API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 20th, 2011
131
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.21 KB | None | 0 0
raw download clone embed print report
  1. .
  2. DDS (Ver_11-03-05.01) - NTFSx86
  3. Run by Tyler at 12:06:39.62 on Wed 04/20/2011
  4. Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
  5. Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1103 [GMT -7:00]
  6. .
  7. AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
  8. SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
  9. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  10. .
  11. ============== Running Processes ===============
  12. .
  13. C:\Windows\system32\wininit.exe
  14. C:\Windows\system32\lsm.exe
  15. C:\Windows\system32\svchost.exe -k DcomLaunch
  16. C:\Windows\system32\nvvsvc.exe
  17. C:\Windows\system32\svchost.exe -k RPCSS
  18. C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  19. C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  20. C:\Windows\system32\svchost.exe -k netsvcs
  21. C:\Program Files\Creative\Shared Files\CTAudSvc.exe
  22. C:\Windows\system32\svchost.exe -k LocalService
  23. C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
  24. C:\Windows\system32\nvvsvc.exe
  25. C:\Windows\system32\svchost.exe -k NetworkService
  26. C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
  27. C:\Windows\system32\Dwm.exe
  28. C:\Windows\Explorer.EXE
  29. C:\Windows\system32\taskhost.exe
  30. C:\Windows\System32\spoolsv.exe
  31. C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
  32. C:\Windows\system32\AERTSrv.exe
  33. C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  34. C:\Program Files\Bonjour\mDNSResponder.exe
  35. C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
  36. C:\Windows\system32\svchost.exe -k imgsvc
  37. C:\Program Files\Alwil Software\Avast5\AvastUI.exe
  38. C:\Program Files\Microsoft IntelliPoint\ipoint.exe
  39. C:\Windows\System32\svchost.exe -k secsvcs
  40. C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
  41. C:\Windows\system32\SearchIndexer.exe
  42. C:\Program Files\Windows Media Player\wmpnetwk.exe
  43. C:\Windows\System32\svchost.exe -k LocalServicePeerNet
  44. C:\Windows\system32\wbem\wmiprvse.exe
  45. C:\Program Files\Mozilla Firefox\firefox.exe
  46. C:\Windows\system32\msiexec.exe
  47. C:\Windows\system32\vssvc.exe
  48. C:\Windows\System32\svchost.exe -k swprv
  49. C:\Program Files\Mozilla Firefox\plugin-container.exe
  50. C:\Windows\system32\sppsvc.exe
  51. C:\Windows\system32\taskhost.exe
  52. C:\Windows\servicing\TrustedInstaller.exe
  53. C:\Windows\system32\SearchProtocolHost.exe
  54. C:\Windows\system32\SearchFilterHost.exe
  55. C:\Windows\system32\wuauclt.exe
  56. \\?\C:\Windows\system32\wbem\WMIADAP.EXE
  57. C:\Users\Tyler\Desktop\dds.scr
  58. C:\Windows\system32\conhost.exe
  59. C:\Windows\system32\wbem\wmiprvse.exe
  60. .
  61. ============== Pseudo HJT Report ===============
  62. .
  63. uInternet Settings,ProxyOverride = *.local
  64. BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
  65. BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
  66. BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
  67. mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
  68. mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
  69. mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
  70. mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
  71. mPolicies-system: EnableLUA = 0 (0x0)
  72. mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
  73. mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
  74. Trusted Zone: intuit.com\ttlc
  75. DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
  76. DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
  77. Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
  78. Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
  79. .
  80. ================= FIREFOX ===================
  81. .
  82. FF - ProfilePath - c:\users\tyler\appdata\roaming\mozilla\firefox\profiles\m9xyvd7z.default\
  83. FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
  84. FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
  85. FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
  86. FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
  87. FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
  88. FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
  89. FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
  90. .
  91. ============= SERVICES / DRIVERS ===============
  92. .
  93. R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
  94. R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-6 357968]
  95. R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-6 294608]
  96. R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
  97. R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-6 17744]
  98. R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-6 51280]
  99. R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-6 40384]
  100. R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
  101. R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
  102. R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
  103. R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
  104. R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
  105. S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-11-29 8192]
  106. S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
  107. S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-9-13 79360]
  108. S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]
  109. S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]
  110. S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]
  111. S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
  112. S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
  113. S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-5 52224]
  114. S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-21 1343400]
  115. .
  116. =============== Created Last 30 ================
  117. .
