Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antispyware 2009/2010 - ROOTKIT - Cant remove


  • This topic is locked This topic is locked
2 replies to this topic

#1 okjam

okjam

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 28 August 2009 - 05:03 PM

Aswell as many other people on here.
I am unable to get rid of whatever i have.
I cant run Malwarebytes, once installed and starts to run, it closes within 2seconds, and then i am unable to run it afterwards as it comes up with a windows permission error.
Any downloaded spyware/anti vir has the same problem.

OTL closes within seconds so i cant post a report
Malwarebyes closes within seconds so i cant post report
Combofix doesnt seem to do anything, small bar appears and green bars fill up, then its inactive and nothing happens, just a folder in C:/ + bug.txt appear and it has nothing important in there as far as i can see.

Roguefix ran, but doesnt to appear to have solved anything.

If i browse websites to solve problem, it directs me to other websites/closes the browser when i click on it.

I have a Win32diag.txt attached if anyone wants to check that as that worked

And heres is my Rootrepeal log :


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/28 23:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000044
Image Path: Driver00000044
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_nvata.sys
Image Path: C:WINDOWSSystem32Driversdump_nvata.sys
Address: 0xAC9D9000 Size: 106496 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:WINDOWSSystem32Driversdump_WMILIB.SYS
Address: 0xBA610000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:WINDOWSsystem32driversrootrepeal.sys
Address: 0xA9634000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:WINDOWSwin32k.sys:1
Address: 0xBA3B8000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:WINDOWSwin32k.sys:2
Address: 0xB90CC000 Size: 61440 File Visible: No Signed: -
Status: -

==EOF==


MANY THANKS FOR ANY HELP!!!!!

This is my RSIT log also :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Steve at 2009-08-28 23:31:37
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (23%) free of 50 GB
Total RAM: 3327 MB (86% free)


======Scheduled tasks folder======

C:WINDOWStasks1-Click Maintenance.job
C:WINDOWStasksAd-Aware Update (Weekly).job
C:WINDOWStasksAppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:Program FilesBitComettoolsBitCometBHO_1.3.1.15.dll [2009-01-16 656696]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:Program FilesJavajre6binjp2ssv.dll [2009-08-28 41760]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-08-28 73728]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"avgnt"=C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe [2008-07-17 266497]
"StartCCC"=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2009-05-20 98304]
"MSConfig"=C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe [2008-04-14 169984]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg4oD]
C:Program FilesKontikiKHost.exe -all []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAd-Watch]
C:Program FilesLavasoftAd-AwareAAWTray.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobeUpdater]
C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe [2008-11-07 2356088]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAppleSyncNotifier]
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAV Care]
C:Program FilesAV CareAvCare.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavast!]
C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-08-17 81000]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe [2006-10-09 139264]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTHelper]
C:WINDOWSsystem32CTHELPER.EXE [2007-04-09 19456]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCTxfiHlp]
C:WINDOWSsystem32CTXFIHLP.EXE [2007-04-09 19968]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEA Core]
C:Program FilesElectronic ArtsEADMCore.exe [2008-07-22 2772992]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregigndlm.exe]
C:Program FilesIGNDownload Managerdlm.exe /windowsstart /startifwork []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregkdx]
C:Program FilesKontikiKHost.exe -all []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMonopod]
C:DOCUME~1SteveLOCALS~1Tempa.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMsnMsgr]
C:Program FilesMSN MessengerMsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNapsterShell]
C:Program FilesNapsternapster.exe [2008-12-19 323216]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnet]
C:WINDOWSsystem32net.net []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNordBull]
C:DOCUME~1SteveLOCALS~1Temph.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNoteBurner]
C:Program FilesNoteBurnerVTBurnerGUI.exe /silence []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNSLauncher]
C:Program FilesNokiaNokia Software LauncherNSLauncher.exe /startup []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNVIDIA nTune]
C:Program FilesNVIDIA CorporationnTunenTune.exe clear []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeQTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregrealtecss]
C:Documents and SettingsSteveApplication DataGooglephtrc345015.exe 2 []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRGSC]
D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe [2009-07-20 306088]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSony Ericsson PC Suite]
C:Program FilesSony EricssonSony Ericsson PC SuiteSEPCSuite.exe /systray /nologon []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]
SOUNDMAN.EXE []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSteam]
E:Program FilesSteamSteam.exe [2009-07-20 1217784]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program FilesJavajre6binjusched.exe [2009-08-28 149280]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware]
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe [2009-08-05 1830128]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSVCHOST.EXE]
C:WINDOWSsystem32driverssvchost.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTomTomHOME.exe]
C:Program FilesTomTom HOME 2HOMERunner.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
C:Program FilesWinampwinampa.exe [2006-09-26 35328]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWISE-FTP Task Planner]
C:Program FilesAceBITWISE-FTP 6wf_tp.exe [2009-02-12 1689904]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Client Utility.lnk]
C:PROGRA~1BelkinF5D9050BELKIN~1.EXE [2006-12-01 1585152]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Steve^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Steve^Start Menu^Programs^Startup^hamachi.lnk]
C:PROGRA~1Hamachihamachi.exe [2008-01-20 624416]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2009-05-16 155648]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
"system"= []

