86BF5D90 [956] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x86C22B50 [1004] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x849AD020 [1044] C:\Windows\System32\wpcumi.exe (Microsoft Corporation, Windows Parental Control Notifications)

0x86CA4660 [1084] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x849AB388 [1132] C:\Windows\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)

0x86C81330 [1144] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x86C8CD90 [1176] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x86CABD90 [1280] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x86CBA2F0 [1296] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)

0x84B47AA8 [1312] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)

0x86D116B8 [1356] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x861CFD90 [1484] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x874F7C48 [1492] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x875363B0 [1672] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)

0x87538A20 [1696] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8767D6C0 [1704] C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation, TOSHIBA Navi Support Service)

0x876A2408 [1828] C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation, TDCSrv Application)

0x84A9D020 [1868] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (-, En-us)

0x8770D020 [1904] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)

0x875DB998 [1928] C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION, Service of ConfigFree.)

0x87603318 [2036] C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit, IObit Security 360)

0x876BB620 [2084] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc., ULCDRSvr)

0x876BC340 [2180] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x84AF4B58 [2200] C:\Windows\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)

0x876BE4D0 [2204] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)

0x86CFBD60 [2280] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)

0x84B70020 [2436] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation, SmoothView)

0x84AF83C0 [2604] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation, TOSHIBA Flash Cards)

0x849B5A78 [2688] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation, Windows Media Player Network Sharing Service Configuration Application)

0x87CA9D50 [2852] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)

0x84AFBD68 [3020] C:\Program Files\IObit\IObit Security 360\is360tray.exe (IObit, IObit Security 360)

0x84B28D90 [3076] C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION, ConfigFree Switch Manager)

0x84992D90 [3468] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)

0x86134750 [3540] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)

0x84A4BB68 [3632] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)

0x84A5F478 [3680] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)

0x876C0370 [4004] C:\Windows\System32\hkcmd.exe (Intel Corporation, hkcmd Module)

0x85FE4A98 [4012] C:\Windows\System32\igfxpers.exe (Intel Corporation, persistence Module)

0x84ABEA78 [4068] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)

0x87839518 [4072] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor, HD Audio Control Panel)

0x851777C8 [5696] C:\Program Files\IObit\IObit Security 360\is360.exe (IObit, IObit Security 360)

0x85A3F9C0 [7248] C:\Windows\System32\MustBeRandomlyNamed\tRJc4h1o3S0gCpJV.exe (UG North, RKULE, SR2 Normandy)

0x850FD798 [10536] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)

0x858AB6A8 [11156] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)

0x8442E8B0 [4] System

0x86CBC110 [1260] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )

==============================================

>Drivers

==============================================

0x8BC07000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6299648 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x82011000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x82011000 PnpManager 3903488 bytes

0x82011000 RAW 3903488 bytes

0x82011000 WMIxWDM 3903488 bytes

0x95050000 Win32k 2109440 bytes

0x95050000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8C80D000 C:\Windows\system32\drivers\RTKVHDA.sys 1937408 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x83201000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)

0x8267E000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8300A000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)

0x804D5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xAA40E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0xA666B000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)

0x8C209000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8C30E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x8060D000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x8260D000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)

0xA6772000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8CB9C000 C:\Windows\system32\DRIVERS\RTL8187B.sys 385024 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)

0xA8EF3000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x8334F000 C:\Windows\system32\DRIVERS\tos_sps32.sys 307200 bytes (TOSHIBA Corporation, tos_sps2)

0x8073F000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8CA07000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x80696000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x80494000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x831A1000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8C2C1000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8CAEE000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x827B4000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)

0xA8E7B000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x83311000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x8C39B000 C:\Windows\system32\DRIVERS\yk60x86.sys 233472 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)

0xA6629000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)

0x8C6B4000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x823CA000 ACPI_HAL 208896 bytes

0x823CA000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x805B5000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8CA54000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x83172000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x8C6FA000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x82789000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8C673000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0xA672B000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x8CB4B000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)

