Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blackhole exploit(1889)


  • Please log in to reply
12 replies to this topic

#1 Benvenuto

Benvenuto

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 17 November 2011 - 09:39 PM

Hi,
I recently started getting hijacked when using firefox. Sometimes I am redirected when clicking on innocuous google search results (eg to wikipedia articles). Sometimes just pressing the back or forwarrd button on firefox whill redirect. The first few times it was innocuous, then I was redirected to a few Indian websites and thats when AVFG started giving a warning that it has blocked Blackhole exploit kit (1889).

I did some reasearch, updated my AVG and downloaded Spybot search and destroy. I also increased my browser security settings and checked windows firewall was properly enabled. However, subsequent scans have revealed more and more suspect cookies and this morning I also got a virus - Cryptor.dropper detected. Also the warning "Resident shield alert: Found tacking cookie Webtrends.live detected on open"

Switching to IE I also got hijacked, however a blank screen was displayed and no AVG warning triggered

Please help!

----------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Hortensia Gracia at 12:14:27 on 2011-11-18
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3039.2115 [GMT

11:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated*

{17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\lotus\wordpro\ltsstart.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\lotus\register\remind32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper:

{ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program

files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program

files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program

files\common files\nero\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

MSRun
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat

8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\horten~1\startm~1\programs\startup\lotuss~1.lnk -

c:\lotus\register\remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk -

c:\lotus\wordpro\ltsstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk -

c:\program files\windows desktop search\WindowsSearch.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

{53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{302B9745-3F2A-4C74-AECF-FBA995B80C99} : DhcpNameServer =

10.1.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager:

{56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hortensia gracia\application

data\mozilla\firefox\profiles\i2fqylcc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program

files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program

files\avg\avg9\Firefox
FF - Ext: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} -

%profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys

[2010-6-14 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-6-14

52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys

[2010-6-14 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-14 29712]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys

[2010-6-14 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-29

921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-29

308136]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity

protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-6-14 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity

protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-6-14 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity

protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-6-14 26192]
R3 WFsys;WinFox Control I/O Driver;c:\windows\system32\drivers\wfsys.sys

[2010-6-14 10652]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity

protection\agent\bin\AVGIDSAgent.exe [2010-9-29 5897808]
.
=============== Created Last 30 ================
.
2011-11-16 10:49:55 -------- d-----w- c:\program files\Cobian Backup 8
2011-11-15 10:46:17 -------- d-----w- c:\windows\system32\NtmsData
2011-11-14 23:51:21 -------- d-----w- c:\program files\Spybot - Search &

Destroy
2011-11-14 23:51:21 -------- d-----w- c:\documents and settings\all

users\application data\Spybot - Search & Destroy
2011-11-12 04:26:36 -------- d-----w- c:\documents and settings\hortensia

gracia\local settings\application data\CatDBWINetM
2011-11-05 00:02:36 -------- d--h--w- C:\$AVG
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 00:41:20 611328 ----a-w-

c:\windows\system32\uiautomationcore.dll
2011-09-26 00:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 00:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:14:59.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:58 AM

Posted 22 November 2011 - 08:48 PM

hi,

Your post is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#3 Benvenuto

Benvenuto
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 23 November 2011 - 04:56 PM

Hi,
yes I still need help. I upgraded my AVG to AVG 2012 but I'm not confident that has fixed the problem.
Thanks

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:58 AM

Posted 23 November 2011 - 08:32 PM

Ok We will get a download to use.Its called combofix. There is a guide to read first. Read the guide then apply the directions on your own machine. Post the log in reply. We will go from there.

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#5 Benvenuto

Benvenuto
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 November 2011 - 07:01 PM

Thanks for the very prompt assistence! Much appreciated!

