Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible backdoor


  • Please log in to reply
1 reply to this topic

#1 dodotgagoz

dodotgagoz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 09 June 2009 - 12:56 AM

Hello,

Can someone please help me. I ran HJT and have a clean log. But my pc is still low so i ran rootkit revealer and heres the log of it.

HKLM\SECURITY\Policy\Secrets\SAC* 4/18/2008 11:37 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 4/18/2008 11:37 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS\StateIndex 6/9/2009 1:22 PM 4 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\40878030d01 6/9/2009 1:49 PM 94.50 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\54466B5Ad01 6/9/2009 1:43 PM 33.90 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\5C1E300Ad01 6/9/2009 1:48 PM 39.93 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\6B67B3E6d01 6/9/2009 1:43 PM 19.07 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\728445E7d01 6/9/2009 1:49 PM 71.44 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\890DD30Ad01 6/9/2009 1:47 PM 36.21 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\930C3480d01 6/9/2009 1:43 PM 17.98 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\956F46E9d01 6/9/2009 1:47 PM 17.55 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\B00CD7DFd01 6/9/2009 1:47 PM 20.07 KB Hidden from Windows API.
C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\DA1FDFF1d01 6/9/2009 1:50 PM 17.17 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\EF844EA6d01 6/9/2009 1:43 PM 18.48 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\F35347E3d01 6/9/2009 1:47 PM 26.49 KB Hidden from Windows API.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5t7e24i6.default\Cache\F67AA58Ad01 6/9/2009 1:43 PM 23.58 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00057.log 6/9/2009 1:29 PM 128.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\EDB00058.LOG 6/9/2009 1:47 PM 128.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc 6/9/2009 12:42 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\_downloadprogress_.state 6/9/2009 12:42 PM 4 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\_unpacked_.state 6/9/2009 12:42 PM 34 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\_usedelta_.state 6/9/2009 12:42 PM 34 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup 6/9/2009 12:42 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2gdr 6/9/2009 12:42 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2gdr\msdtclog.dll 8/4/2004 12:56 AM 57.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2gdr\msdtcprx.dll 8/4/2004 12:56 AM 415.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2gdr\msdtctm.dll 8/4/2004 12:56 AM 927.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2gdr\msdtcuiu.dll 8/4/2004 12:56 AM 157.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2gdr\mtxclu.dll 8/4/2004 12:56 AM 65.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2gdr\mtxoci.dll 8/4/2004 12:56 AM 88.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2qfe 6/9/2009 12:42 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2qfe\msdtclog.dll 8/4/2004 12:56 AM 57.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2qfe\msdtcprx.dll 8/4/2004 12:56 AM 415.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2qfe\msdtctm.dll 8/4/2004 12:56 AM 927.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2qfe\msdtcuiu.dll 8/4/2004 12:56 AM 157.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2qfe\mtxclu.dll 8/4/2004 12:56 AM 65.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp2qfe\mtxoci.dll 8/4/2004 12:56 AM 88.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3gdr 6/9/2009 12:42 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3gdr\msdtclog.dll 8/4/2004 12:56 AM 57.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3gdr\msdtcprx.dll 8/4/2004 12:56 AM 415.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3gdr\msdtctm.dll 8/4/2004 12:56 AM 927.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3gdr\msdtcuiu.dll 8/4/2004 12:56 AM 157.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3gdr\mtxclu.dll 8/4/2004 12:56 AM 65.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3gdr\mtxoci.dll 8/4/2004 12:56 AM 88.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3qfe 6/9/2009 12:42 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3qfe\msdtclog.dll 8/4/2004 12:56 AM 57.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3qfe\msdtcprx.dll 8/4/2004 12:56 AM 415.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3qfe\msdtctm.dll 8/4/2004 12:56 AM 927.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3qfe\msdtcuiu.dll 8/4/2004 12:56 AM 157.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3qfe\mtxclu.dll 8/4/2004 12:56 AM 65.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\backup\sp3qfe\mtxoci.dll 8/4/2004 12:56 AM 88.