0x833B1000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x806ED000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xA8ECC000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8C727000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8C606000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x8CAC6000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)

0x8310F000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0xA8E3B000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x8C74C000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0xA8E5C000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x807B6000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0xA67DF000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x830F4000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0xA660E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0xA8E0D000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x83150000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xA8EB4000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8CB34000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x805E7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xAA502000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8CA8F000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8C79F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0xA8E26000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8C64C000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8C638000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8C7BF000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8C3D4000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0xA675F000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8CAB3000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xA8F59000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 73728 bytes (Microsoft Corporation, IP FILTER DRIVER)

0x833D8000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8C6E9000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x8047B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x807DE000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x8CB7B000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)

0xA671B000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x8079E000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8C661000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x83141000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8C7EA000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x833A2000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80714000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8C629000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8C2FF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x80730000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x95290000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8CAA5000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8C788000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x80790000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x8C6A7000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x80689000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xAA4F6000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8C800000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8C2AA000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)

0x8C3E7000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8C3F2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8C77D000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x831ED000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x831E2000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x833F2000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8C2B6000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x8C7B5000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)

0x80726000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)

0x8C7E0000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x807D4000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)

0x8C69D000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA6755000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8CB2A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0xAA4EC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x833E9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8C9E6000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x8CB72000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xAA518000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x8C796000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x95270000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x83130000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x806DC000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8CA86000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0x807AE000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x8048C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x83139000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)

0x8CB94000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x806E5000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8C76D000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8C775000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8339A000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x8C9F6000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8CB8B000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x80789000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0x80404000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8C9EF000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x83168000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x8CAE8000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)

0x8CA4F000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)

0x8334A000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)

0x8316E000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0x8BC00000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)

0xA6660000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)

0x80723000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x8C671000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8CB92000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)plit part1

Link to comment
Share on other sites
scrd01 Newbie

scrd01

Posted
  • Author
Posted

log part 2

 

stealth to end

 

==============================================

>Stealth

==============================================

0x04260000 Hidden Image-->TCrdMain.resources.dll [ EPROCESS 0x84AF83C0 ] PID: 2604, 978944 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Users\Melaine\AppData\Local\temp\~DFA8A8.tmp::$DATA

!-->[Hidden] C:\Users\Melaine\AppData\Local\temp\~DFB159.tmp::$DATA

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x820B97AA-->820B97B1 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x822A290A-->8CB60BB2 [aswSP.SYS]

ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump 0x82242905-->8CB609D6 [aswSP.SYS]

ntkrnlpa.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x8217CDF0-->8CB60B10 [aswSP.SYS]

ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x82241063-->8CB5DFFA [aswSP.SYS]

ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x821E828F-->8CB5C5D4 [aswSP.SYS]

[10536]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [iEShims.dll]

[10536]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->00000000 [iEShims.dll]

[10536]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->00000000 [iEShims.dll]

[10536]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [iEShims.dll]

[10536]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [iEShims.dll]

[10536]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [iEShims.dll]

[10536]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B611AC-->00000000 [iEShims.dll]

[10536]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x768E11A4-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x768E132C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x768E1114-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x768E136C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x768E1428-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x768E1140-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x768E1384-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x768E2320-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x768E1890-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x768E1A6C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x768E191C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x76308E3B-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x763226F1-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x76329A62-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x763217AA-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x763072A2-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x76311305-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7634847D-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x76332EF5-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x76348152-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x763310B0-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7630CD8B-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x7633326E-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x7630863C-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x76318CB1-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x76321847-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x76320745-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->00000000 [iEShims.dll]

[10536]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x7635D972-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7635D639-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7635D65D-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7635D4D9-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7635D5D3-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x76332F75-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x76346FB2-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x76330987-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x763087AD-->00000000 [ieframe.dll]

[10536]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x763098DB-->00000000 [ieframe.dll]

[10536]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [iEShims.dll]

