Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit:swf/cve-2010-2884.c


  • This topic is locked This topic is locked
18 replies to this topic

#1 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W


  • Members
  • 6,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 24 December 2010 - 08:19 AM

ALSO...i ran malwarebytes today(24th) and it gave up this ::
Files Infected:
c:\documents and settings\hp_administrator\my documents\downloads\Rhino3D\rh40sr_en_20090226\patch.exe (Trojan.Agent) -
I removed it(quarantine)
I wondered if this had anything to do with my original drama !
I also ran microsoft windows live scanner....nil result
Also...my son d'loaded several movies...(groan)...i forgot to tell him not to touch !
I was away for a few days...so i hope that was all that was done in my absence !!


DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 22:29:04.26 on Fri 24/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2470 [GMT 11:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cumulus\cumulus.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Logitech\Z Cinema\Z Cinema.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\FoxyTunes\FoxyTunesEngine\1.0.0.7271_{731AB6E5-E03A-4AAD-A329-95911B53CEF7}\FoxyTunesEngine.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AutorunsDisabled - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ALCMTR] ALCMTR.EXE
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\qlock.lnk - c:\program files\qlock\qlock.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\zcinem~1.lnk - c:\docume~1\hp_adm~1\applic~1\microsoft\installer\{ee885042-228a-446f-a30d-64ecbdc93859}\StartupShortcut_EE885042228A446FA30D64ECBDC93859.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cumulus.lnk - c:\program files\cumulus\cumulus.exe
IE: E&xport to Microsoft Excel
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\smtn1fh8.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/news|http://www.smh.com.au/|http://www.theaustralian.news.com.au/|http://www.abc.net.au/news/| http://www.dailytelegraph.com.au/|www.reddit.com/| http://english.aljazeera.net/
FF - prefs.js: keyword.URL - hxxp://search.newtabking.com/?t=1&q=
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\smtn1fh8.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\smtn1fh8.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\smtn1fh8.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: CyberSearch: cybersearch@cybernetnews.com - %profile%\extensions\cybersearch@cybernetnews.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Ext: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Ext: New Tab King: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} - %profile%\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
FF - Ext: OptimizeGoogle: optimizegoogle@optimizegoogle.com - %profile%\extensions\optimizegoogle@optimizegoogle.com
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: MailCatch: Temporary Emails: firefox@mailcatch.com - %profile%\extensions\firefox@mailcatch.com
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-12-20 21992]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-20 10448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-21 363344]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-8-14 2829696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-21 20952]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-8-14 468768]
R3 ZCinema_TSHD;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_i386.sys [2009-10-19 21392]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\hp_adm~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\hp_adm~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\hp_adm~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\hp_adm~1\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\hp_adm~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\hp_adm~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-8-27 23456]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-2-1 122504]
S3 SASENUM;SASENUM;\??\c:\docume~1\hp_adm~1\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\hp_adm~1\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-23 20:20:52 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c08d85ac-d9fd-4ed2-a78f-75267cda1b15}\mpengine.dll
2010-12-21 11:44:28 -------- d-----w- c:\program files\Freemake
2010-12-20 10:33:07 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2010-12-20 10:33:06 -------- d-----w- c:\program files\CPUID
2010-12-18 07:47:19 -------- d-----w- C:\desktop
2010-12-18 06:50:07 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2010-12-18 06:50:02 -------- d-----w- c:\program files\Stardock
2010-12-18 05:56:08 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\PackageAware
2010-12-18 04:21:23 -------- d-----w- c:\program files\iPod
2010-12-18 03:03:39 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-18 03:03:13 -------- dc-h--w- c:\windows\ie8
2010-12-16 17:47:43 -------- d-----w- c:\program files\Auslogics
2010-12-16 09:41:05 -------- d-----w- c:\program files\Speccy
2010-12-15 02:27:47 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 02:27:21 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-09 03:26:26 -------- d-----w- c:\program files\EasyWeather
2010-12-08 07:10:10 -------- d-----w- c:\program files\Cumulus
2010-12-07 08:50:39 53248 ----a-r- c:\docume~1\hp_adm~1\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2010-12-05 08:40:47 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-05 08:40:45 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-05 08:40:45 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-05 08:40:27 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-05 08:40:27 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-05 08:04:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\FreeApp
2010-11-29 06:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 06:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 01:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 01:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 01:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 01:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 01:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 01:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe

============= FINISH: 22:29:53.84 ===============

[attachment=83315:Attach.txt]

[attachment=83317:ark.txt]

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


BC AdBot (Login to Remove)

 