========================================
ComboFix 11-11-24.01 - Hortensia Gracia 25/11/2011 10:46:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3039.2518 [GMT 11:00]
Running from: c:\documents and settings\Hortensia Gracia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\Hortensia Gracia\WINDOWS
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-19 10:55 . 2011-11-19 10:55 -------- d-----w- c:\documents and settings\Hortensia Gracia\Application Data\AVG2012
2011-11-19 10:53 . 2011-11-19 10:53 -------- d-----w- c:\documents and settings\Hortensia Gracia\Application Data\AVG Secure Search
2011-11-19 10:53 . 2011-11-19 10:54 -------- d-----w- c:\program files\AVG Secure Search
2011-11-19 10:53 . 2011-11-19 10:53 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-19 10:51 . 2011-11-24 23:03 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-19 10:51 . 2011-11-19 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-11-16 10:49 . 2011-11-16 10:50 -------- d-----w- c:\program files\Cobian Backup 8
2011-11-15 10:46 . 2011-11-16 10:31 -------- d-----w- c:\windows\system32\NtmsData
2011-11-14 23:51 . 2011-11-15 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-14 23:51 . 2011-11-15 00:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-12 04:26 . 2011-11-17 22:56 -------- d-----w- c:\documents and settings\Hortensia Gracia\Local Settings\Application Data\CatDBWINetM
2011-11-05 00:02 . 2011-11-05 00:02 -------- d-----w- C:\$AVG
2011-11-04 08:46 . 2011-11-04 08:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2010-06-10 12:29 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-06 19:23 . 2011-10-06 19:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-03 19:21 . 2011-10-03 19:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 00:41 . 2008-07-29 09:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 00:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 00:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 19:30 . 2011-09-12 19:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-19 10:53 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-19 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-19 1836328]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-19 218464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Hortensia Gracia\Start Menu\Programs\Startup\
Lotus SmartSuite 97 Registration.lnk - c:\lotus\register\remind32.exe [1995-11-6 45056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [1997-1-10 16384]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/10/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [19/11/2011 9:53 PM 246624]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [4/10/2011 6:21 AM 16720]
R3 WFsys;WinFox Control I/O Driver;c:\windows\system32\drivers\wfsys.sys [14/06/2010 9:02 PM 10652]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 10.1.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Hortensia Gracia\Application Data\Mozilla\Firefox\Profiles\i2fqylcc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bfc43779e-e98d-481a-a913-0c2d6b2a9bea%7D&mid=d67ba6593ce9ff16b850a9dc3c0f6039-2ec0f4d1d02f0e469eb85190acce0dccb185df41&ds=AVG&v=8.0.0.40&lang=en&pr=fr&d=2011-11-19%2021%3A53%3A55&sap=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AVG Security Toolbar: avg@toolbar - %profile%\extensions\avg@toolbar
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-25 10:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-11-25 10:55:12
ComboFix-quarantined-files.txt 2011-11-24 23:55
.
Pre-Run: 184,370,450,432 bytes free
Post-Run: 184,765,014,016 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 552B099F2D8E6A6D5031C265B6179C10

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:58 AM

Posted 24 November 2011 - 07:55 PM

We will get another download to use. Its called TDSSkiller:

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. Vista and Windows 7 right click and "run as admin.." After it initializes click the start scan button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."


If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.


A report can also be found in your Root drive Local Disk © as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report

How Can I Reduce My Risk to Malware?


#7 Benvenuto

Benvenuto
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 25 November 2011 - 09:16 PM