[10536]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [iEShims.dll]

[11156]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x76311305-->00000000 [ieframe.dll]

[11156]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7634847D-->00000000 [ieframe.dll]

[11156]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x76332EF5-->00000000 [ieframe.dll]

[11156]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x76348152-->00000000 [ieframe.dll]

[11156]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x763310B0-->00000000 [ieframe.dll]

[11156]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7635D639-->00000000 [ieframe.dll]

[11156]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7635D65D-->00000000 [ieframe.dll]

[11156]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7635D4D9-->00000000 [ieframe.dll]

[11156]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7635D5D3-->00000000 [ieframe.dll]

[1904]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7624A84F-->00000000 [unknown_code_page]

[3632]explorer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - DirectJump 0x77881EE9-->00000000 [unknown_code_page]

[3632]explorer.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - DirectJump 0x778C80C1-->00000000 [unknown_code_page]

[3632]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x76221C28-->00000000 [unknown_code_page]

[3632]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x76221BF3-->00000000 [unknown_code_page]

[3632]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76249109-->00000000 [unknown_code_page]

[8472]MSASCui.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - DirectJump 0x77881EE9-->00000000 [unknown_code_page]

[8472]MSASCui.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - DirectJump 0x778C80C1-->00000000 [unknown_code_page]

[8472]MSASCui.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778E72A1-->00000000 [unknown_code_page]

[8472]MSASCui.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778A9EB4-->00000000 [unknown_code_page]

[8472]MSASCui.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x76221C28-->00000000 [unknown_code_page]

[8472]MSASCui.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x76221BF3-->00000000 [unknown_code_page]

[8472]MSASCui.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76249109-->00000000 [unknown_code_page]

[8472]MSASCui.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x77BD4414-->00000000 [unknown_code_page]

[8472]MSASCui.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x77BD5454-->00000000 [unknown_code_page]

 

 

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Copy and paste the text in the code box below into Notepad.

@echo off
del /f C:\Users\Melaine\AppData\Local\temp\~DFA8A8.tmp::$ DATA
del /f C:\Users\Melaine\AppData\Local\temp\~DFB159.tmp::$ DATA

exit

 

Then click File > Save as

Save to the Desktop as blackpudding.bat

And Save as type: All Files.

 

Double-click on blackpudding.bat to run it.

Link to comment
Share on other sites
scrd01 Newbie

scrd01

Posted
  • Author
Posted

lets try again log unhooker part1

 

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>SSDT State

==============================================

==============================================

>Shadow

==============================================

==============================================

>Processes

==============================================

0x8771D3D0 [12] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8660D968 [484] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)

0x8774AD90 [528] C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation, TOSHIBA Power Saver)

0x869ABD90 [552] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x86A0F488 [596] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)

0x8696AD90 [608] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x8771E720 [612] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)

0x86ABC910 [640] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)

0x86A91D90 [652] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)

0x86A90020 [660] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)

0x86BA6430 [744] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)

0x86A91B00 [852] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87405828 [912] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation, PresentationFontCache.exe)

0x8744E760 [956] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x86BB6D90 [1008] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87477D90 [1088] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x874AE790 [1132] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x874D9408 [1176] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8774E8C8 [1248] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x874D3D90 [1276] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87508D90 [1292] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)

0x8750DD90 [1340] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8753C388 [1452] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x876F3510 [1460] C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation, TOSHIBA Navi Support Service)

0x880528E0 [1576] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)

0x86B48528 [1660] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)

0x86B4AD90 [1688] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87654D28 [1876] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)

0x86B2CD90 [1900] C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION, Service of ConfigFree.)