#2 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:41 PM

Posted 24 December 2010 - 09:52 AM

Hi condobloke,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 6,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 26 December 2010 - 03:03 AM

[attachment=83447:log.txt]here we go...combofix log as requested. [attachment=83447:log.txt]

Thanks mate,
Brian.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#4 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:41 PM

Posted 26 December 2010 - 08:14 AM

Hi Condobloke,


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic369158.html/page__pid__2069631#entry2069631
KILLALL::

Suspect::
c:\windows\system32\drivers\cpuz135_x32.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please Update MalwareBytes this way:

- Open Malwarebytes
- Select the Update tab
- Click on <Check for Update>
- Let it update to the latest version

Once the program is updated, select the "Scanner tab, then, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll


#5 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 6,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 27 December 2010 - 03:04 AM

a[attachment=83499:combo.27th.txt] may have done this twice. ran combo as requested. ran malwarebytes. no infections.....you requested a fresh kijack this log...i have not done one of these before.
[attachment=83500:mbam-log-2010-12-27 (15-55-50).txt]

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#6 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:41 PM

Posted 27 December 2010 - 06:52 AM

Hi condobloke,

For some reason the sending of the file with combofix didn't work. Please check the file yourself this way:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\system32\drivers\cpuz135_x32.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

I'm sorry to have asked the hijackthis log. No need for it yet :)

#7 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 6,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 27 December 2010 - 05:12 PM

[attachment=83535:Jotti's Scan.rtf]
I was a little skeptical about the combo scan last night ...so i attempted to run it again......it "froze", and simply sat on screen all night. I used the "hold the start button in" technique to eventually kill it !!

[attachment=83537:report.html]
Did them both....just for fun..

Brian

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#8 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:41 PM

Posted 27 December 2010 - 09:55 PM

Hi condobloke,

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.



Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


#9 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 6,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 27 December 2010 - 10:42 PM

ok....all done. rootkit unhooker link would not open/connect....so i googled it and ran it from there.version 3.7.300.509

>Drivers
>Stealth
Nothing detected :(
BC would not allow me to upload this kind of file.
The scan was almost instantaneous.
All java went without a hitch.
Brian

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 6,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 28 December 2010 - 02:11 AM

Ok...I am having DRAMAS opening www.rootkit.com etc

The site will not respond at all
Is this a sign of some further drama on my PC......or has been suggested to me is it simply the website down??

please advise......I am stumped !!!
Brian
Condobolin , Australia

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#11 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 6,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 28 December 2010 - 05:41 AM

just in case this is a reasonable substitute::
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.509
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>Drivers
Driver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB5B1A000
Size: 9625600 bytes

Driver: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBD012000
Size: 6361088 bytes

Driver: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAA53C000
Size: 4460544 bytes

Driver: C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
Address: 0xB57C9000
Size: 2830336 bytes

Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2150400 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2150400 bytes

Driver: RAW
Address: 0x804D7000
Size: 2150400 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2150400 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1855488 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1855488 bytes

Driver: iastor.sys
Address: 0xB7E6C000
Size: 749568 bytes

Driver: Ntfs.sys
Address: 0xB7D23000
Size: 577536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wn5301.sys
Address: 0xB5733000
Size: 471040 bytes

Driver: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Address: 0xAA2A1000
Size: 462848 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA336000
Size: 458752 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB567D000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA441000
Size: 364544 bytes

Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA95E6000
Size: 360448 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 290816 bytes

Driver: ftsata2.sys
Address: 0xB7E11000
Size: 274432 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA9666000
Size: 266240 bytes

Driver: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xB5AC8000
Size: 253952 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB56DB000
Size: 196608 bytes

Driver: ACPI.sys
Address: 0xB7F79000
Size: 188416 bytes

Driver: NDIS.sys
Address: 0xB7CF6000
Size: 184320 bytes

Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA8877000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA3A6000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB5A7C000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA419000
Size: 163840 bytes

Driver: dmio.sys
Address: 0xB7F23000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA3F3000
Size: 155648 bytes

Driver: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xAA312000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAA518000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB5AA4000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB57A6000
Size: 143360 bytes

Driver: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Address: 0xAA4CD000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA3D1000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x806E4000
Size: 134400 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000
Size: 134400 bytes

Driver: fltmgr.sys
Address: 0xB7DD9000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xB7F49000
Size: 126976 bytes

Driver: Mup.sys
Address: 0xB7CDC000
Size: 106496 bytes

Driver: atapi.sys
Address: 0xB7E54000
Size: 98304 bytes

Driver: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xB7DF9000
Size: 98304 bytes

