BleepingComputer.com: Redirects /w some pop ups maybe (Malware?)

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Redirects /w some pop ups maybe (Malware?)

#1 User is offline   BornAsASlave 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 5
  • Joined: 02-May 11

Posted 28 May 2011 - 02:39 PM

I'm getting redirects in firefox and its really annoying--Maybe some pop-up here and there.
32 bit Win7
DDS log
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Myron at 0:13:58 on 2011-05-29
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3583.2149 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Myron\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Myron\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://plasmoo.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [4ECYTQ9SIC] c:\windows\temp\Qwj.exe
StartupFolder: c:\users\myron\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\myron\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\myron\appdata\roaming\mozilla\firefox\profiles\9t17ob5j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\myron\appdata\roaming\mozilla\firefox\profiles\9t17ob5j.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\myron\appdata\roaming\mozilla\firefox\profiles\9t17ob5j.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-27 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-27 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-27 61960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-4-12 88176]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-16 1077760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-1 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-1 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-28 1343400]
.
=============== Created Last 30 ================
.
2011-05-29 03:57:29 -------- d-----w- c:\program files\Sun
2011-05-29 03:55:17 472808 ----a-w- c:\program files\mozilla firefox\plugins\REN3533.tmp
2011-05-29 03:51:12 472808 ----a-w- c:\program files\mozilla firefox\plugins\REN79A2.tmp
2011-05-29 03:43:45 472808 ----a-w- c:\program files\mozilla firefox\plugins\RENA727.tmp
2011-05-29 02:38:08 -------- d-----w- c:\users\myron\appdata\local\HP
2011-05-29 02:30:48 0 ----a-w- c:\windows\system32\RENEED3.tmp
2011-05-29 02:30:48 0 ----a-w- c:\windows\system32\RENEED2.tmp
2011-05-29 02:30:48 0 ----a-w- c:\windows\system32\RENEED1.tmp
2011-05-29 02:30:37 0 ----a-w- c:\windows\system32\RENC6AA.tmp
2011-05-29 02:30:37 0 ----a-w- c:\windows\system32\RENC6A9.tmp
2011-05-29 02:30:37 0 ----a-w- c:\windows\system32\RENC6A8.tmp
2011-05-29 02:25:18 0 ----a-w- c:\windows\system32\RENE6C7.tmp
2011-05-29 02:25:18 0 ----a-w- c:\windows\system32\RENE6C6.tmp
2011-05-29 02:25:18 0 ----a-w- c:\windows\system32\RENE6C5.tmp
2011-05-29 02:20:24 0 ----a-w- c:\windows\system32\REN6A58.tmp
2011-05-29 02:20:24 0 ----a-w- c:\windows\system32\REN6A57.tmp
2011-05-29 02:20:24 0 ----a-w- c:\windows\system32\REN6A56.tmp
2011-05-29 02:12:10 0 ----a-w- c:\windows\system32\RENE12C.tmp
2011-05-29 02:12:10 0 ----a-w- c:\windows\system32\RENE12B.tmp
2011-05-29 02:12:10 0 ----a-w- c:\windows\system32\RENE11A.tmp
2011-05-29 02:02:30 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-05-29 02:02:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-29 02:02:30 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-05-29 01:58:11 0 ----a-w- c:\windows\system32\REN41E2.tmp
2011-05-29 01:58:11 0 ----a-w- c:\windows\system32\REN41E1.tmp
2011-05-29 01:58:11 0 ----a-w- c:\windows\system32\REN41E0.tmp
2011-05-29 01:57:57 0 ----a-w- c:\windows\system32\REND3C.tmp
2011-05-29 01:57:57 0 ----a-w- c:\windows\system32\REND3B.tmp
2011-05-29 01:57:57 0 ----a-w- c:\windows\system32\REND3A.tmp
2011-05-29 01:57:16 0 ----a-w- c:\windows\system32\REN6C5B.tmp
2011-05-29 01:57:16 0 ----a-w- c:\windows\system32\REN6C4B.tmp
2011-05-29 01:57:16 0 ----a-w- c:\windows\system32\REN6C4A.tmp
2011-05-29 01:35:30 0 ----a-w- c:\windows\system32\REN7CCF.tmp
2011-05-29 01:35:30 0 ----a-w- c:\windows\system32\REN7CCE.tmp
2011-05-29 01:35:30 0 ----a-w- c:\windows\system32\REN7CCD.tmp
2011-05-29 01:34:53 -------- d-----w- c:\program files\VS Revo Group
2011-05-28 20:31:14 0 ----a-w- c:\windows\system32\RENE19A.tmp
2011-05-28 20:31:14 0 ----a-w- c:\windows\system32\RENE199.tmp
2011-05-28 20:31:14 0 ----a-w- c:\windows\system32\RENE198.tmp
2011-05-28 19:51:40 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-05-28 19:51:21 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-28 19:51:18 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-05-28 19:51:18 417792 ----a-w- c:\windows\system32\msdri.dll
2011-05-28 19:51:18 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-05-28 19:51:08 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-28 19:51:04 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-28 19:51:02 2614784 ----a-w- c:\windows\explorer.exe
2011-05-28 19:49:11 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-05-28 19:49:10 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-05-28 19:49:10 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-05-28 19:49:10 369152 ----a-w- c:\windows\system32\secproc.dll
2011-05-28 19:49:10 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2011-05-28 19:49:10 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-05-28 19:49:10 320512 ----a-w- c:\windows\system32\RMActivate.exe