0x87736D90 [1924] C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation, TDCSrv Application)

0x87674620 [1976] C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit, IObit Security 360)

0x87772D90 [2064] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc., ULCDRSvr)

0x87797020 [2148] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87642020 [2192] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)

0x877CD958 [2272] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)

0x87ECBB98 [2948] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)

0x86087D90 [3140] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87E43AE0 [3148] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)

0x87F7C618 [3176] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)

0x87E33708 [3208] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)

0x87FA0B30 [3372] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)

0x852293B0 [3472] C:\Windows\System32\hkcmd.exe (Intel Corporation, hkcmd Module)

0x87F9FD90 [3492] C:\Windows\System32\igfxpers.exe (Intel Corporation, persistence Module)

0x8785A5A0 [3552] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor, HD Audio Control Panel)

0x86B966B8 [3652] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION, ConfigFree tray)

0x87FE7020 [3700] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation, TOSHIBA Power Saver)

0x88009D08 [3712] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation, SmoothView)

0x8788C868 [3728] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation, TOSHIBA Flash Cards)

0x87E47020 [3752] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation, GrooveMonitor Utility)

0x87FDBA78 [3808] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)

0x88007D90 [3816] C:\Windows\System32\wpcumi.exe (Microsoft Corporation, Windows Parental Control Notifications)

0x880253E0 [3836] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)

0x88003740 [3860] C:\Program Files\IObit\IObit Security 360\is360tray.exe (IObit, IObit Security 360)

0x8803EAD0 [3880] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (-, En-us)

0x8804BB28 [3892] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation, Macrovision Software Manager)

0x8803F020 [3900] C:\Windows\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)

0x8807B250 [3912] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation, Windows Live Messenger)

0x8803DD90 [3940] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation, Windows Media Player Network Sharing Service Configuration Application)

0x88085020 [4036] C:\Windows\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)

0x881585C8 [4052] C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION, ConfigFree Switch Manager)

0x86B9D7A8 [5648] C:\Program Files\IObit\IObit Security 360\is360.exe (IObit, IObit Security 360)

0x880D9CE8 [5864] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)

0x84CE0020 [5912] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)

0x84D301B8 [8832] C:\Windows\System32\MustBeRandomlyNamed\tRJc4h1o3S0gCpJV.exe (UG North, RKULE, SR2 Normandy)

0x87F91048 [9856] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation, Windows Defender User Interface)

0x8442E8B0 [4] System

0x87503458 [1256] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )

==============================================

>Drivers

==============================================

0x8BC02000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6299648 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x8201A000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x8201A000 PnpManager 3903488 bytes

0x8201A000 RAW 3903488 bytes

0x8201A000 WMIxWDM 3903488 bytes

0x950B0000 Win32k 2109440 bytes

0x950B0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8C808000 C:\Windows\system32\drivers\RTKVHDA.sys 1937408 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x8320F000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)

0x82676000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x83005000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)

0x804D5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xAA400000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0xA670D000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)

0x8C204000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8C309000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x80602000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x82605000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)

0xA66A0000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8CBA2000 C:\Windows\system32\DRIVERS\RTL8187B.sys 385024 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)

0xA90BC000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x8335D000 C:\Windows\system32\DRIVERS\tos_sps32.sys 307200 bytes (TOSHIBA Corporation, tos_sps2)

0x80734000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8CA0D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x8068B000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x80494000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x83198000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8C2BC000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8CAF4000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x827AC000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)

0xA9044000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x8331F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x8C396000 C:\Windows\system32\DRIVERS\yk60x86.sys 233472 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)

0xA6607000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)

0x8C6B8000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x823D3000 ACPI_HAL 208896 bytes

0x823D3000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x805B5000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8CA5A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x83169000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x8C6FE000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x82781000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8C677000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0xA6659000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x8CB51000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)

0x833BF000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x806E2000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xA9095000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8C72B000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8C60A000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x8CACC000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)

0x8310A000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0xA9004000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x8C75C000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0xA9025000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x807AB000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0xA67BD000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x830EF000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x8C7E2000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0xA67DA000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8314B000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xA907D000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8CB3A000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x831E4000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xAA4F4000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8CA95000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8C79F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0x807E3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8C650000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8C63C000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8C7BF000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8C3CF000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0xA668D000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8CAB9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xA9122000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 73728 bytes (Microsoft Corporation, IP FILTER DRIVER)

