Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkitrevealer Log


  • This topic is locked This topic is locked
1 reply to this topic

#1 Juha

Juha

  • Members
  • 512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:27 AM

Posted 02 March 2008 - 12:07 AM

Hi,

I have recently had a Backdoor.Win32.Rbot infection. Please see here for my earlier post. I am still checking whether my system is disinfected after scanning with various Online virus scanners and (separately installed) Virus scanners.

Today, I was searching about this file called 'autorun.inf', which I have found on my D Drive and also on my USB/mp3 player. Through google, I've learned that the actual file itself is not harmful but what it 'auto-starts' is, i.e. malware/virus... I opened it to find it's command. This is what it said:

[AutoRun]
open=
shellexecute=
shell\Auto\command=tel.xls.exe
shell=Auto


I have deleted it and also from the recycle bin.

I managed to scan my system with further online scanners and installed a RootkitRevealer and scanned with it as well. I got a log.

I don't know if someone out here could help me with interpreting it:


HKLM\SECURITY\Policy\Secrets\SAC* 19/08/2006 05:15 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 19/08/2006 05:15 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\ASM\Cookies\asm@bleepingcomputer[1].txt 02/03/2008 04:13 542 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Cookies\asm@bleepingcomputer[2].txt 02/03/2008 04:02 541 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Desktop\ali_sodays_ayoob_nesaa_1416.ram 21/02/2008 15:24 69 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temp\Free Download Manager\ticEC.tmp 02/03/2008 04:07 189 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temp\~DFB42E.tmp 02/03/2008 02:55 112.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\37KHTYCF\2[1] 02/03/2008 04:10 197 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\37KHTYCF\default[10].jpg 02/03/2008 04:18 3.20 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\37KHTYCF\default[11].jpg 02/03/2008 04:18 3.65 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\37KHTYCF\defaultCAN8UNAV.jpg 02/03/2008 04:22 3.27 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\37KHTYCF\promo3;sz=300x50;tile=4;ord=762065271380442[1].5 02/03/2008 04:23 102 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\37KHTYCF\search[1].htm 02/03/2008 04:31 20.54 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\37KHTYCF\WebResource[4].gif 02/03/2008 04:17 61 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\3LTEXFVF\2[3].jpg 02/03/2008 04:22 3.18 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\3LTEXFVF\bb897448.55x55_download(en-us,MSDN.10)[1].gif 02/03/2008 04:17 1.72 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\3LTEXFVF\default[7].jpg 02/03/2008 04:18 3.58 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\3LTEXFVF\hardware_peripherals;sz=300x50;kr=H;kw=Mark+Russinovich;tile=2;ord=493939641039827[1].1 02/03/2008 04:23 324 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\3LTEXFVF\pageLoaded[1].gif 02/03/2008 04:09 49 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\3LTEXFVF\timer1[1].js 02/03/2008 04:09 0 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\3LTEXFVF\timer2[1].js 02/03/2008 04:09 0 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\3LTEXFVF\timer3[1].js 02/03/2008 04:09 0 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\3LTEXFVF\timer4[1].js 02/03/2008 04:09 0 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\8EZMYQ1R\3[1] 02/03/2008 03:57 694 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\8EZMYQ1R\buzz_videos[1].xml 02/03/2008 01:35 12.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\8EZMYQ1R\default[4].jpg 02/03/2008 04:18 3.90 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\8EZMYQ1R\default[5].jpg 02/03/2008 04:18 3.86 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\8EZMYQ1R\default[6].jpg 02/03/2008 04:18 4.53 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\8EZMYQ1R\default[7].jpg 02/03/2008 04:23 2.91 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\8EZMYQ1R\forums[1].htm 02/03/2008 04:13 103.54 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\8EZMYQ1R\Q_22819973[1].htm 02/03/2008 04:08 58.38 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\8EZMYQ1R\technet.wtnvr-bn1759.2[1].js 02/03/2008 04:17 9.23 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CDF64RXX\default[10].jpg 02/03/2008 04:18 3.88 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CDF64RXX\get_video[2] 02/03/2008 04:19 4.62 MB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CDF64RXX\s[2].htm 