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPEVSystemStart]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPEVSystemStart]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0
"NoBandCustomize"=0
"NoThemesTab"=0

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesUnreal Tournament 3BinariesUT3.exe"="C:Program FilesUnreal Tournament 3BinariesUT3.exe:*:Enabled:Unreal Tournament 3"
"C:Program FilesuTorrentuTorrent.exe"="C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent"
"E:World of WarcraftWoW-2.3.0.7561-to-2.3.2.7741-enGB-downloader.exe"="E:World of WarcraftWoW-2.3.0.7561-to-2.3.2.7741-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"E:World of WarcraftLauncher.exe"="E:World of WarcraftLauncher.exe:*:Enabled:World of Warcraft"
"C:Program FilesHamachihamachi.exe"="C:Program FilesHamachihamachi.exe:*:Enabled:Hamachi"
"E:Program FilesSteamSteam.exe"="E:Program FilesSteamSteam.exe:*:Enabled:Steam"
"C:Program FilesAdobeAdobe BridgeBridge.exe"="C:Program FilesAdobeAdobe BridgeBridge.exe:*:Enabled:Adobe Bridge"
"E:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe"="E:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:WINDOWSsystem32PnkBstrA.exe"="C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:WINDOWSsystem32PnkBstrB.exe"="C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:Program FilesSiSoftwareSiSoftware Sandra Lite 2009.SP1RpcAgentSrv.exe"="C:Program FilesSiSoftwareSiSoftware Sandra Lite 2009.SP1RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"E:Combat Arms EUCombatArms.exe"="E:Combat Arms EUCombatArms.exe:*Enabled:CombatArms.exe"
"E:Combat Arms EUEngine.exe"="E:Combat Arms EUEngine.exe:*Enabled:Engine.exe"
"E:Program FilesSteamsteamappscommontrackmania nations foreverTmForever.exe"="E:Program FilesSteamsteamappscommontrackmania nations foreverTmForever.exe:*:Enabled:TrackMania Nations Forever"
"E:Program FilesSteamsteamappscommontrackmania nations foreverTmForeverLauncher.exe"="E:Program FilesSteamsteamappscommontrackmania nations foreverTmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever"
"E:Program FilesSteamsteamappscommongrand theft auto san andreasgta-sa.exe"="E:Program FilesSteamsteamappscommongrand theft auto san andreasgta-sa.exe:*:Enabled:Grand Theft Auto: San Andreas"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"D:Program FilesElectronic ArtsCrytekCrysisBin32Crysis.exe"="D:Program FilesElectronic ArtsCrytekCrysisBin32Crysis.exe:*:Enabled:Crysis_32"
"D:Program FilesElectronic ArtsCrytekCrysisBin32CrysisDedicatedServer.exe"="D:Program FilesElectronic ArtsCrytekCrysisBin32CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe"="D:Program FilesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe"="D:Program FilesRockstar GamesGrand Theft Auto IVLaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:Program FilesSiSoftwareSiSoftware Sandra Lite 2009.SP1WNt500x86RpcSandraSrv.exe"="C:Program FilesSiSoftwareSiSoftware Sandra Lite 2009.SP1WNt500x86RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:Documents and SettingsAll UsersApplication DataNexonEUNGMNGM.exe"="C:Documents and SettingsAll UsersApplication DataNexonEUNGMNGM.exe:*:Disabled:Nexon Game Manager"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:Combat Arms EUCombatArms.exe"="E:Combat Arms EUCombatArms.exe:*Enabled:CombatArms.exe"
