Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit- RKIT/Agent.aago


  • Please log in to reply
1 reply to this topic

#1 sashasgame

sashasgame

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 28 December 2009 - 09:28 AM

I have been working on this computer and removing viruses for 3 days.
I have avira antivirus, malwarebytes, spybot s&d, avg.
In safe mode, with system restore turned off, it doesn't seem to find anything.
As soon as I run in windows XP, virus found in
C\Windows\system32\Drivers\clekn.sys
If I go to that folder, it says this clekn was created on 12/27/2009
It doesn't show like the other folders when mouse over.
Virus shows as RKIT/Agent.aago
Other viruses that appear deleted:

TR/Dldr.Java.2349
JS/Gord.A.1
Win32.lksmas.ai
PWS.Small.bs
Virtumonde.prx

This is rootrepeal report:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/28 11:37
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: clekn.sys
Image Path: clekn.sys
Address: 0xF86BD000 Size: 1155072 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3D92000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8D51000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF2D3D000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\HIBERFIL.SYS
Status: Locked to the Windows API!

Path: c:\windows\artgalr].cag
Status: Allocation size mismatch (API: 0, Raw: 98304)

Path: c:\windows\alan.acl
Status: Size mismatch (API: 50, Raw: 196608)

Path: C:\WINDOWS\X84-X<~5.INI
Status: Locked to the Windows API!

Path: C:\WINDOWS\M@MQPGLG
Status: Invisible to the Windows API!

Path: C:\WINDOWS\KB8<7<26.LOG
Status: Locked to the Windows API!

Path: C:\WINDOWS\IASETU~5.T\T
Status: Locked to the Windows API!

Path: C:\WINDOWS\SYSTEM
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Alan.acl
Status: Invisible to the Windows API!