Hi,
scan is apparently clear :-)
================
13:14:28.0218 0560 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:14:29.0312 0560 ============================================================
13:14:29.0312 0560 Current date / time: 2011/11/26 13:14:29.0312
13:14:29.0312 0560 SystemInfo:
13:14:29.0312 0560
13:14:29.0312 0560 OS Version: 5.1.2600 ServicePack: 3.0
13:14:29.0312 0560 Product type: Workstation
13:14:29.0312 0560 ComputerName: HOMEPC001
13:14:29.0312 0560 UserName: Hortensia Gracia
13:14:29.0312 0560 Windows directory: C:\WINDOWS
13:14:29.0312 0560 System windows directory: C:\WINDOWS
13:14:29.0312 0560 Processor architecture: Intel x86
13:14:29.0312 0560 Number of processors: 2
13:14:29.0312 0560 Page size: 0x1000
13:14:29.0312 0560 Boot type: Normal boot
13:14:29.0312 0560 ============================================================
13:14:31.0296 0560 Initialize success
13:14:36.0625 3656 ============================================================
13:14:36.0625 3656 Scan started
13:14:36.0625 3656 Mode: Manual;
13:14:36.0625 3656 ============================================================
13:14:37.0109 3656 Abiosdsk - ok
13:14:37.0125 3656 abp480n5 - ok
13:14:37.0203 3656 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:14:37.0203 3656 ACPI - ok
13:14:37.0265 3656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:14:37.0265 3656 ACPIEC - ok
13:14:37.0265 3656 adpu160m - ok
13:14:37.0328 3656 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
13:14:37.0328 3656 aeaudio - ok
13:14:37.0359 3656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:14:37.0359 3656 aec - ok
13:14:37.0437 3656 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:14:37.0453 3656 AFD - ok
13:14:37.0453 3656 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:14:37.0468 3656 agp440 - ok
13:14:37.0468 3656 Aha154x - ok
13:14:37.0484 3656 aic78u2 - ok
13:14:37.0500 3656 aic78xx - ok
13:14:37.0531 3656 AliIde - ok
13:14:37.0546 3656 amsint - ok
13:14:37.0562 3656 asc - ok
13:14:37.0578 3656 asc3350p - ok
13:14:37.0593 3656 asc3550 - ok
13:14:37.0640 3656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:14:37.0640 3656 AsyncMac - ok
13:14:37.0656 3656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:14:37.0656 3656 atapi - ok
13:14:37.0671 3656 Atdisk - ok
13:14:37.0906 3656 ati2mtag (eb0531822aabcf843a0940d4ca8a90a9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:14:37.0937 3656 ati2mtag - ok
13:14:37.0984 3656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:14:37.0984 3656 Atmarpc - ok
13:14:38.0046 3656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:14:38.0046 3656 audstub - ok
13:14:38.0125 3656 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:14:38.0140 3656 AVGIDSDriver - ok
13:14:38.0171 3656 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:14:38.0187 3656 AVGIDSEH - ok
13:14:38.0218 3656 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:14:38.0234 3656 AVGIDSFilter - ok
13:14:38.0234 3656 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:14:38.0250 3656 AVGIDSShim - ok
13:14:38.0328 3656 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:14:38.0328 3656 Avgldx86 - ok
13:14:38.0343 3656 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:14:38.0343 3656 Avgmfx86 - ok
13:14:38.0421 3656 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:14:38.0421 3656 Avgrkx86 - ok
13:14:38.0515 3656 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:14:38.0515 3656 Avgtdix - ok
13:14:38.0578 3656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:14:38.0578 3656 Beep - ok
13:14:38.0828 3656 catchme - ok
13:14:38.0890 3656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:14:38.0890 3656 cbidf2k - ok
13:14:38.0921 3656 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:14:38.0921 3656 CCDECODE - ok
13:14:38.0937 3656 cd20xrnt - ok
13:14:38.0984 3656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:14:38.0984 3656 Cdaudio - ok
13:14:39.0031 3656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:14:39.0031 3656 Cdfs - ok
13:14:39.0078 3656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:14:39.0078 3656 Cdrom - ok
13:14:39.0093 3656 Changer - ok
13:14:39.0125 3656 CmdIde - ok
13:14:39.0156 3656 Cpqarray - ok
13:14:39.0171 3656 dac2w2k - ok
13:14:39.0187 3656 dac960nt - ok
13:14:39.0203 3656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:14:39.0203 3656 Disk - ok