"E:Combat Arms EUEngine.exe"="E:Combat Arms EUEngine.exe:*Enabled:Engine.exe"
"%windir%system32driverssvchost.exe"="%windir%system32driverssvchost.exe:*:Enabled:svchost"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cd68dfd9-b0e3-11dd-a9e5-001cdf2655f6}]
shellAutoRuncommand - H:InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2009-08-28 23:31:37 ----D---- C:rsit
2009-08-28 23:27:37 ----A---- C:Bug.txt
2009-08-28 23:27:27 ----D---- C:32788R22FWJFW
2009-08-28 23:02:54 ----A---- C:RootRepeal report 08-28-09 (23-02-54).txt
2009-08-28 22:42:44 ----A---- C:RootRepeal report 08-28-09 (22-42-44).txt
2009-08-28 21:41:37 ----D---- C:Program FilesMalware Immunizer
2009-08-28 18:43:33 ----A---- C:WINDOWSsystem32deploytk.dll
2009-08-28 18:34:13 ----D---- C:Program FilesMalwarebytes' Anti-Malware
2009-08-28 18:24:46 ----A---- C:WINDOWSsystem32aswBoot.exe
2009-08-28 18:24:44 ----D---- C:Program FilesAlwil Software
2009-08-28 16:45:45 ----A---- C:WINDOWSsystem32MRT.exe
2009-08-28 16:33:58 ----D---- C:Program FilesTrend Micro
2009-08-28 16:19:48 ----SHD---- C:WINDOWSsystem32lowsec
2009-08-28 16:19:26 ----D---- C:WINDOWSCSC
2009-08-28 16:02:07 ----A---- C:WINDOWSsystem32cmd.execf
2009-08-28 15:29:00 ----A---- C:WINDOWSsystem32SmartSubClass.dll
2009-08-28 15:28:28 ----A---- C:WINDOWSsystem32XceedCry.dll
2009-08-28 15:28:28 ----A---- C:WINDOWSsystem32XceedBkp.dll
2009-08-28 15:28:28 ----A---- C:WINDOWSsystem32VB6STKIT.DLL
2009-08-28 15:27:37 ----D---- C:Program FilesSpybot - Search & Destroy
2009-08-28 15:27:37 ----D---- C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2009-08-28 13:23:54 ----D---- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2009-08-28 13:23:06 ----D---- C:Program FilesSUPERAntiSpyware
2009-08-28 13:23:06 ----D---- C:Documents and SettingsSteveApplication DataSUPERAntiSpyware.com
2009-08-28 13:16:08 ----D---- C:Documents and SettingsSteveApplication DataMalwarebytes
2009-08-28 13:15:47 ----D---- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-08-28 10:20:47 ----D---- C:spoolerlogs
2009-08-22 23:53:08 ----D---- C:Program FilesEidos
2009-08-22 19:09:13 ----D---- C:Documents and SettingsSteveApplication DataAmazon
2009-08-22 19:08:32 ----D---- C:Program FilesAmazon
2009-08-12 19:57:34 ----D---- C:Documents and SettingsAll UsersApplication Dataid Software
2009-08-07 22:33:15 ----D---- C:Program FilesmIRC
2009-08-07 22:33:15 ----D---- C:Documents and SettingsSteveApplication DatamIRC
2009-08-02 23:13:41 ----D---- C:Documents and SettingsSteveApplication DataNvu

