Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ntoskrnl-hook


  • This topic is locked This topic is locked
3 replies to this topic

#1 shanda.armstrong

shanda.armstrong

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 28 August 2009 - 03:31 PM

I have McAfee installed and it finds and says that it has repaired the NTOSKRNL-HOOK trojan. When I rescan the trojan is still found and supposedly repaired. I have the DDS reports but when I tried to run the ROOTREPEAL it continuously locks my computer up. Here are the logs that I do have and if you can help the ROOTREPEAL to complete the process please let me know what to do.


DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by bernard at 15:54:43.08 on Fri 08/28/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1790.1289 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjbburn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Users\bernard\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1108&m=el1200-07w
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Avi Player] "c:\program files\avi player\AviPlayer.exe" hmw
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRunOnce: [ypagerps] cmd.exe /C del "c:\program files\yahoo!\messenger\ypagerps.dll"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [eRecoveryService]
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
mRun: [MMTray] c:\progra~1\musicm~1\musicm~1\mm_tray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\bernard\appdata\local\temp\askbar~1\bar\history.sh! c:\users\bernard\appdata\local\temp\askbar~1\bar.sh! c:\users\bernard\appdata\local\temp\askbar~1.sh! c:\users\bernard\appdata\local\micros~1\windows\tempor~1\content.ie5\o1579skw\sync_1~1.sh! c:\users\bernard\appdata\local\micros~1\windows\tempor~1\content.ie5\azlq4wq3\includ~1.sh! c:\users\bernard\appdata\local\temp\hsperf~1.sh! c:\users\bernard\appdata\local\micros~1\windows\tempor~1\content.ie5\wif22nzf\INCLUD~1.SH!
StartupFolder: c:\users\bernard\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\bernard\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com\online
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-24 22016]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-8-1 289280]
S2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2008-11-19 24576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-6 210216]
S2 Windows MSI;Windows MSI;\\?\globalroot\systemroot\system32\msihost.exe --> \\?\globalroot\systemroot\system32\msihost.exe [?]
S2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-19 24064]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-24 22016]