Path: C:\WINDOWS\ALAN $ $.ACL
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\M@MQPGLG. $
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SYSTEM $. $
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\M@MQPGLG\Log9x.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\M@MQPGLG\LogNT.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\@ABRAG.EXE-273B131E.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\@BRCBAT.EXE-03@918игЮѰѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\LOGONЮѓCR-1ебAFAAAЮѰѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\SARVICES.EXE-2F433351.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\NTOSBOOT-B00DFAA@.ѰѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\DL.E\E-0243D1AA.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\WUAQCLT.EXE-399A8AзвЮѰѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\ALG.EјE-0F138680.pѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\CPSVCCDA.EXE-39108BивЮѰѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\WDFMGR.EXE-2CF4013B.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\MSPMSPSV.EXE-11981иD5.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\FIRAFOX.EXE-282011йаЮѰѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\FRAACELL.EXE-0CC21C3B.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\INCMAIL.EXE-1@0911зE.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\SOL.EјE-1CаCб0AB.pѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\ACRORD32.EXE-13281BииЮѰѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\MC@APECT.EXE-2BB18DA4.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\ASHWEBSV.EXE-0108AF0A.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\ASHMAISV.EXE-12A27агвЮѰѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\OPARA.EXE-12081680.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\WMIPRіѓE.EXE-28B30бA9.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\WINLOGON.EXE-32C17D49.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\SMSS.EXE-22F38337.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\IIPCNT.EXE-1229BB1еЮѰѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\@WWINЮEXE-30875A@CЮѰѦ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\@RWTSNгвЮEXE-2B0B1вAC.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\SPOOLSV.EXE-282B36A7.pf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\PREBETCH\DAFRAC~1.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\DBRGFA~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\LOGONS~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\SERVIC~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\NPOSBO~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\DLEXE-~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\WUAUCL~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\ALGEXE~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\CPSVCC~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\WDFMGR~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\MSPMSP~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\FIREFO~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\FREACA~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\INCMAI~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\SOLEXE~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\ACRORD~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\MCDATE~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\ASHWEB~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\ASHMAI~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\OPERAA~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\WMIPRV~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\WINLOG~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\SMSWEX~1.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\IIPGNT~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\DWWMNE~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\DRWTSN~5.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\PREBETCH\SPOOLS~1.PF
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SYSTEM\MCI.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MCIWNDX.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VBRUN300.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\DLCNDI.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\THREED.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\COOL.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\CTL3D.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\CTL3DV2.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATI95DEF.CNT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATI95DEF.HLP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATI98DEF.CNT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATI98DEF.HLP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\d3d8caps.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\inet16.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\qtplugin.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\OLE2CONV.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIDGN32.EXE
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\JAVAPERM.HLP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\JAVASEC.HLP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MEMBG.HTM
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\CONTROL.INF
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\WINALI.INI
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\WINALX.INI
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\nscompat.tlb
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\amcompat.tlb
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIDIAG.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\SPBANNER.WMF
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIDIDEF.RSC
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\QTWCP.HLP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIDPDEF.RSC
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\RICHED.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIDPP.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATILCD.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIMPP16.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\CARDS.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\FFASTLOG.TXT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\SETUPKIT.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATITASK.EXE
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATITB.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\IEMIGRAT.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATITBDEF.RSC
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATITBDET.EXE
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATITBDRV.SYS
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATII9XAE.INF
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATITVOUT.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATITVT16.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIUINST.EXE
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIUNDEF.RSC
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Show Desktop.scf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\View Channels.scf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIVPM16.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIVTVPM.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\D11_STD.TXT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MACXDD16.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\SMALL.M2V
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\DEFAULT.ECW
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\EAPCI2M.ECW
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\EAPCI4M.ECW
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\EAPCI8M.ECW
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Underwater.scr.disabled
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Snowboarding.scr.disabled
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\COMMTB32.HLP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MSOTHUNK.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MISC2.SRG
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\PREVIEW.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\WKSPAGES.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\WKSGRPH.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\INSTALL.LOG
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\neowise.ini
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\STKIT416.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\OLE2PROX.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\SCP.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VAEN21.OLB
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\DAO2516.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MSAJT200.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MSJETERR.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MSJETINT.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VBAJET.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VBDB16.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VBRUN100.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VBRUN200.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\wing32.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\APIGUIDE.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\CMDIALOG.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\tmp35749.FOT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\tmpE1849.FOT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\tmp4F849.FOT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\XCEEDZIP.VB2
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\WINGPAL.WND
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\WING.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\WINGDE.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Ole2.reg
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\XCDZIP.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\XCDUNZIP.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VBAEN.OLB
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\files.inf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\smfcurrf.mp3
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\LTTHK62W.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\GAUGE.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\LXBOUSCI.INI
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Ppainter.hlp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Drvssrvr.hlp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ODBCINST.CNT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Odbcjet.cnt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Odbcjet.hlp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Odbcjtnw.cnt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Odbcjtnw.hlp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\_unodbc.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\TIMESYNC.HLP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VBDB300.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VBOA300.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\dcom95
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\readme.txt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\cp_23421.nls
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Install.PIF
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MACHNM1.EXE
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MSREF2.TTF
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\SYMBOL.TTF
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MSREF1.TTF
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\verisignpub1.crl
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ati98def.gid
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Lxbo9xdh.GID
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\SIntf16.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\DXMIGR.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MKSPR16.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MKDSP16.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\WWND.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MKTLS16.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MKTXT16.VBX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MKWIPE16.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MKWND16.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\LXBOUSCI.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\gaeffect.sti
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\gafilter.sti
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\knps.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\knpg.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ati64hlp.stb
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATI2I9AE.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATI9DGAE.EXE
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATI9DIAE.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ENRES16.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIV16XX.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATR9DIAE.DFT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATFENUXX.HLX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATI9DTXX.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATI9UNAE.BAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATII16XX.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATMENUXX.CNT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATMENUXX.HLP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATPENUXX.HLX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATR9DTXX.DFT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATSENUXX.CNT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATSENUXX.HLP
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATTENUXX.HLX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATVENUXX.HLX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATMenuxx.GID
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\LXBOTCSP.GID
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\vprice.wav
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\pdbrowse.bmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\wmpscheme.xml
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Project2.INF
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\picn1320.ssm
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\picn1820.ssm
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\picn8220.ssm
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\odbcinst.GID
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\msdasc.cnt
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\SETUP.INF
Status: Invisible to the Windows API!