02/03/2008 04:18 2 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CDF64RXX\search[5].htm 02/03/2008 04:23 21.57 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CDF64RXX\WebResource[3].gif 02/03/2008 04:17 60 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CDF64RXX\zoneNextMore[1].png 02/03/2008 04:08 441 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\4[1] 02/03/2008 04:10 613 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\arrow_px_up[1].gif 27/02/2008 09:25 53 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\arrow_px_up[1].htm 02/03/2008 04:24 162 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\BlueScreen[1].zip 02/03/2008 04:25 62.30 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\default[10].jpg 02/03/2008 04:18 3.18 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\default[11].jpg 02/03/2008 04:18 3.65 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\google_co_uk[1].htm 02/03/2008 03:11 6.13 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\promo2;sz=300x50;tile=3;ord=5719785401856647[1] 02/03/2008 04:23 102 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\promo3;sz=300x50;tile=4;ord=8692760571891118[1] 02/03/2008 04:18 102 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\rtg_print[1].gif 02/03/2008 04:17 574 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\CVL6YYH1\search[1].htm 02/03/2008 04:07 18.88 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\D5D27U0K\6[1] 02/03/2008 01:24 633 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\D5D27U0K\default[10].jpg 02/03/2008 04:18 2.00 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\D5D27U0K\default[11].jpg 02/03/2008 04:22 4.53 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\D5D27U0K\default[9].jpg 02/03/2008 04:18 2.42 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\D5D27U0K\defaultCAG6X89M.jpg 02/03/2008 04:22 2.77 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\D5D27U0K\favicon[10].ico 02/03/2008 04:08 1.37 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\D5D27U0K\nircmd[1].htm 02/03/2008 04:08 21.00 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\D5D27U0K\popdownarrow-technet[1].gif 02/03/2008 04:17 49 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\FM9LE9RK\bb897448.arrow_px_up(en-us,MSDN.10)[1].gif 02/03/2008 04:17 53 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\FM9LE9RK\default[10].jpg 02/03/2008 04:18 2.31 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\FM9LE9RK\default[9].jpg 02/03/2008 04:18 3.94 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\FM9LE9RK\hardware_peripherals;sz=300x50;kr=H;kw=Mark+Russinovich;tile=3;ord=243041654968219[1].5 02/03/2008 04:23 11 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\FM9LE9RK\search[11].htm 02/03/2008 04:30 20.79 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\FM9LE9RK\search[7].htm 02/03/2008 04:10 18.95 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\GHCVE97D\broker-bn1759.2[1].js 02/03/2008 04:17 15.61 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\GHCVE97D\default[7].jpg 02/03/2008 04:23 3.16 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\GHCVE97D\hardware_peripherals;sz=300x250;kr=H;kw=Mark+Russinovich;tile=1;dcopt=ist;ord=145097627078505[1].03 02/03/2008 04:22 327 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\GHCVE97D\hardware_peripherals;sz=300x250;kr=H;kw=Mark+Russinovich;tile=1;dcopt=ist;ord=1972299159057305[1].5 02/03/2008 04:18 327 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\GHCVE97D\webtrendsscript-bn1759.2[1].js 02/03/2008 04:17 16.86 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\IHRXYLIN\centralmushroom[1].css 29/02/2008 07:30 60.60 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\IHRXYLIN\default[11].jpg 02/03/2008 04:23 2.17 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\IHRXYLIN\default[9].jpg 02/03/2008 04:18 3.67 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\IHRXYLIN\hardware_peripherals;sz=300x50;kr=H;kw=Mark+Russinovich;tile=2;ord=853379317182448[1].7 02/03/2008 04:18 324 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\IHRXYLIN\hardware_peripherals;sz=300x50;kr=H;kw=Mark+Russinovich;tile=3;ord=7286753802382212[1] 02/03/2008 04:22 11 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\IHRXYLIN\ScriptResource[2].axd 02/03/2008 04:17 32.49 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\IHRXYLIN\search[9].htm 02/03/2008 04:10 8.17 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\K87Z2179\2[1] 02/03/2008 03:57 197 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\K87Z2179\2[2].jpg 02/03/2008 04:21 2.67 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\K87Z2179\3[1] 