2011-05-28 19:49:10 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-05-28 19:49:10 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-05-28 17:55:34 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-28 17:55:32 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-28 17:55:30 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-28 17:55:30 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-05-28 17:55:30 107520 ----a-w- c:\windows\system32\cdd.dll
2011-05-28 16:40:26 -------- d-----w- C:\Likoooi
2011-05-28 14:57:36 139264 --sha-r- c:\windows\system32\tr-TRY.dll
2011-05-28 06:21:31 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-28 06:21:30 -------- d-----w- c:\users\myron\appdata\local\temp
2011-05-28 05:49:23 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-05-28 05:49:23 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-05-28 05:48:48 -------- d-----w- c:\windows\system32\Wat
2011-05-28 05:47:57 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-05-28 00:38:35 -------- d-----w- c:\users\myron\appdata\roaming\Avira
2011-05-28 00:22:05 -------- d-----w- C:\Rawr14688R
2011-05-28 00:21:44 -------- d-----w- C:\Rawr
2011-05-27 23:34:34 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-27 23:34:33 -------- d-----w- c:\programdata\Avira
2011-05-27 23:34:33 -------- d-----w- c:\program files\Avira
2011-05-27 23:13:52 -------- d-----w- c:\users\myron\appdata\roaming\SUPERAntiSpyware.com
2011-05-27 23:13:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-27 23:13:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-27 23:01:33 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-27 22:18:53 98816 ----a-w- c:\windows\sed.exe
2011-05-27 22:18:53 77312 ----a-r- c:\windows\MBR.exe
2011-05-27 22:18:53 256512 ----a-w- c:\windows\PEV.exe
2011-05-27 22:18:53 161792 ----a-w- c:\windows\SWREG.exe
2011-05-27 22:18:41 -------- d-----w- C:\ComboFix
2011-05-27 21:45:17 -------- d-----w- c:\users\myron\appdata\roaming\DVDVideoSoftIEHelpers
2011-05-27 21:44:35 -------- d-----w- c:\program files\common files\DVDVideoSoft
2011-05-27 21:36:41 5890896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f205aa08-f5f0-4672-b37c-fca9b9a0c295}\mpengine.dll
2011-05-27 21:02:14 0 ---ha-w- c:\users\myron\appdata\local\Ykiwig.bin
2011-05-27 20:42:34 -------- d-----w- c:\windows\system32\appmgmt
2011-05-27 20:04:55 -------- d-----w- c:\users\myron\appdata\roaming\FrostWire
2011-05-22 21:38:56 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2011-05-22 21:31:08 -------- d-----w- c:\program files\Lame For Audacity
2011-05-22 21:30:52 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-05-22 16:55:45 -------- d--h--w- c:\users\myron\appdata\local\{97381455-035C-4450-A105-DFCBEE010F1F}
2011-05-21 23:59:09 469256 ----a-w- c:\program files\common files\windows live\.cache\12735d471cc181343\InstallManager_WLE_WLE.exe
2011-05-21 23:57:46 15712 ----a-w- c:\program files\common files\windows live\.cache\e1f26cc71cc181237\MeshBetaRemover.exe
2011-05-21 23:56:07 94040 ----a-w- c:\program files\common files\windows live\.cache\a6ba1a7b1cc181229\DSETUP.dll
2011-05-21 23:56:07 525656 ----a-w- c:\program files\common files\windows live\.cache\a6ba1a7b1cc181229\DXSETUP.exe
2011-05-21 23:56:07 1691480 ----a-w- c:\program files\common files\windows live\.cache\a6ba1a7b1cc181229\dsetup32.dll
2011-05-21 23:55:50 94040 ----a-w- c:\program files\common files\windows live\.cache\9c628d571cc181228\DSETUP.dll
2011-05-21 23:55:50 525656 ----a-w- c:\program files\common files\windows live\.cache\9c628d571cc181228\DXSETUP.exe
2011-05-21 23:55:50 1691480 ----a-w- c:\program files\common files\windows live\.cache\9c628d571cc181228\dsetup32.dll
2011-05-21 23:53:41 6260088 ----a-w- c:\program files\common files\windows live\.cache\4f3764d41cc181215\Silverlight.4.0.exe
2011-05-21 23:51:18 -------- d--h--w- c:\users\myron\appdata\local\Windows Live
2011-05-21 23:51:16 -------- d-----w- c:\program files\common files\Windows Live
2011-05-06 15:05:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-06 15:05:25 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-06 15:05:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-06 15:05:25 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-06 15:05:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-06 15:05:24 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-06 15:05:24 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-06 15:05:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-02 15:41:01 -------- d--h--w- c:\users\myron\appdata\roaming\Malwarebytes
2011-05-02 15:40:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 15:40:57 -------- d-----w- c:\programdata\Malwarebytes
2011-05-02 15:40:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:40:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-02 14:18:37 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-05-02 14:18:23 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-02 14:18:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-02 14:18:23 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-02 14:18:23 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-02 06:33:47 -------- d-----w- c:\programdata\lP31001EbGgG31001
.
==================== Find3M ====================
.
2011-05-29 03:55:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 20:23:01 258352 ----a-w- c:\windows\system32\unicows.dll
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 0:14:17.61 ===============