=============== Created Last 30 ================

2009-08-28 00:51 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 12:14 <DIR> --d----- c:\programdata\NetZero
2009-08-26 12:14 <DIR> --d----- c:\progra~2\NetZero
2009-08-25 19:22 9,604 a------- c:\windows\5dzcad5ware1194.bin
2009-08-25 12:22 11,975 a------- c:\windows\be1t5zef2599.bin
2009-08-24 23:39 6,560 a------- c:\windows\system32\15z2threat4092.bin
2009-08-24 00:14 61,440 a------- c:\windows\system32\ndisapi.dll
2009-08-24 00:14 13,312 a------- c:\windows\system32\drivers\snetcfg.exe
2009-08-24 00:14 22,016 a------- c:\windows\system32\drivers\Ndisrd.sys
2009-08-23 23:07 <DIR> --d----- c:\program files\common files\Uninstall
2009-08-23 20:05 <DIR> --d----- c:\users\bernard\appdata\roaming\Malwarebytes
2009-08-23 20:05 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 20:05 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-23 20:05 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-23 20:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 20:05 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-23 19:56 318,976 a------- c:\windows\system32\CF25297.exe
2009-08-23 19:50 <DIR> --d----- c:\program files\PrivacyCenter
2009-08-23 19:50 <DIR> --d----- c:\users\bernard\appdata\roaming\none
2009-08-23 19:50 2,198 a------- C:\YzKDJb.bat
2009-08-23 13:06 <DIR> --d----- c:\program files\LSI SoftModem
2009-08-21 23:09 2,874 a------- c:\windows\system32\2599zr1248.ocx
2009-08-21 06:15 11,286 a------- c:\windows\system32\5902s5arse127z.dll
2009-08-21 05:43 7,688 a------- c:\windows\system32\6c04stzal579.dll
2009-08-20 15:56 13,093 a------- c:\windows\system32\z6909s9ambot25c.exe
2009-08-20 10:46 176,999,330 a------- c:\windows\MEMORY.DMP
2009-08-20 10:45 <DIR> --d----- c:\program files\DigVid
2009-08-19 18:30 15,560 a------- c:\windows\485estzal359.exe
2009-08-19 17:23 7,125 a------- c:\windows\system32\z47bb9ckdoor556.exe
2009-08-19 03:26 6,247 a------- c:\windows\system32\9649troz5525.bin
2009-08-15 18:07 17,967 a------- c:\windows\4790virz6355.cpl
2009-08-15 11:10 7,085 a------- c:\windows\9z49wor95a7.exe
2009-08-14 22:00 15,793 a------- c:\windows\4059zir390.cpl
2009-08-14 17:40 16,594 a------- c:\windows\system32\182z9worm695.dll
2009-08-13 16:42 10,563 a------- c:\windows\system32\35fas5eal17z9.exe
2009-08-12 21:33 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-12 21:33 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-12 21:33 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-12 21:33 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-12 21:33 270,848 a------- c:\windows\system32\schannel.dll
2009-08-12 21:33 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-12 21:33 9,728 a------- c:\windows\system32\lsass.exe
2009-08-12 21:32 72,704 a------- c:\windows\system32\secur32.dll
2009-08-12 07:42 71,680 a------- c:\windows\system32\atl.dll
2009-08-12 07:42 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-12 07:42 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-12 07:41 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-12 07:41 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-12 07:41 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-12 07:41 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-12 07:41 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-12 07:41 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-12 07:41 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-12 07:41 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-11 01:23 89,184 a------- c:\windows\system32\drivers\imagedrv.sys
2009-08-11 01:23 38,912 a------- c:\windows\system32\picn20.dll
2009-08-11 01:23 569,344 a------- c:\windows\system32\imagr5.dll
2009-08-11 01:23 544,768 a------- c:\windows\system32\imagx5.dll
2009-08-11 01:23 283,920 a------- c:\windows\system32\ImagXpr5.dll
2009-08-11 01:23 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-08-09 08:44 14,810 a------- c:\windows\199f5hiez2159.bin
2009-08-08 14:26 18,123 a------- c:\windows\system32\48ce9ackzoor5499.ocx
2009-08-08 11:38 <DIR> --d----- c:\users\bernard\Untitled
2009-08-08 07:47 18,208 a------- c:\windows\system32\7756n9tza-virus5ae.exe
2009-08-08 01:43 5,276 a------- c:\windows\9c97s5yzare1019.dll
2009-08-06 23:56 3,853 a------- c:\windows\2175tzrea918158.exe
2009-08-06 13:25 <DIR> --d----- c:\program files\Project64 1.6
2009-08-06 10:08 <DIR> --d----- c:\programdata\Trymedia
2009-08-06 10:08 <DIR> --d----- c:\progra~2\Trymedia
2009-08-06 10:08 <DIR> --d----- c:\programdata\NeoEdge Networks
2009-08-06 10:08 <DIR> --d----- c:\progra~2\NeoEdge Networks
2009-08-05 23:10 94 ----h--- c:\windows\system32\wup_WCody.ini
2009-08-05 19:16 <DIR> --d----- c:\users\bernard\appdata\roaming\SpinTop
2009-08-05 19:16 <DIR> --d----- c:\program files\Monopoly
2009-08-05 19:00 <DIR> --d----- c:\users\bernard\appdata\roaming\Ludia
2009-08-05 10:16 69 a------- c:\windows\NeroDigital.ini
2009-08-05 09:59 <DIR> --d----- c:\program files\AskTBar
2009-08-05 09:56 <DIR> --d----- c:\programdata\Nero
2009-08-05 09:56 <DIR> --d----- c:\progra~2\Nero
2009-08-05 09:54 1,315,328 a------- c:\windows\system32\ole32.dll
2009-08-05 09:02 <DIR> --d----- c:\programdata\Ludia
2009-08-05 09:02 <DIR> --d----- c:\progra~2\Ludia
2009-08-04 21:31 9,629 a------- c:\windows\25512sz9m5ot25d.bin
2009-08-03 18:07 16 a------- c:\windows\popcinfo.dat
2009-08-02 23:28 13,593 a------- c:\windows\system32\25628zo9m6595.dll
2009-08-02 18:44 <DIR> --d----- c:\programdata\HipSoft
2009-08-02 18:44 <DIR> --d----- c:\progra~2\HipSoft
2009-08-02 08:35 3,886 a------- c:\windows\2750downloadez9764.dll
2009-08-02 03:07 118 a------- c:\windows\system32\MRT.INI
2009-08-01 16:33 2,033,152 a------- c:\windows\system32\win32k.sys
2009-08-01 16:33 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-01 16:33 156,672 a------- c:\windows\system32\t2embed.dll
2009-08-01 16:33 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-01 16:33 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-01 16:33 636,928 a------- c:\windows\system32\localspl.dll
2009-08-01 16:32 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-08-01 15:54 <DIR> --d----- C:\OEMSettings
2009-08-01 15:53 289,280 a------- c:\windows\system32\drivers\wg111v3.sys
2009-08-01 15:53 <DIR> --d----- c:\program files\NETGEAR
2009-08-01 15:51 <DIR> --d----- c:\windows\Downloaded Installations