Driver: KSecDD.sys
Address: 0xB7DB0000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB571C000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WudfPf.sys
Address: 0xA97E7000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA94BE000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB5B06000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAA49A000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000
Size: 73728 bytes

Driver: sr.sys
Address: 0xB7DC7000
Size: 73728 bytes

Driver: pci.sys
Address: 0xB7F68000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB570B000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA8F4B000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB81A8000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xB82A8000
Size: 65536 bytes

Driver: ohci1394.sys
Address: 0xB80B8000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xABE5B000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xABE9B000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB81B8000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB6AC6000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xAB36D000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB4727000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xB80C8000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xAB32D000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xB8108000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xAB33D000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB6B56000
Size: 53248 bytes

Driver: VolSnap.sys
Address: 0xB80E8000
Size: 53248 bytes

Driver: C:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xB6B16000
Size: 49152 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB6B36000
Size: 49152 bytes

Driver: C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
Address: 0xAB35D000
Size: 49152 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xABE4B000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB8198000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xB80D8000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB6B46000
Size: 45056 bytes

Driver: isapnp.sys
Address: 0xB80A8000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB4737000
Size: 40960 bytes

Driver: PxHelp20.sys
Address: 0xB8128000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB6B06000
Size: 40960 bytes

Driver: bb-run.sys
Address: 0xB8118000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\drivers\cpuz135_x32.sys
Address: 0xB8288000
Size: 36864 bytes

Driver: disk.sys
Address: 0xB80F8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xAB34D000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB8188000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Address: 0xB5150000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB6B26000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xABE6B000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\SMBios.sys
Address: 0xB8158000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xABE7B000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ELacpi.sys
Address: 0xB8368000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
Address: 0xB8450000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
Address: 0xB8358000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xAB012000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xB8430000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xB8378000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xB8380000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xAB5F1000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xB8328000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xB8438000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xB8428000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xB8448000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xB83A0000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xB83A8000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xAB002000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xB8370000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xAB5E1000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xAB5D1000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xB8330000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xB8390000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xB8398000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xB8388000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xB496D000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xAA4F0000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xAA4F4000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\drivers\mbam.sys
Address: 0xB7CA4000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB78AC000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB2195000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xAA4FC000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\drivers\ZCinema_SRS_i386.sys
Address: 0xAA504000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\BdaSup.SYS
Address: 0xB7C88000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xB84B8000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB2199000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\Elhid.sys
Address: 0xB2C45000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xAA500000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB2C35000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB7C80000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psi_mf.sys
Address: 0xA917B000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xAACE3000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xB8618000
Size: 8192 bytes

Driver: dmload.sys
Address: 0xB85B0000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Elkbd.sys
Address: 0xB8630000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Elmon.sys
Address: 0xB862C000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Elmou.sys
Address: 0xB8626000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xB8614000
Size: 8192 bytes

Driver: intelide.sys
Address: 0xB85AE000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xB85A8000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xB861C000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\drivers\MSPQM.sys
Address: 0xB230F000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xB8620000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\serscan.sys
Address: 0xB85E4000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xB85E6000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xB8648000
Size: 8192 bytes

Driver: viaide.sys
Address: 0xB85AC000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xB85AA000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xB868D000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xAAA41000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\LBeepKE.sys
Address: 0xB872C000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xAB1DB000
Size: 4096 bytes

Driver: pciide.sys
Address: 0xB8670000
Size: 4096 bytes

==============================================
>Stealth

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#12 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:41 PM

Posted 28 December 2010 - 11:52 AM

Hi condobloke,


please try this download then instead:
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".
[/quote]