------------------------------------------------------------------------------------------
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-29 00:30:40
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HDP725050GLA360 rev.GM4OA5CA
Running: gmer.exe; Driver: C:\Users\Myron\AppData\Local\Temp\agloypog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A84569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA9092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\Myron\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] ntdll.dll!NtQueryInformationProcess 77AA52F0 5 Bytes JMP 017D1CA0
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] ntdll.dll!LdrLoadDll 77ABF5B5 5 Bytes JMP 00181410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WS2_32.dll!closesocket 77BA3BED 5 Bytes JMP 017BCD56
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WS2_32.dll!recv 77BA47DF 5 Bytes JMP 017BC970
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WS2_32.dll!GetAddrInfoW 77BA60F5 5 Bytes JMP 017BBE67
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WS2_32.dll!getaddrinfo 77BA6737 5 Bytes JMP 017BBD87
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WS2_32.dll!WSASend 77BA68A7 5 Bytes JMP 017BCA1E
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WS2_32.dll!WSARecv 77BAC29F 5 Bytes JMP 017BCAF2
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WS2_32.dll!send 77BAC4C8 5 Bytes JMP 017BC8CB
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WS2_32.dll!WSAAsyncGetHostByName 77BB6D2A 5 Bytes JMP 017BC15D
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WS2_32.dll!gethostbyname 77BB7133 5 Bytes JMP 017BBCC6
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] USER32.dll!DrawTextExW 776F7BDD 5 Bytes JMP 017BD349
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] USER32.dll!DrawTextW 776F8220 5 Bytes JMP 017BD187
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] USER32.dll!SetClipboardData 77704979 5 Bytes JMP 017BCDFD
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] USER32.dll!DrawTextA 7770A482 5 Bytes JMP 017BD0AC
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] USER32.dll!DrawTextExA 7770A4B9 5 Bytes JMP 017BD262
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] USER32.dll!DialogBoxParamW 7771564A 5 Bytes JMP 017BC23C
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] GDI32.dll!ExtTextOutW 774D8053 5 Bytes JMP 017BD514
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] GDI32.dll!GetGlyphIndicesW 774DB521 5 Bytes JMP 017BD9A1
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] GDI32.dll!ExtTextOutA 774E0158 5 Bytes JMP 017BD430
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] GDI32.dll!TextOutA 774E0878 5 Bytes JMP 017BCF14
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] GDI32.dll!TextOutW 774F14B9 5 Bytes JMP 017BCFE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] GDI32.dll!GetGlyphIndicesA 774FBC42 5 Bytes JMP 017BD8D4
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WININET.dll!InternetCrackUrlA 76107ABE 5 Bytes JMP 017BDC67
.text C:\Program Files\Mozilla Firefox\firefox.exe[4916] WININET.dll!InternetCrackUrlW 76112E2B 5 Bytes JMP 017BDDB0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4924] USER32.dll!SetWindowLongA 776EB1E3 5 Bytes JMP 65C78DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4924] USER32.dll!SetWindowLongW 776F6614 5 Bytes JMP 65C78D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4924] USER32.dll!GetWindowInfo 776F6A82 5 Bytes JMP 65AA7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4924] USER32.dll!TrackPopupMenu 77714B3B 5 Bytes JMP 65AA7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