13:14:39.0281 3656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:14:39.0312 3656 dmboot - ok
13:14:39.0343 3656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:14:39.0343 3656 dmio - ok
13:14:39.0359 3656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:14:39.0375 3656 dmload - ok
13:14:39.0390 3656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:14:39.0390 3656 DMusic - ok
13:14:39.0406 3656 dpti2o - ok
13:14:39.0453 3656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:14:39.0453 3656 drmkaud - ok
13:14:39.0531 3656 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:14:39.0531 3656 E100B - ok
13:14:39.0609 3656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:14:39.0625 3656 Fastfat - ok
13:14:39.0640 3656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:14:39.0640 3656 Fdc - ok
13:14:39.0703 3656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:14:39.0703 3656 Fips - ok
13:14:39.0781 3656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:14:39.0781 3656 Flpydisk - ok
13:14:39.0812 3656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:14:39.0812 3656 FltMgr - ok
13:14:39.0828 3656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:14:39.0828 3656 Fs_Rec - ok
13:14:39.0843 3656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:14:39.0843 3656 Ftdisk - ok
13:14:39.0921 3656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:14:39.0921 3656 Gpc - ok
13:14:39.0984 3656 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:14:39.0984 3656 hidusb - ok
13:14:40.0000 3656 hpn - ok
13:14:40.0046 3656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:14:40.0062 3656 HTTP - ok
13:14:40.0078 3656 i2omgmt - ok
13:14:40.0093 3656 i2omp - ok
13:14:40.0109 3656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:14:40.0109 3656 i8042prt - ok
13:14:40.0140 3656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:14:40.0140 3656 Imapi - ok
13:14:40.0156 3656 ini910u - ok
13:14:40.0171 3656 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:14:40.0187 3656 IntelIde - ok
13:14:40.0203 3656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:14:40.0203 3656 intelppm - ok
13:14:40.0234 3656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:14:40.0234 3656 Ip6Fw - ok
13:14:40.0281 3656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:14:40.0281 3656 IpFilterDriver - ok
13:14:40.0296 3656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:14:40.0296 3656 IpInIp - ok
13:14:40.0343 3656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:14:40.0343 3656 IpNat - ok
13:14:40.0390 3656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:14:40.0390 3656 IPSec - ok
13:14:40.0421 3656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:14:40.0421 3656 IRENUM - ok
13:14:40.0437 3656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:14:40.0453 3656 isapnp - ok
13:14:40.0453 3656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:14:40.0468 3656 Kbdclass - ok
13:14:40.0500 3656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:14:40.0515 3656 kmixer - ok
13:14:40.0578 3656 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:14:40.0578 3656 KSecDD - ok
13:14:40.0609 3656 lbrtfdc - ok
13:14:40.0687 3656 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
13:14:40.0687 3656 MidiSyn - ok
13:14:40.0734 3656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:14:40.0734 3656 mnmdd - ok
13:14:40.0781 3656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:14:40.0781 3656 Modem - ok
13:14:40.0796 3656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:14:40.0796 3656 Mouclass - ok
13:14:40.0812 3656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:14:40.0828 3656 mouhid - ok
13:14:40.0828 3656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:14:40.0843 3656 MountMgr - ok
13:14:40.0843 3656 mraid35x - ok
13:14:40.0875 3656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:14:40.0875 3656 MRxDAV - ok
13:14:40.0968 3656 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:14:40.0984 3656 MRxSmb - ok
13:14:41.0000 3656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:14:41.0000 3656 Msfs - ok
13:14:41.0031 3656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:14:41.0031 3656 MSKSSRV - ok
13:14:41.0046 3656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:14:41.0046 3656 MSPCLOCK - ok