02/03/2008 04:10 694 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\K87Z2179\4[1] 02/03/2008 04:30 613 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\K87Z2179\5377[1].png 02/03/2008 04:08 14.76 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\K87Z2179\default[8].jpg 02/03/2008 04:18 3.07 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\K87Z2179\rtg_save[1].gif 02/03/2008 04:17 210 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\K87Z2179\set_awesome[1].xml 02/03/2008 04:22 4.10 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\K87Z2179\WebResource[2].axd 02/03/2008 04:23 20.17 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\KV1574UX\default[10].jpg 02/03/2008 04:23 3.86 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\KV1574UX\default[7].jpg 02/03/2008 04:18 3.94 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\KV1574UX\default[8].jpg 02/03/2008 04:18 3.87 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\KV1574UX\forums[1].htm 02/03/2008 04:02 104.55 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\KV1574UX\hardware_peripherals;sz=300x50;kr=H;kw=Mark+Russinovich;tile=2;ord=1876584403450506[1].2 02/03/2008 04:22 324 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\KV1574UX\index[1].gif 02/03/2008 04:13 43 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\KV1574UX\WebResource[1].axd 02/03/2008 04:17 20.17 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\KV1574UX\youtube_com[1].htm 02/03/2008 04:18 68.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LDK7P08D\6[1] 02/03/2008 04:08 633 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LDK7P08D\default[10].jpg 02/03/2008 04:23 3.48 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LDK7P08D\default[8].jpg 02/03/2008 04:18 3.49 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LDK7P08D\default[9].jpg 02/03/2008 04:22 2.32 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LDK7P08D\hardware_peripherals;sz=300x50;kr=H;kw=Mark+Russinovich;tile=3;ord=2459078503318488[1].5 02/03/2008 04:18 11 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LDK7P08D\ScriptResource[3].axd 02/03/2008 04:17 88.14 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LI7KXKOD\3[1] 02/03/2008 04:30 694 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LI7KXKOD\default[6].jpg 02/03/2008 04:18 2.67 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LI7KXKOD\default[7].jpg 02/03/2008 04:22 3.13 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LI7KXKOD\menutomain[1].gif 02/03/2008 04:08 805 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LI7KXKOD\promo1;sz=300x50;tile=2;ord=4336920482420116[1].5 02/03/2008 04:23 102 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LI7KXKOD\promo2;sz=300x50;tile=3;ord=288644234812316[1].25 02/03/2008 04:18 102 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LI7KXKOD\search[5].htm 02/03/2008 03:46 21.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\LI7KXKOD\toptomain[1].gif 02/03/2008 04:08 805 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\OMDED8NM\_default;sz=399x299;tile=1;dcopt=ist;ord=7242348462904883[1] 02/03/2008 04:23 160 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\OMDED8NM\default[10].jpg 02/03/2008 04:23 3.55 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\OMDED8NM\default[7].jpg 02/03/2008 04:18 3.30 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\OMDED8NM\default[8].jpg 02/03/2008 04:18 2.97 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\OMDED8NM\default[9].jpg 02/03/2008 04:22 3.33 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\OMDED8NM\google_co_uk[1].htm 02/03/2008 04:07 6.13 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\OMDED8NM\nirsoft2[1].gif 02/03/2008 04:08 3.61 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\OMDED8NM\popdownarrow[1].gif 02/03/2008 04:17 49 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\PWBPSVUV\5[1] 02/03/2008 04:30 520 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\PWBPSVUV\default[8].jpg 02/03/2008 04:18 1.78 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\PWBPSVUV\navVirus&Spy_active[1].gif 02/03/2008 04:08 614 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\PWBPSVUV\s[2].htm 02/03/2008 04:22 2 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\PWBPSVUV\search_button[1].gif 02/03/2008 04:17 327 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\PWBPSVUV\set_awesome[1].xml 02/03/2008 04:21 4.12 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\RWBPEEPX\5[1] 02/03/2008 03:23 520 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\RWBPEEPX\_default;sz=399x299;tile=1;dcopt=ist;ord=5313430066905379[1] 