==================== Find3M ====================

2009-08-24 00:14 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-24 00:14 51,200 a------- c:\windows\inf\infpub.dat
2009-08-24 00:14 86,016 a------- c:\windows\inf\infstor.dat
2009-08-20 10:46 204,250,242 a------- c:\windows\DUMP6a65.tmp
2009-07-28 00:37 8,656 a------- c:\windows\system32\21107ha5kt9ol7fz.exe
2009-07-27 09:12 4,759 a------- c:\windows\10z67w5rm999.bin
2009-07-27 03:35 7,269 a------- c:\windows\z09espars52998.exe
2009-07-27 02:12 7,066 a------- c:\windows\system32\z00755iru973.bin
2009-07-26 18:06 13,241 a------- c:\windows\579spzrse9565.exe
2009-07-24 07:46 11,177 a------- c:\windows\5622noz-a-vir5s9f5.exe
2009-07-22 18:48 7,837 a------- c:\windows\9597szy5d8.exe
2009-07-22 12:46 11,113 a------- c:\windows\system32\2582not-a-5iruszb59.bin
2009-07-22 06:42 4,760 a------- c:\windows\2774zha5ktoo95d0.exe
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-21 15:32 6,402 a------- c:\windows\16z6vir27935.exe
2009-07-21 00:12 18,375 a------- c:\windows\12ces5ar9e2z11.dll
2009-07-20 14:43 6,236 a------- c:\windows\z9059v9rus5b0.exe
2009-07-18 15:01 5,823 a------- c:\windows\5b9ethzef2151.exe
2009-07-18 11:21 8,742 a------- c:\windows\3172spywa9z16075.dll
2009-07-13 22:43 16,276 a------- c:\windows\system32\22435acktoo94z3.dll
2009-07-10 21:08 13,103 a------- c:\windows\system32\5995az9wa5e46.exe
2009-06-26 02:39 3,345 a------- c:\windows\15586not-a-vzrus76e9.bin
2009-06-21 13:19 6,333 a------- c:\windows\255219pz1b9.dll
2009-06-20 14:19 3,212 a------- c:\windows\d3a5pyware5z99.exe
2009-06-18 18:33 9,784 a------- c:\windows\583spyz95.bin
2009-06-15 05:58 15,905 a------- c:\windows\system32\53a95i937z.exe
2009-06-14 06:32 4,353 a------- c:\windows\91712sp5235z.exe
2009-06-12 14:46 2,637 a------- c:\windows\system32\2d159ddwaze55.dll
2009-06-12 10:43 5,596 a------- c:\windows\system32\9fffspzware1495.dll
2009-06-08 12:31 4,777 a------- c:\windows\system32\51759ir19z1.bin
2009-06-05 23:03 10,676 a------- c:\windows\8572spzmbot229.bin
2009-06-01 09:17 13,960 a------- c:\windows\19656hazktool514.dll
2009-04-18 22:11 214 a------- c:\users\bernard\appdata\roaming\wklnhst.dat
2008-10-28 16:43 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:57 174 a--sh--- c:\program files\desktop.ini
2007-12-28 14:59 342,528 a------- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-12-28 14:58 289,280 a------- c:\windows\inf\wg111v3\WG111v3.sys
2007-12-28 14:58 289,280 a------- c:\windows\inf\wg111v3\vista\wg111v3.sys
2007-11-27 17:53 63,488 a------- c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-27 17:52 32,768 a------- c:\windows\inf\wg111v3\SetDrv.exe
2007-04-23 13:15 31,016 a------- c:\windows\inf\wg111v3\vista64\RtlProt.sys
2007-04-23 10:50 25,896 a------- c:\windows\inf\wg111v3\vista\RtlProt.sys
2007-04-19 21:22 75,264 a------- c:\windows\inf\wg111v3\vista64\rtkbind.exe
2007-04-19 21:22 74,752 a------- c:\windows\inf\wg111v3\vista\rtkbind.exe
2006-12-15 11:30 315,392 a------- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 11:30 212,992 a------- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 11:30 98,304 a------- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 11:30 20,480 a------- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 11:30 19,968 a------- c:\windows\inf\wg111v3\RTWREFU.EXE
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-03-05 14:17 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2009-03-05 14:17 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2009-03-05 14:17 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:55:55.57 ===============

AND PLEASE SEE ATTACHED...

Attached Files



BC AdBot (Login to Remove)

 


#2 shanda.armstrong

shanda.armstrong
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 28 August 2009 - 05:00 PM

I also forgot to mention earlier that the computer will not boot up unless in Safe Mode. Any attempt to boot up normally results in a blue screen that disappears so quickly that I cannot tell you what it says and then it restarts with the prompt to select safe mode.

Hello shanda.armstrong,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 28 August 2009 - 05:53 PM.


#3 shanda.armstrong

shanda.armstrong
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 03 September 2009 - 06:48 PM

Not sure how to CLOSE this topic but my issue has been resolved elsewhere. Thanks anyway. Best wishes to everyone here who assist those otherwise incapable of resolving issues themselves.

#4 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 06 September 2009 - 06:48 PM

Thank you for letting us know shanda.armstrong. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users