13:14:41.0062 3656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:14:41.0062 3656 MSPQM - ok
13:14:41.0140 3656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:14:41.0140 3656 mssmbios - ok
13:14:41.0203 3656 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:14:41.0203 3656 MSTEE - ok
13:14:41.0218 3656 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:14:41.0218 3656 Mup - ok
13:14:41.0250 3656 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:14:41.0250 3656 NABTSFEC - ok
13:14:41.0296 3656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:14:41.0296 3656 NDIS - ok
13:14:41.0343 3656 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:14:41.0343 3656 NdisIP - ok
13:14:41.0406 3656 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:14:41.0406 3656 NdisTapi - ok
13:14:41.0468 3656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:14:41.0468 3656 Ndisuio - ok
13:14:41.0515 3656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:14:41.0515 3656 NdisWan - ok
13:14:41.0546 3656 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:14:41.0546 3656 NDProxy - ok
13:14:41.0562 3656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:14:41.0562 3656 NetBIOS - ok
13:14:41.0609 3656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:14:41.0625 3656 NetBT - ok
13:14:41.0703 3656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:14:41.0718 3656 Npfs - ok
13:14:41.0765 3656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:14:41.0812 3656 Ntfs - ok
13:14:41.0890 3656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:14:41.0890 3656 Null - ok
13:14:41.0953 3656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:14:41.0953 3656 NwlnkFlt - ok
13:14:41.0968 3656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:14:41.0968 3656 NwlnkFwd - ok
13:14:42.0031 3656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:14:42.0031 3656 Parport - ok
13:14:42.0046 3656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:14:42.0046 3656 PartMgr - ok
13:14:42.0078 3656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:14:42.0078 3656 ParVdm - ok
13:14:42.0093 3656 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:14:42.0093 3656 PCI - ok
13:14:42.0109 3656 PCIDump - ok
13:14:42.0140 3656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
13:14:42.0140 3656 PCIIde - ok
13:14:42.0187 3656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:14:42.0187 3656 Pcmcia - ok
13:14:42.0203 3656 PDCOMP - ok
13:14:42.0203 3656 PDFRAME - ok
13:14:42.0218 3656 PDRELI - ok
13:14:42.0234 3656 PDRFRAME - ok
13:14:42.0250 3656 perc2 - ok
13:14:42.0265 3656 perc2hib - ok
13:14:42.0312 3656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:14:42.0312 3656 PptpMiniport - ok
13:14:42.0328 3656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:14:42.0328 3656 PSched - ok
13:14:42.0343 3656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:14:42.0343 3656 Ptilink - ok
13:14:42.0359 3656 ql1080 - ok
13:14:42.0375 3656 Ql10wnt - ok
13:14:42.0390 3656 ql12160 - ok
13:14:42.0406 3656 ql1240 - ok
13:14:42.0421 3656 ql1280 - ok
13:14:42.0437 3656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:14:42.0437 3656 RasAcd - ok
13:14:42.0484 3656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:14:42.0500 3656 Rasl2tp - ok
13:14:42.0515 3656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:14:42.0515 3656 RasPppoe - ok
13:14:42.0531 3656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:14:42.0531 3656 Raspti - ok
13:14:42.0546 3656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:14:42.0562 3656 Rdbss - ok
13:14:42.0578 3656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:14:42.0578 3656 RDPCDD - ok
13:14:42.0625 3656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:14:42.0625 3656 rdpdr - ok
13:14:42.0703 3656 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:14:42.0718 3656 RDPWD - ok
13:14:42.0734 3656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:14:42.0734 3656 redbook - ok
13:14:42.0781 3656 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:14:42.0781 3656 ROOTMODEM - ok
13:14:42.0859 3656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:14:42.0859 3656 Secdrv - ok
13:14:42.0953 3656 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
13:14:42.0953 3656 senfilt - ok
13:14:43.0000 3656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:14:43.0000 3656 serenum - ok