02/03/2008 04:18 160 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\RWBPEEPX\bb897558[1].htm 02/03/2008 04:24 57.38 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\RWBPEEPX\centralmushroom[1].css 02/03/2008 04:08 60.64 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\RWBPEEPX\default[11].jpg 02/03/2008 04:18 4.17 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\RWBPEEPX\defaultCA85ADL6.jpg 02/03/2008 04:23 2.11 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\RWBPEEPX\defaultCAZBOQ4X.jpg 02/03/2008 04:18 2.81 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\RWBPEEPX\ScriptResource[2].axd 02/03/2008 04:17 30.07 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\SSPMIZVE\default[6].jpg 02/03/2008 04:18 2.22 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\SSPMIZVE\default[7].jpg 02/03/2008 04:18 3.08 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\SSPMIZVE\default[8].jpg 02/03/2008 04:22 1.56 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\SSPMIZVE\get_video[2] 02/03/2008 04:22 1.42 MB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\SSPMIZVE\menubg[1].gif 02/03/2008 04:08 923 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\SSPMIZVE\WebResource[1].gif 02/03/2008 04:17 43 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\U028IGBO\2[2].jpg 02/03/2008 04:21 2.00 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\U028IGBO\4[1] 02/03/2008 03:57 613 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\U028IGBO\default[8].jpg 02/03/2008 04:18 2.62 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\U028IGBO\hardware_peripherals;sz=300x250;kr=H;kw=Mark+Russinovich;tile=1;dcopt=ist;ord=1626334108660636[1] 02/03/2008 04:23 327 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\U028IGBO\NIRCMD.EXE[1].htm 02/03/2008 04:08 11.38 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\U028IGBO\relatedSolutions[1].htm 02/03/2008 04:08 4.21 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\U028IGBO\rtg_email[2].gif 02/03/2008 04:17 610 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\U028IGBO\ScriptResource[2].axd 02/03/2008 04:23 32.49 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\WGIYZL75\buzz_videos[1].xml 02/03/2008 04:18 11.89 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\WGIYZL75\default[10].jpg 02/03/2008 04:22 3.15 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\WGIYZL75\default[9].jpg 02/03/2008 04:22 3.61 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\WGIYZL75\main[1].css 02/03/2008 04:08 4.96 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\WGIYZL75\popdownarrow-left[1].gif 02/03/2008 04:17 49 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\WGIYZL75\promo1;sz=300x50;tile=2;ord=4846343773980421[1] 02/03/2008 04:18 102 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\Z9ROKI85\2[2].jpg 02/03/2008 04:22 3.65 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\Z9ROKI85\bb897448[1].htm 02/03/2008 04:17 54.79 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\Z9ROKI85\default[5].jpg 02/03/2008 04:18 1.50 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\Z9ROKI85\default[6].jpg 02/03/2008 04:23 3.21 KB Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\Z9ROKI85\index[1].gif 02/03/2008 04:02 43 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\Z9ROKI85\mslogo[1].gif 02/03/2008 04:17 728 bytes Hidden from Windows API.
C:\Documents and Settings\ASM\Local Settings\Temporary Internet Files\Content.IE5\Z9ROKI85\search[2].htm 02/03/2008 04:10 18.93 KB Hidden from Windows API.
C:\Downloaded Files 21/02/2008 15:24 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Downloaded Files\ali_sodays_ayoob_nesaa_1416.ram 21/02/2008 15:24 69 bytes Visible in Windows API, but not in MFT or directory index.
C:\My Downloads\BlueScreen.zip 02/03/2008 04:28 62.30 KB Hidden from Windows API.
C:\Recycled\Dc54 21/02/2008 15:24 0 bytes Hidden from Windows API.
C:\WINDOWS\Prefetch\SYSINTERNALS BLUESCREEN.SCR-381AC273.pf 02/03/2008 04:29 22.28 KB Hidden from Windows API.


What does 'Key name contains embedded nulls' and 'Visible/Hidden from Windows API' mean and how can I deal with it? Does it mean I'm still infected? With a rootkit? I'll probably post a HijackThis Log... and/or reinstall Windows if the infection is still present and persistent...


Thanks,
Juha

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:27 PM

Posted 02 March 2008 - 08:57 AM

Since you were already being assisted in your other thread, you should continue there. Please do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. This thread is closed.
Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users