0x833E6000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8C6ED000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x8047B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x807D3000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x8CB81000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)

0xA6649000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x80793000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8C665000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8313C000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8C7D3000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x833B0000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80709000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8C62D000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8C2FA000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x80725000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x952F0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8CAAB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8C788000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x80785000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x8C6AB000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x8067E000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xAA4E8000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8C750000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8C2A5000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)

0x8C3E2000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8C3ED000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8C77D000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x827E7000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x831D9000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x83200000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8C2B1000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x8C7B5000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)

0x8071B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)

0x8CA00000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x807C9000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)

0x8C6A1000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA6683000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8CB30000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0xAA4DE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x833F7000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8C9E1000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x8CB78000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xAA50A000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x8C796000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x952D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x8312B000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x806D1000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8CA8C000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0x807A3000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x8048C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x83134000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)

0x8CB9A000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x806DA000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8C9F8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8C800000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x833A8000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x8C9F1000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8CB91000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x8077E000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0x80404000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8C9EA000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x83163000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x8CAEE000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)

0x8CA55000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)

0x83358000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)

0x8C3FC000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0x8C3F8000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)

0xA663E000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)

0x80718000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x8C675000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8CB98000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

Link to comment
Share on other sites
scrd01 Newbie

scrd01

Posted
  • Author
Posted

part2 stealth down

 

Stealth

==============================================

0x05040000 Hidden Image-->TCrdMain.resources.dll [ EPROCESS 0x8788C868 ] PID: 3728, 978944 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Users\Melaine\AppData\Local\temp\~DF80C3.tmp::$DATA

!-->[Hidden] C:\Users\Melaine\AppData\Local\temp\~DF8895.tmp::$DATA

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x820C27AA-->820C27B1 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x822AB90A-->8CB66BB2 [aswSP.SYS]

ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump 0x8224B905-->8CB669D6 [aswSP.SYS]

ntkrnlpa.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x82185DF0-->8CB66B10 [aswSP.SYS]

ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x8224A063-->8CB63FFA [aswSP.SYS]

ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x821F128F-->8CB625D4 [aswSP.SYS]

[1876]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x76D7A84F-->00000000 [unknown_code_page]

[3208]explorer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - DirectJump 0x767C1EE9-->00000000 [unknown_code_page]

[3208]explorer.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - DirectJump 0x768080C1-->00000000 [unknown_code_page]

[3208]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x76D51C28-->00000000 [unknown_code_page]

[3208]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x76D51BF3-->00000000 [unknown_code_page]

[3208]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76D79109-->00000000 [unknown_code_page]

[5864]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x76321305-->00000000 [ieframe.dll]

[5864]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7635847D-->00000000 [ieframe.dll]

[5864]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x76342EF5-->00000000 [ieframe.dll]

[5864]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x76358152-->00000000 [ieframe.dll]

[5864]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x763410B0-->00000000 [ieframe.dll]

[5864]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7636D639-->00000000 [ieframe.dll]

[5864]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7636D65D-->00000000 [ieframe.dll]

[5864]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7636D4D9-->00000000 [ieframe.dll]

[5864]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7636D5D3-->00000000 [ieframe.dll]

[5912]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [iEShims.dll]

[5912]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->00000000 [iEShims.dll]

[5912]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->00000000 [iEShims.dll]

[5912]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [iEShims.dll]

[5912]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [iEShims.dll]

[5912]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [iEShims.dll]

[5912]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B611AC-->00000000 [iEShims.dll]

[5912]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x768E11A4-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x768E132C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x768E1114-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x768E136C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x768E1428-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x768E1140-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x768E1384-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x768E2320-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x768E1890-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x768E1A6C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x768E191C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x76318E3B-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x763326F1-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x76339A62-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x763317AA-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x763172A2-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x76321305-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7635847D-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x76342EF5-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x76358152-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x763410B0-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7631CD8B-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x7634326E-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x7631863C-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x76328CB1-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x76331847-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x76330745-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->00000000 [iEShims.dll]