13:14:43.0062 3656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:14:43.0062 3656 Serial - ok
13:14:43.0078 3656 sf (8da9c7feedba52cfd91ee2e2113df6a9) C:\WINDOWS\system32\drivers\sf.sys
13:14:43.0093 3656 sf - ok
13:14:43.0156 3656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:14:43.0156 3656 Sfloppy - ok
13:14:43.0187 3656 Simbad - ok
13:14:43.0234 3656 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:14:43.0234 3656 SLIP - ok
13:14:43.0296 3656 smwdm (ce52bffebfaf1e59553e2885cab80b52) C:\WINDOWS\system32\drivers\smwdm.sys
13:14:43.0296 3656 smwdm - ok
13:14:43.0312 3656 Sparrow - ok
13:14:43.0390 3656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:14:43.0390 3656 splitter - ok
13:14:43.0484 3656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:14:43.0484 3656 sr - ok
13:14:43.0562 3656 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:14:43.0578 3656 Srv - ok
13:14:43.0718 3656 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:14:43.0718 3656 streamip - ok
13:14:43.0750 3656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:14:43.0750 3656 swenum - ok
13:14:43.0781 3656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:14:43.0781 3656 swmidi - ok
13:14:43.0796 3656 symc810 - ok
13:14:43.0812 3656 symc8xx - ok
13:14:43.0828 3656 sym_hi - ok
13:14:43.0843 3656 sym_u3 - ok
13:14:43.0890 3656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:14:43.0890 3656 sysaudio - ok
13:14:43.0921 3656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:14:43.0937 3656 Tcpip - ok
13:14:43.0968 3656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:14:43.0968 3656 TDPIPE - ok
13:14:44.0000 3656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:14:44.0000 3656 TDTCP - ok
13:14:44.0031 3656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:14:44.0046 3656 TermDD - ok
13:14:44.0062 3656 TosIde - ok
13:14:44.0125 3656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:14:44.0125 3656 Udfs - ok
13:14:44.0140 3656 ultra - ok
13:14:44.0187 3656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:14:44.0203 3656 Update - ok
13:14:44.0250 3656 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:14:44.0250 3656 usbaudio - ok
13:14:44.0312 3656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:14:44.0312 3656 usbccgp - ok
13:14:44.0343 3656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:14:44.0343 3656 usbehci - ok
13:14:44.0406 3656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:14:44.0406 3656 usbhub - ok
13:14:44.0421 3656 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:14:44.0421 3656 usbstor - ok
13:14:44.0484 3656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:14:44.0484 3656 usbuhci - ok
13:14:44.0500 3656 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:14:44.0515 3656 usbvideo - ok
13:14:44.0515 3656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:14:44.0531 3656 VgaSave - ok
13:14:44.0531 3656 ViaIde - ok
13:14:44.0562 3656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:14:44.0562 3656 VolSnap - ok
13:14:44.0640 3656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:14:44.0640 3656 Wanarp - ok
13:14:44.0656 3656 WDICA - ok
13:14:44.0671 3656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:14:44.0671 3656 wdmaud - ok
13:14:44.0718 3656 WFsys (055faa5d280b2f302f2f0c7f4f761ad7) C:\WINDOWS\system32\DRIVERS\wfsys.sys
13:14:44.0734 3656 WFsys - ok
13:14:44.0812 3656 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:14:44.0812 3656 WpdUsb - ok
13:14:44.0859 3656 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:14:44.0859 3656 WSTCODEC - ok
13:14:44.0890 3656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:14:44.0890 3656 WudfPf - ok
13:14:44.0937 3656 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:14:44.0937 3656 WudfRd - ok
13:14:44.0984 3656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:14:45.0078 3656 \Device\Harddisk0\DR0 - ok
13:14:45.0078 3656 Boot (0x1200) (d99b9b78efec0c36388ee9ffe226f777) \Device\Harddisk0\DR0\Partition0
13:14:45.0093 3656 \Device\Harddisk0\DR0\Partition0 - ok
13:14:45.0093 3656 ============================================================
13:14:45.0093 3656 Scan finished
13:14:45.0093 3656 ============================================================
13:14:45.0109 0264 Detected object count: 0
13:14:45.0109 0264 Actual detected object count: 0