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\download 6/9/2009 12:42 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\download\BIT1A.tmp 6/9/2009 1:29 PM 824.16 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\spmsg.dll 11/30/2007 5:39 AM 16.87 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\spuninst.exe 11/30/2007 5:39 AM 225.87 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\susdl.req 6/9/2009 12:42 PM 2.29 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update 6/9/2009 12:42 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\branches.inf 6/12/2008 7:29 AM 926 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\eula.txt 11/30/2007 7:17 AM 804 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\KB952004.cat 6/12/2008 8:35 AM 19.03 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\spcustom.dll 11/30/2007 5:39 AM 25.87 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\update.exe 11/30/2007 5:39 AM 737.87 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\update.url 6/12/2008 9:36 AM 5.20 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\update.ver 6/12/2008 9:32 AM 2.19 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\update_SP2GDR.inf 6/12/2008 8:33 AM 21.15 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\update_SP2QFE.inf 6/12/2008 8:31 AM 24.03 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\update_SP3GDR.inf 6/12/2008 9:29 AM 25.97 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\update_SP3QFE.inf 6/12/2008 8:31 AM 25.97 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\updatebr.inf 6/12/2008 7:29 AM 678 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\update\updspapi.dll 11/30/2007 5:39 AM 373.87 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\788a709ca6976915e46d02310f43b6dc\WindowsXP-KB952004-x86-ENU.psm 6/12/2008 11:45 PM 12.38 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee 6/9/2009 1:42 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\_file_to_execute_.txt 6/9/2009 1:42 PM 17 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\_unpacked_.state 6/9/2009 1:42 PM 34 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\_useselfcontained_.state 6/9/2009 1:42 PM 50 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\spmsg.dll 11/30/2007 5:39 AM 16.87 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\spuninst.exe 11/30/2007 5:39 AM 225.87 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update 6/9/2009 1:42 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\branches.inf 4/23/2008 9:40 PM 871 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\eula.txt 11/30/2007 7:17 AM 804 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\KB950760.CAT 4/24/2008 1:12 AM 10.19 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\spcustom.dll 11/30/2007 5:39 AM 25.87 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\update.exe 11/30/2007 5:39 AM 737.87 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\update.ver 4/24/2008 1:52 PM 18 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\update_SP3GDR.inf 4/24/2008 1:18 AM 23.92 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\update_SP3QFE.inf 4/24/2008 12:47 AM 23.92 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\updatebr.inf 4/23/2008 9:40 PM 496 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\8bc3857eb47e63856dbb1de3a6a2f2ee\update\updspapi.dll 11/30/2007 5:39 AM 373.87 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\f6745971ce358ebfe796f14b47a12533 6/9/2009 12:40 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\f6745971ce358ebfe796f14b47a12533\BITA.tmp 6/9/2009 1:34 PM 485.54 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\_unpacked_.state 6/9/2009 12:42 PM 34 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\BACKUP 6/9/2009 1:47 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2GDR 6/9/2009 1:47 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2GDR\MSDTCLOG.DLL 6/12/2008 7:16 AM 57.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2GDR\MSDTCPRX.DLL 6/12/2008 7:16 AM 418.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2GDR\MSDTCTM.DLL 6/12/2008 7:16 AM 934.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2GDR\MSDTCUIU.DLL 6/12/2008 7:16 AM 158.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2GDR\MTXCLU.DLL 6/12/2008 7:16 AM 65.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2GDR\MTXOCI.DLL 6/12/2008 7:16 AM 89.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2QFE 6/9/2009 1:47 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2QFE\MSDTCLOG.DLL 6/12/2008 6:47 AM 57.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2QFE\MSDTCPRX.DLL 6/12/2008 6:47 AM 418.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2QFE\MSDTCTM.DLL 6/12/2008 6:47 AM 934.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2QFE\MSDTCUIU.DLL 6/12/2008 6:47 AM 158.