  118. 2011-04-20 19:04:08 388096 ----a-r- c:\users\tyler\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
  119. 2011-04-20 18:06:57 -------- d-----w- c:\program files\ESET
  120. 2011-04-20 17:26:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  121. 2011-04-20 17:26:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
  122. 2011-04-20 17:13:01 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5b847d12-16f3-4bd0-8e47-a9c3c2998250}\mpengine.dll
  123. 2011-04-20 06:43:08 -------- d-----w- c:\users\tyler\appdata\roaming\8BD3CBF1A238C722473BB8C7B3E545D4
  124. 2011-04-20 05:31:46 -------- d-----w- c:\program files\Trend Micro
  125. 2011-04-14 03:18:34 506368 ----a-w- c:\windows\system32\sqlite3.dll
  126. 2011-04-07 04:38:41 -------- d-----w- c:\program files\MSECache
  127. 2011-04-06 03:51:01 -------- d-----w- c:\program files\Microsoft IntelliPoint
  128. 2011-04-06 03:38:53 -------- d-----w- c:\windows\system32\SPReview
  129. 2011-04-06 03:38:29 -------- d-----w- c:\windows\system32\EventProviders
  130. 2011-04-06 03:31:59 81920 ----a-w- c:\windows\system32\userenv.dll
  131. 2011-04-06 03:30:59 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
  132. 2011-04-06 03:29:51 323072 ----a-w- c:\windows\system32\drvstore.dll
  133. 2011-04-06 03:29:51 257024 ----a-w- c:\windows\system32\dpx.dll
  134. 2011-04-06 03:26:24 1076736 ----a-w- c:\windows\system32\DWrite.dll
  135. 2011-04-06 03:26:23 805376 ----a-w- c:\windows\system32\FntCache.dll
  136. 2011-04-06 03:26:23 739840 ----a-w- c:\windows\system32\d2d1.dll
  137. 2011-04-06 03:13:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
  138. 2011-04-06 03:13:44 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
  139. 2011-04-06 03:13:39 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
  140. 2011-04-06 03:13:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll
  141. 2011-04-06 03:12:55 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
  142. 2011-04-06 03:12:55 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
  143. 2011-04-06 03:12:55 107520 ----a-w- c:\windows\system32\cdd.dll
  144. 2011-03-28 05:17:06 -------- d-----w- c:\users\tyler\appdata\roaming\Gyazo
  145. 2011-03-28 01:04:39 1495112 ----a-w- c:\windows\system32\flash_player.exe
  146. 2011-03-25 06:19:00 -------- d-----w- C:\Temp
  147. 2011-03-23 00:30:48 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
  148. 2011-03-23 00:30:48 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
  149. 2011-03-23 00:30:48 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
  150. 2011-03-23 00:30:48 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
  151. 2011-03-23 00:30:48 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
  152. 2011-03-23 00:30:47 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
  153. 2011-03-23 00:30:47 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
  154. 2011-03-23 00:30:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
  155. .
  156. ==================== Find3M ====================
  157. .
  158. 2011-04-06 03:57:26 152576 ----a-w- c:\windows\system32\msclmd.dll
  159. 2011-02-23 15:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
  160. 2011-02-23 15:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
  161. 2011-02-23 15:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
  162. 2011-02-23 15:27:00 5654120 ----a-w- c:\windows\system32\nvwgf2um.dll
  163. 2011-02-23 15:27:00 4942952 ----a-w- c:\windows\system32\nvcuda.dll
  164. 2011-02-23 15:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
  165. 2011-02-23 15:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
  166. 2011-02-23 15:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
  167. 2011-02-23 15:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
  168. 2011-02-23 15:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
  169. 2011-02-23 15:27:00 10079336 ----a-w- c:\windows\system32\nvd3dum.dll
  170. 2011-02-19 00:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
  171. 2011-02-10 00:22:48 214592 ----a-w- c:\windows\system32\PnkBstrB.xtr
  172. 2011-02-10 00:04:32 139152 ----a-w- c:\users\tyler\appdata\roaming\PnkBstrK.sys
  173. 2011-02-03 05:49:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
  174. 2011-02-03 01:11:20 222080 ----a-w- c:\windows\system32\MpSigStub.exe
  175. .
  176. =================== ROOTKIT ====================
  177. .
  178. Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
  179. Windows 6.1.7601 Disk: ST332062 rev.3.AD -> Harddisk0\DR0 ->
  180. .
  181. device: opened successfully
  182. user: MBR read successfully
  183. .
  184. Disk trace:
  185. called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x850A14F0]<<
  186. _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x850a77d0]; MOV EAX, [0x850a784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
  187. 1 ntkrnlpa!IofCallDriver[0x81E4952F] -> \Device\Harddisk0\DR0[0x8507A948]
  188. 3 CLASSPNP[0x8840459E] -> ntkrnlpa!IofCallDriver[0x81E4952F] -> [0x84E8B700]
  189. 5 ACPI[0x880473D4] -> ntkrnlpa!IofCallDriver[0x81E4952F] -> \00000068[0x849A6430]
  190. \Driver\nvstor[0x85081F38] -> IRP_MJ_CREATE -> 0x850A14F0
  191. kernel: MBR read successfully
  192. _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
  193. detected disk devices:
  194. \Device\00000068 -> \??\SCSI#Disk&Ven_ST332062&Prod_0AS#4&134f60d7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
  195. detected hooks:
  196. user & kernel MBR OK
  197. sectors 625142446 (+7): user != kernel
  198. Warning: possible TDL3 rootkit infection !
  199. .
  200. ============= FINISH: 12:12:15.70 ===============
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!