#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:58 AM

Posted 26 November 2011 - 11:51 AM

One more download to get:

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

How Can I Reduce My Risk to Malware?


#9 Benvenuto

Benvenuto
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 26 November 2011 - 06:06 PM

Thanks again Shelf Life, for the fast response

================
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-27 09:36:22
-----------------------------
09:36:22.328 OS Version: Windows 5.1.2600 Service Pack 3
09:36:22.328 Number of processors: 2 586 0x304
09:36:22.328 ComputerName: HOMEPC001 UserName:
09:36:23.546 Initialize success
09:39:29.421 AVAST engine defs: 11112601
09:39:53.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
09:39:53.000 Disk 0 Vendor: WDC_WD2000JD-19HBB0 08.02D08 Size: 190782MB BusType: 3
09:39:55.031 Disk 0 MBR read successfully
09:39:55.031 Disk 0 MBR scan
09:39:55.031 Disk 0 Windows XP default MBR code
09:39:55.046 Disk 0 scanning sectors +390700800
09:39:55.140 Disk 0 scanning C:\WINDOWS\system32\drivers
09:40:06.890 Service scanning
09:40:07.968 Modules scanning
09:40:11.531 Disk 0 trace - called modules:
09:40:11.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
09:40:11.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a178ab8]
09:40:11.562 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000062[0x8a189510]
09:40:11.578 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a188940]
09:40:12.062 AVAST engine scan C:\WINDOWS
09:40:30.593 AVAST engine scan C:\WINDOWS\system32
09:42:33.234 AVAST engine scan C:\WINDOWS\system32\drivers
09:42:50.718 AVAST engine scan C:\Documents and Settings\Hortensia Gracia
09:51:54.468 AVAST engine scan C:\Documents and Settings\All Users
09:53:00.718 Scan finished successfully
09:57:11.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hortensia Gracia\Desktop\MBR.dat"
09:57:11.781 The log file has been saved successfully to "C:\Documents and Settings\Hortensia Gracia\Desktop\aswMBR.txt"

#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:58 AM

Posted 27 November 2011 - 01:47 PM

Not a whole lot there to be worried about. Hows it looking on your end now?

How Can I Reduce My Risk to Malware?


#11 Benvenuto

Benvenuto
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 27 November 2011 - 04:28 PM

Since AVG deleted Cryptor.dropper, I haven't had any hijacks, although I have been using IE rather than Firefox since I got the feeling that was what was being affected by the hijacker.

Repeated scanning with AVG 2012 and Spybot S&D has turned up no new detections apart from the usual undesirable cookies.

Do you think my computer is secure again?

Thanks

#12 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:58 AM

Posted 27 November 2011 - 05:00 PM

hi,

Yes I think you are secure again. Cookies arent really to much to worry about. You can download and keep the free version of Malwarebytes. Note that the free version must be updated manually and a scan started manually.
You can Delete combofix like this:
start>run and type in:
combofix /uninstall
click ok or enter
nte the space after the x and before the /

You can delete the tdsskiller and aswMBR icon and logs.

Last you can make a new restore point, the how and the why:

One of the features of Windows XP, Vista and Windows 7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK, then reboot


And for your reference:

There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes, media players, browser plugins and add-ons. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here.


2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.


3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.


4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.


5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.


6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?


7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.


8) Install and understand the *limitations* of a software firewall.


9) The why and how to secure your browser for safer surfing.


10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. A file can be named anything, be nothing but malware or have malware bundled in it.
Do you really trust the source?

More info/tips with pictures in links below.

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?


#13 Benvenuto

Benvenuto
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 28 November 2011 - 06:02 PM

Thank you very much for your kind and patient help. Everything appears to be working normally and I have implemented your security recomendations.
Much appreciated!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users