Path: c:\windows\system\mmsystem.dll
Status: Size mismatch (API: 68768, Raw: 68928)

Path: c:\windows\system\winspool.drv
Status: Size mismatch (API: 146432, Raw: 131584)

Path: C:\WINDOWS\SYSTEM\Nature.scr.disabled
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Jungle.scr.disabled
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Mystery.scr.disabled
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Dangerous Creatures.scr.disabled
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Space.scr.disabled
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Baseball.scr.disabled
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Bugs.scr.disabled
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\RE-man.scr.disabled
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\PPAINTER.GID
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ASYCFILT.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\STDOLE2.TLB
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\SCRRUN.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Roboex32.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\OLEPRO32.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\OLEAUT32.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Msvcrt.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MSVBVM60.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MSCOMCTL.OCX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\MFC42.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\LOW_ImageEdit.ocx
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\LOW_ImageBrowser.ocx
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\LOW_ExteriorVis.ocx
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\INETWH32.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\GdiPlus.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\Flash.ocx
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\COMDLG32.OCX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\COMCAT.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\SYSINFO.OCX
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\LTTHK10W.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\E95THK16.EXE
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\ATIIISXX.EXE
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\CMMAP000.BIN
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\DEBMP.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\DEHEX.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\DEMET.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\DESS.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\DEWP.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCCA.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCCH.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCDA.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCDU.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCFA.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCFI.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCLO.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCOLE.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCRA.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCTA.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCUT.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\SCCVW.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSACS.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSAMI.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSBMP.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSDBS.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSDRW.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSEMF.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSEXE2.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSFLW.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSMP.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSMSW.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSPDX.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSPP2.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSPP7.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSQP6.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSRTF.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSTEXT.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSTIF6.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSW6.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSW97.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSWK4.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSWKS.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSWMF.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSWORD.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSWORK.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSWP5.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSWP6.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSWPF.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\VSXL5.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\VIEWERS\MSVIEWUT.DLL
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\MSCREATE.DIR
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\ie
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\tempcats
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\dcom95\oldole
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\tmp\HAHA! so cute!.eml
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\DRIVERS\CLEKN.SYS
Status: Locked to the Windows API!

Path: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SEV
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\CONFIG\S]STEM.LOG
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\CONFIG\syspamprofile
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\CONFIG\AntmvѩѲѵЮѥѶѴ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\CONFIG\AntmvѩѲѵѳЮEѶѴ
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM32\CONFIG\system $.sev
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~5
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SYSTEM32\CONFIG\ANTMVMRU.EVT
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SYSTEM32\CONFIG\ANTMVM~5.EVT
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SYSTEM32\CONFIG\S]STEM $.LOG
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SYSTEM\sfp\ie\MSCREATE.DIR
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\ie\mobilepk.cat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\ie\advauth.cat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\ie\vbscript.cat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\ie\msident.cat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\ie\ie_extra.cat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\ie\vgx.cat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\ie\IE.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\tempcats\DX4.08.01.0881.7eng.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\tempcats\BDA4.08.01.0881.7.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\tempcats\MOBILEPK.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\tempcats\ADVAUTH.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\tempcats\VBSCRIPT.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\tempcats\MSIDENT.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\tempcats\IE_EXTRA.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\tempcats\VGX.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\sfp\tempcats\IE.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\dcom95\oldole\install.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SYSTEM\dcom95\oldole\UNINSTSSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf3db2618

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf8e62b6e

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf8e62b64

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf8e62b73

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf8e62b7d

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf3db20ac

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf8e62b82

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf3db25ae

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf8e62b50

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf8e62b55

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf3db26ce

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf8e62b8c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf8e62b87

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf8e62b78

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf8e62b5f

Stealth Objects
-------------------
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x833e04d8 Size: 2856

Hidden Services
-------------------
Service Name: clekn
Image Path: C:\WINDOWS\system32\drivers\clekn.sys

==EOF==





I am running Windows XP pro.
How do I get rid of this??
Please help!!

Edited by sashasgame, 28 December 2009 - 11:45 AM.


BC AdBot (Login to Remove)

 


#2 Ritchie Knue

Ritchie Knue

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 01 January 2010 - 08:46 AM

Me, I have the same problem with aago. In another forum someone was talking about Kaspersky, that this would find and destroy this Rootkit. I tried with the testversion of Internet Security 2010, and ........ had success with this. Yipiiie.

Another solution someone was talking about was ComboFix, but now there is no need for me to try this anymore.

Greetings
Ritchie

Edited by Ritchie Knue, 01 January 2010 - 08:47 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users