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2QFE\MTXCLU.DLL 6/12/2008 6:47 AM 65.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP2QFE\MTXOCI.DLL 6/12/2008 6:47 AM 89.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3GDR 6/9/2009 1:47 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3GDR\MSDTCLOG.DLL 6/12/2008 7:23 AM 57.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3GDR\MSDTCPRX.DLL 6/12/2008 7:23 AM 418.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3GDR\MSDTCTM.DLL 6/12/2008 7:23 AM 934.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3GDR\MSDTCUIU.DLL 6/12/2008 7:23 AM 158.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3GDR\MTXCLU.DLL 6/12/2008 7:23 AM 65.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3GDR\MTXOCI.DLL 6/12/2008 7:23 AM 89.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3QFE 6/9/2009 1:47 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3QFE\MSDTCLOG.DLL 6/12/2008 7:09 AM 57.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3QFE\MSDTCPRX.DLL 6/12/2008 7:09 AM 418.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3QFE\MSDTCTM.DLL 6/12/2008 7:09 AM 934.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3QFE\MSDTCUIU.DLL 6/12/2008 7:09 AM 158.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3QFE\MTXCLU.DLL 6/12/2008 7:09 AM 65.00 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SP3QFE\MTXOCI.DLL 6/12/2008 7:09 AM 89.50 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SPMSG.DLL 11/30/2007 5:39 AM 16.87 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SPUNINST.EXE 11/30/2007 5:39 AM 225.87 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\SUSDL.RQ0 6/9/2009 12:42 PM 2.29 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE 6/9/2009 1:47 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\BRANCHES.INF 6/12/2008 7:29 AM 926 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\EULA.TXT 11/30/2007 7:17 AM 804 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\KB952004.CAT 6/12/2008 8:35 AM 19.03 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\SPCUSTOM.DLL 11/30/2007 5:39 AM 25.87 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\UPDATE.EXE 11/30/2007 5:39 AM 737.87 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\UPDATE.URL 6/12/2008 9:36 AM 5.20 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\UPDATE.VER 6/12/2008 9:32 AM 2.19 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\update_SP2GDR.inf 6/12/2008 8:33 AM 21.15 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\update_SP2QFE.inf 6/12/2008 8:31 AM 24.03 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\update_SP3GDR.inf 6/12/2008 9:29 AM 25.97 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\update_SP3QFE.inf 6/12/2008 8:31 AM 25.97 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\UPDATEBR.INF 6/12/2008 7:29 AM 678 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\UPDATE\UPDSPAPI.DLL 11/30/2007 5:39 AM 373.87 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\WindowsXP-KB952004-x86-ENU.psm 6/12/2008 11:45 PM 12.38 KB Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\WindowsXP-KB952004-x86-express-ENU.cab 11/14/2008 1:29 PM 246.67 KB Visible in Windows API, but not in MFT or directory index.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:41 AM

Posted 09 June 2009 - 10:27 AM

I ran HJT and have a clean log.

How do you know? Are you trained in investigating and reading the log output or did you receive assistance by a malware removal expert in one of the HijackThis forums?

Have you performed scans with your anti-virus or any other anti-malware tools?

Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both Legitimate programs and rootkits can hook into and alter this table. You should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.

RKR scans the HKLM\Security\Policy hive which contains SAC* and SAI* hidden keys with embedded (trailing) nulls. This is normal and not a cause for alarm. The presence of some keys with nulls may be pertinent to the correct operation of related applications. The Windows API treats key names as null-terminated strings whereas the kernel treats them as counted strings.If you're unsure how to use RKR or read its logs, you should not be using it. Some ARK tools are intended for advanced users or to be used under the guidance of an expert as they are powerful and can be misused with disastrous results. There are many free ARK tools but some require a certain level of expertise and investigative ability to use.

Slowness and performance issues as you describe are not uncommon. If your computer/browser seems to be slow, please refer to and try some of the suggestions provided in Slow Computer/Browser? Check here first; it may not be malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users