#13 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 6,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 28 December 2010 - 05:48 PM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB5B1A000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9625600 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.99 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.99 )
0xAA53C000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4460544 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB57C9000 C:\WINDOWS\system32\DRIVERS\3xHybrid.sys 2830336 bytes (ASUSTek, 3xHybrid)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB7E6C000 iastor.sys 749568 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB7D23000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB5733000 C:\WINDOWS\system32\DRIVERS\wn5301.sys 471040 bytes (Liteon Technology Inc., Driver for Liteon Wireless Network Adapter)
0xAA2A1000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xAA336000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB567D000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA441000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA95E6000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7E11000 ftsata2.sys 274432 bytes (Promise Technology, Inc., Promise Driver for Windows Server 2003)
0xA9666000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB5AC8000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 253952 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB56DB000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7CF6000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA3A6000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB5A7C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA419000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAA3F3000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAA312000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA518000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB5AA4000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB57A6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA4CD000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xAA3D1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7DD9000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7CDC000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7E54000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7DF9000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7DB0000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB571C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA97E7000 C:\WINDOWS\system32\DRIVERS\WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA94BE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB5B06000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA49A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7DC7000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB570B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA8F4B000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB81A8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB82A8000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xABE5B000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xABE9B000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB81B8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB6AC6000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xAB36D000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xB4727000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xAB32D000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAB33D000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xB6B56000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB6B16000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xB6B36000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAB35D000 C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys 49152 bytes (-, SRS Labs TruSurround HD 4 kernel DLL)
0xABE4B000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8198000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB6B46000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB4737000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8128000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB6B06000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB8118000 bb-run.sys 36864 bytes (Promise Technology, Inc., Promise Disk Accelerator)
0xB8288000 C:\WINDOWS\system32\drivers\cpuz135_x32.sys 36864 bytes (CPUID, CPUID Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAB34D000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8188000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB5150000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xB6B26000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xABE6B000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA896A000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8158000 C:\WINDOWS\system32\DRIVERS\SMBios.sys 36864 bytes (Intel Corporation, Intel® System Management BIOS Driver)
0xABE7B000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8368000 C:\WINDOWS\system32\DRIVERS\ELacpi.sys 32768 bytes (Intel Corporation, -)
0xB8450000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xB8358000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xAB012000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8430000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8378000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8380000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xAB5F1000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8438000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB8428000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB8448000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xB83A0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB83A8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8370000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xAB5E1000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xAB5D1000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8390000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8398000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8388000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB496D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAA4F0000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xAA4F4000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7CA4000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xB78AC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB2195000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xAA4FC000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xAA504000 C:\WINDOWS\system32\drivers\ZCinema_SRS_i386.sys 16384 bytes (SRS Labs, Inc., Z Cinéma)
0xB7C88000 C:\WINDOWS\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2199000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB2C45000 C:\WINDOWS\System32\Drivers\Elhid.sys 12288 bytes (Intel Corporation, -)
0xAA500000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB2C35000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7C80000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA917B000 C:\WINDOWS\system32\DRIVERS\psi_mf.sys 12288 bytes (Secunia, Secunia PSI Driver)
0xAACE3000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8618000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85B0000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB8630000 C:\WINDOWS\System32\Drivers\Elkbd.sys 8192 bytes (Intel Corporation, -)
0xB862C000 C:\WINDOWS\System32\Drivers\Elmon.sys 8192 bytes (Intel Corporation, -)
0xB8626000 C:\WINDOWS\System32\Drivers\Elmou.sys 8192 bytes (Intel Corporation, -)
0xB8614000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85AE000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB861C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB230F000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xB8620000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85D4000 C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS 8192 bytes
0xB85E4000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xB85E6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8648000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AC000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB868D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xAAA41000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB872C000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xAB1DB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#14 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:12:41 PM

Posted 28 December 2010 - 08:32 PM

Hi condobloke,


Which symptoms exactly are you still facing?

#15 Condobloke

Condobloke

    Outback Aussie @ 54.2101° N, 0.2906° W

  • Topic Starter

  • Members
  • 6,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 AM

Posted 29 December 2010 - 03:03 AM

G'day Judicandus,
My beloved PC is actually behaving beautifully. I did have a woriesome moment yesterday when it would not load the site for rootkit removal.......but that apparently was a website problem...not my PC.........so, all appears to be thoroughly normal. Boot time is consistent, I get no crashes, no nasty happenings at all. I run malwarebytes scans very regularly and also MSE scans with the same regularity and apart from that ::\documents and settings\hp_administrator\my documents\downloads\Rhino3D\rh40sr_en_20090226\patch.exe (Trojan.Agent...on 24/12/2010....all has been good..
I am thinking as I type here......when the first drama began,...i am SOOOOO kicking myself for doing the click thing......I SOOOOO KNOW BETTER....and yet i did it....and there you go....there is no going back......however....just a thought....I did, at some time, take note of cpuz etc etc ....i have it in my mind that it was associated with a small program which detected temperature or something of that nature,,,,,,my son has just told me that the Rhino3D trojan etc etc ...was a patch he downloaded for a program he has...for a computerised mill.......he maintains it is not a trojan at all.
SO....in all honesty I can only say i am not experiencing any symptoms at all at this point in time.
I do realise that I have RAMBLED here....thanks for sticking with me.
I feel that at this stage, we have done our darnedest.......and have probably frightened it away !! I will continue to monitor closely....any suggestions you may have for extending my scanning regime would be greatly appreciated. I have a KEEN interest in taking part in the Malware Removal Training Program.
again....thank you for the help and great attitude you have shown,

Brian
Condobolin
Outback Australia.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users