This post has been edited by BornAsASlave: 28 May 2011 - 11:31 PM

#2 User is offline   BornAsASlave 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 5
  • Joined: 02-May 11

Posted 28 May 2011 - 11:45 PM

RU Log
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #4
==============================================
>Drivers
==============================================
0x92632000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10080256 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 260.99 )
0x82A41000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A41000 PnpManager 4259840 bytes
0x82A41000 RAW 4259840 bytes
0x82A41000 WMIxWDM 4259840 bytes
0x99790000 Win32k 2404352 bytes
0x99790000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x9802F000 C:\Windows\system32\drivers\viahduaa.sys 1515520 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)
0x8C606000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8C221000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x91922000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C415000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8BEE1000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9FA32000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9736F000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8BE0E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8BF8C000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9183F000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8C38E000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90E32000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9FB50000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9FB01000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x92228000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8C0CD000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C01E000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x97235000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8BE9F000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90F5D000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8C789000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C4CC000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x90FBE000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x91800000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82A0A000 ACPI_HAL 225280 bytes
0x82A0A000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8C178000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x92399000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C547000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x90E8C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C74F000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x981A1000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C7D0000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8C350000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8C077000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x918C9000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8C58A000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C50A000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8C14C000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x923DB000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x92325000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x90F35000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x9FAD3000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x918EF000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C1BD000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C5E1000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x92FD1000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90EC5000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x99620000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x97302000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x92200000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90EF2000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x97332000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xAA296000 C:\Users\Myron\AppData\Local\Temp\agloypog.sys 102400 bytes
0x97200000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x981D0000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x918A3000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9228D000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x92302000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x92347000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9235F000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x92376000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x90E10000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x97294000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x972EB000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8C12D000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x9731D000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x972B6000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8C37B000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9735C000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90F0C000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x922F0000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x91910000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x97219000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8C579000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x98014000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8C1AC000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x97283000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8C0AC000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8BE86000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x92FF0000 C:\Windows\system32\DRIVERS\L1E62x86.sys 65536 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20))
0x9734C000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C52F000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x90F1F000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8C0BD000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x92273000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x918BB000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x90EE4000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C00B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8C11F000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C3EB000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x923CD000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8BE00000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x922E3000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x981F3000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x922BF000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x922CC000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9FAF4000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C1DE000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x90FB2000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x972C9000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8C209000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x98000000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x92282000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x972AB000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x972D5000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x972E0000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8C000000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9231A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x90E27000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x92600000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8C0A1000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x981E9000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x97279000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x90FA8000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90F9E000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9238D000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9FAC9000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x922D9000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8C16F000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xAA286000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8C143000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9800B000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8C200000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xAA2AF000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x999F0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C780000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8C066000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8BE97000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C53F000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BCB000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8C06F000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C215000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C1EB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8C1F3000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8C7C8000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C407000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x98027000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8C118000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xAA28F000 C:\Users\Myron\AppData\Local\Temp\mbr.sys 28672 bytes
0x8C400000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9722B000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x90EBE000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x90F57000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x90F2F000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x922A5000 C:\Windows\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0x92FCF000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 260.99 )
0x92397000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x98025000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0xAA246F2E Unknown thread object [ ETHREAD 0x871EC670 ] , 600

#3 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 02 June 2011 - 12:17 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.

  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!

  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.

  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!

  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!

  • Please do not PM me directly for help. If you have any questions, post them in this topic.

  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.


____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#4 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 04 June 2011 - 12:03 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users