======List of files/folders modified in the last 1 months======

2009-08-28 23:02:50 ----D---- C:WINDOWSsystem32drivers
2009-08-28 22:46:38 ----D---- C:WINDOWSsystem32
2009-08-28 22:38:49 ----RSH---- C:boot.ini
2009-08-28 22:38:49 ----A---- C:WINDOWSwin.ini
2009-08-28 22:38:49 ----A---- C:WINDOWSsystem.ini
2009-08-28 22:38:30 ----D---- C:WINDOWSTemp
2009-08-28 22:36:37 ----D---- C:WINDOWS
2009-08-28 22:25:15 ----D---- C:WINDOWSPrefetch
2009-08-28 22:01:47 ----D---- C:WINDOWSsystem32config
2009-08-28 22:01:00 ----A---- C:WINDOWSSchedLgU.Txt
2009-08-28 22:00:06 ----RD---- C:Program Files
2009-08-28 21:38:52 ----D---- C:WINDOWSsystem32CatRoot2
2009-08-28 18:43:38 ----SHD---- C:WINDOWSInstaller
2009-08-28 18:43:22 ----A---- C:WINDOWSsystem32javaws.exe
2009-08-28 18:43:22 ----A---- C:WINDOWSsystem32javaw.exe
2009-08-28 18:43:22 ----A---- C:WINDOWSsystem32java.exe
2009-08-28 18:43:19 ----D---- C:Program FilesJava
2009-08-28 18:16:10 ----D---- C:Program FilesMozilla Firefox
2009-08-28 18:15:51 ----D---- C:Program FilesLavasoft
2009-08-28 18:15:43 ----DC---- C:WINDOWSsystem32DRVSTORE
2009-08-28 17:15:52 ----SD---- C:WINDOWSTasks
2009-08-28 17:07:14 ----D---- C:Program FilesSony Ericsson
2009-08-28 16:45:46 ----D---- C:WINDOWSDebug
2009-08-28 16:21:39 ----SHD---- C:RECYCLER
2009-08-28 16:21:02 ----D---- C:Program FilesTuneUp Utilities 2009
2009-08-28 15:51:19 ----D---- C:Program FilesCommon FilesWise Installation Wizard
2009-08-28 12:25:03 ----RSHDC---- C:WINDOWSsystem32dllcache
2009-08-28 12:24:29 ----D---- C:WINDOWSsystem32xircom
2009-08-28 12:24:29 ----D---- C:WINDOWSsystem32wins
2009-08-28 12:24:29 ----D---- C:WINDOWSsystem32ShellExt
2009-08-28 12:24:29 ----D---- C:WINDOWSsystem32RTCOM
2009-08-28 12:24:28 ----D---- C:WINDOWSsystem32Lang
2009-08-28 12:24:28 ----D---- C:WINDOWSsystem32export
2009-08-28 12:24:27 ----D---- C:WINDOWSsystem32dhcp
2009-08-28 12:24:26 ----D---- C:WINDOWSsystem323com_dmi
2009-08-28 12:24:26 ----D---- C:WINDOWSsystem323076
2009-08-28 12:24:26 ----D---- C:WINDOWSsystem322052
2009-08-28 12:24:26 ----D---- C:WINDOWSsystem321054
2009-08-28 12:24:26 ----D---- C:WINDOWSsystem321042
2009-08-28 12:24:26 ----D---- C:WINDOWSsystem321041
2009-08-28 12:24:26 ----D---- C:WINDOWSsystem321037
2009-08-28 12:24:26 ----D---- C:WINDOWSsystem321031
2009-08-28 12:24:26 ----D---- C:WINDOWSsystem321028
2009-08-28 12:24:26 ----D---- C:WINDOWSsystem321025
2009-08-28 12:24:18 ----HD---- C:WINDOWSPIF
2009-08-28 12:24:17 ----D---- C:WINDOWSmui
2009-08-28 12:24:15 ----SHD---- C:WINDOWSftpcache
2009-08-28 12:24:14 ----D---- C:WINDOWSConnection Wizard
2009-08-28 12:24:14 ----D---- C:WINDOWSConfig
2009-08-28 12:24:12 ----HDC---- C:WINDOWS$NtUninstallWudf01005$
2009-08-28 12:24:12 ----HDC---- C:WINDOWS$NtUninstallWIC$
2009-08-28 12:24:12 ----HDC---- C:WINDOWS$NtUninstallWdf01005$
2009-08-28 12:24:12 ----HDC---- C:WINDOWS$NtUninstallKB898461$
2009-08-28 12:24:12 ----HDC---- C:WINDOWS$NtUninstallKB888111WXPSP2$
2009-08-28 12:24:12 ----D---- C:WINDOWSaddins
2009-08-28 12:07:14 ----D---- C:WINDOWSSoftwareDistribution
2009-08-28 11:58:20 ----HD---- C:WINDOWSinf
2009-08-28 11:57:13 ----HD---- C:WINDOWS$hf_mig$
2009-08-28 11:53:20 ----D---- C:WINDOWSHelp
2009-08-24 20:56:31 ----HD---- C:Program FilesInstallShield Installation Information
2009-08-24 17:31:54 ----D---- C:Do

^ then it closed :/

Attached Files


Edited by The weatherman, 28 August 2009 - 05:51 PM.
Merged posts. Tw


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:34 PM

Posted 12 September 2009 - 05:09 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:34 AM

Posted 20 September 2009 - 04:15 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users