[5912]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x7636D972-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7636D639-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7636D65D-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7636D4D9-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7636D5D3-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x76342F75-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x76356FB2-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x76340987-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x763187AD-->00000000 [ieframe.dll]

[5912]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x763198DB-->00000000 [ieframe.dll]

[5912]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [iEShims.dll]

[5912]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [iEShims.dll]

[9856]MSASCui.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - DirectJump 0x767C1EE9-->00000000 [unknown_code_page]

[9856]MSASCui.exe-->advapi32.dll-->CreateProcessWithLogonW, Type: Inline - DirectJump 0x768080C1-->00000000 [unknown_code_page]

[9856]MSASCui.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x768272A1-->00000000 [unknown_code_page]

[9856]MSASCui.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x767E9EB4-->00000000 [unknown_code_page]

[9856]MSASCui.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x76D51C28-->00000000 [unknown_code_page]

[9856]MSASCui.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x76D51BF3-->00000000 [unknown_code_page]

[9856]MSASCui.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76D79109-->00000000 [unknown_code_page]

[9856]MSASCui.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x77064414-->00000000 [unknown_code_page]

[9856]MSASCui.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x77065454-->00000000 [unknown_code_page]

Link to comment
Share on other sites
scrd01 Newbie

scrd01

Posted
  • Author
Posted

combofix

 

Dave

 

log as requested,

 

comment dissabled 360, but when i went bak to turn it on it would not run,

i checked the properties window and th start in box is empty???

 

roy

 

ComboFix 10-10-07.02 - Melaine 08/10/2010 16:30:06.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1124 [GMT 1:00]

Running from: c:\users\Melaine\Desktop\commy.exe

Command switches used :: /stepdel

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))

.

 

2010-10-08 15:36 . 2010-10-08 15:36 -------- d-----w- c:\users\Melaine\AppData\Local\temp

2010-10-08 15:36 . 2010-10-08 15:36 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-10-08 15:36 . 2010-10-08 15:36 -------- d-----w- c:\users\Kids\AppData\Local\temp

2010-10-08 15:36 . 2010-10-08 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-08 15:22 . 2010-10-08 15:22 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2010-10-05 20:23 . 2010-10-05 20:23 -------- d-----w- C:\_OTM

2010-10-04 21:39 . 2010-10-07 19:32 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed

2010-10-04 21:35 . 2010-10-04 21:35 -------- d-----w- c:\program files\7-Zip

2010-10-03 12:05 . 2010-10-03 12:05 -------- d-----w- C:\MicroGaming

2010-10-02 20:01 . 2010-10-02 20:13 -------- d-----w- C:\Commy

2010-10-02 16:59 . 2010-10-02 16:59 388096 ----a-r- c:\users\Melaine\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-10-02 12:44 . 2010-10-02 12:44 -------- d-----w- c:\program files\ESET

2010-09-29 13:29 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-28 18:48 . 2010-09-28 18:48 -------- d-----w- c:\program files\Trend Micro

2010-09-26 22:21 . 2010-09-26 22:21 -------- d-----w- c:\programdata\IObit

2010-09-26 09:18 . 2010-09-26 22:21 -------- d-----w- c:\users\Melaine\AppData\Roaming\IObit

2010-09-26 09:18 . 2010-09-26 22:21 -------- d-----w- c:\program files\IObit

2010-09-26 08:59 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll

2010-09-26 08:41 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-26 08:41 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-26 08:41 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-26 08:41 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-26 08:41 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-09-26 08:40 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-09-26 08:40 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-26 08:40 . 2010-09-26 08:40 -------- d-----w- c:\programdata\Alwil Software

2010-09-26 08:40 . 2010-09-26 08:40 -------- d-----w- c:\program files\Alwil Software

2010-09-26 08:39 . 2010-09-26 08:39 -------- d-----w- c:\users\Melaine\AppData\Roaming\Malwarebytes

2010-09-26 08:39 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-26 08:39 . 2010-09-26 08:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-26 08:39 . 2010-09-26 08:39 -------- d-----w- c:\programdata\Malwarebytes

2010-09-26 08:39 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-26 08:23 . 2010-09-26 08:23 63488 ----a-w- c:\users\Melaine\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-26 08:23 . 2010-09-26 08:23 52224 ----a-w- c:\users\Melaine\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-26 08:23 . 2010-09-26 08:23 117760 ----a-w- c:\users\Melaine\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-26 08:22 . 2010-09-26 08:22 -------- d-----w- c:\users\Melaine\AppData\Roaming\SUPERAntiSpyware.com

2010-09-26 08:22 . 2010-09-26 08:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-09-26 08:22 . 2010-10-01 21:25 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-26 08:18 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-26 08:16 . 2010-05-21 13:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-09-15 11:06 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll

2010-09-15 11:06 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe

2010-09-15 11:06 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL

2010-09-15 11:06 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-01 19:05 . 2009-11-06 18:04 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-29 13:20 . 2009-12-13 11:42 -------- d-----w- c:\program files\Google

2010-09-28 19:52 . 2007-09-19 18:06 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-28 19:22 . 2010-09-05 17:56 -------- d-----w- c:\program files\QuickTime

2010-09-28 19:22 . 2008-01-13 18:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-09-28 19:22 . 2008-01-11 20:08 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller

2010-09-28 19:21 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat

2010-09-28 19:21 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat

2010-09-28 19:21 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstor.dat

2010-09-28 19:19 . 2007-09-19 18:01 -------- d-----w- c:\program files\Common Files\Java

2010-09-27 00:11 . 2010-04-10 21:14 -------- d--h--w- c:\programdata\{F7C61E88-394D-4CDD-856B-DB14974FE9C8}

2010-09-26 18:41 . 2007-09-19 18:36 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-09-26 13:14 . 2010-04-10 21:14 -------- d--h--w- c:\programdata\~0

2010-09-26 11:29 . 2010-02-16 14:08 -------- d-----w- c:\users\Melaine\AppData\Roaming\Skype

2010-09-26 09:01 . 2010-09-26 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf

2010-09-26 08:57 . 2009-11-06 17:56 -------- d-----w- c:\program files\Microsoft

2010-09-26 08:50 . 2008-01-13 18:11 -------- d-----w- c:\program files\Microsoft.NET

2010-09-26 08:07 . 2010-02-16 20:12 -------- d-----w- c:\users\Melaine\AppData\Roaming\skypePM

2010-09-23 12:44 . 2008-06-27 21:02 680 ----a-w- c:\users\Melaine\AppData\Local\d3d9caps.dat

2010-09-17 08:50 . 2008-01-13 18:02 -------- d-----w- c:\programdata\Microsoft Help

2010-09-17 08:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-09-15 11:07 . 2008-08-24 09:47 -------- d-----w- c:\programdata\Lx_cats

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-06-27 436088]

"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

 

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:57]

 

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:57]

 

2010-10-08 c:\windows\Tasks\User_Feed_Synchronization-{FE4CA7AE-D431-4F0E-A64E-D0EE3968C967}.job

- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

LSP: c:\windows\system32\wpclsp.dll

.

.

Completion time: 2010-10-08 16:40:35

ComboFix-quarantined-files.txt 2010-10-08 15:40

ComboFix2.txt 2010-10-04 18:37

ComboFix3.txt 2010-10-04 18:04

ComboFix4.txt 2010-10-02 20:13

 

Pre-Run: 3,856,584,704 bytes free

Post-Run: 3,402,444,800 bytes free

 

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - 13ACDA6D924383CE89D275473FE3E7B4

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...