Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown malware/rootkit, need advice.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Killazilla

Killazilla

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 30 December 2009 - 11:57 AM

Hi, first of all thanks for the help in advance!


I think my laptop (Acer 5315 w/ Vista) has been infected with malware or a rootkit of some sort.

IE crashes randomly, my old anti-virus and firewall has been disabled can't re-install either, doing so results in BSOD. IE also runs in the background (task manager, process tab). When I close it, it starts up again on its own. The only anti-malware program that is running at this point is Ad-aware and Avast anti-virus and it hasn't found anything. I am stuck, looking for someone that knows more about these viruses then I do. Thanks again.

Attached are the 2 logs requested in the removal guides, below is the dds log

DDS.txt log


DDS (Ver_09-12-01.01) - NTFSx86
Run by DR at 9:28:48.36 on Wed 12/30/2009
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1123 [GMT -7:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Users\DR\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\DR\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.azcentral.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "c:\users\dr\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [settdebugx.exe] c:\users\dr\appdata\local\temp\settdebugx.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [eRecoveryService]
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\users\dr\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-27 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-28 114768]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-9-3 50688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-28 53328]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-28 138680]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-28 352920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-9-3 179712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-4 21504]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]

=============== Created Last 30 ================

2009-12-30 03:13:27 0 d-----w- c:\windows\system32\log
2009-12-30 03:12:42 0 d-----w- c:\users\dr\Pavark
2009-12-30 02:34:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 02:34:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 02:34:03 0 d-----w- c:\programdata\Malwarebytes
2009-12-30 02:26:32 229785097 ----a-w- c:\windows\MEMORY.DMP
2009-12-30 02:25:21 0 d-----w- c:\users\dr\appdata\roaming\SUPERAntiSpyware.com
2009-12-30 02:25:21 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-30 02:25:03 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-28 23:58:21 0 d-----w- c:\programdata\WindowsSearch
2009-12-28 22:19:03 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-12-28 04:42:14 0 d-----w- c:\program files\Trend Micro
2009-12-28 04:38:06 0 d--h--w- C:\$AVG
2009-12-28 04:38:05 0 ----a-w- c:\windows\system32\commonpriv.log.lock
2009-12-28 04:23:47 0 d-----w- c:\programdata\avg9
2009-12-28 04:20:08 0 d-----w- c:\users\dr\appdata\roaming\AVG8
2009-12-28 04:15:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 03:56:51 0 d-----w- c:\program files\MSECACHE
2009-12-28 03:12:30 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-27 16:45:16 675 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-27 16:44:14 199 ----a-w- c:\windows\system32\srcr.dat
2009-12-24 03:53:02 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-12-24 03:53:02 237568 ----a-w- c:\windows\system32\mcstabs.ocx
2009-12-24 03:53:02 115920 ----a-w- c:\windows\system32\msinet.ocx
2009-12-24 03:53:02 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-12-24 03:53:01 0 d-----w- c:\program files\MCS Studios
2009-12-24 03:45:51 0 d-----w- c:\program files\CPU Speed Pro
2009-12-18 10:23:15 0 d-----w- c:\program files\Windows Portable Devices
2009-12-18 10:22:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-18 10:07:04 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-18 10:07:04 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-18 10:07:03 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-18 10:05:36 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-18 10:04:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-18 10:04:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-18 10:04:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-17 03:24:27 0 d-----w- c:\windows\system32\eu-ES
2009-12-17 03:24:27 0 d-----w- c:\windows\system32\ca-ES
2009-12-17 03:24:19 0 d-----w- c:\windows\system32\vi-VN
2009-12-16 00:38:59 0 d-----w- c:\windows\system32\EventProviders
2009-12-15 23:07:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-11 20:32:11 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-11 20:31:57 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 20:31:57 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 20:31:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 05:26:59 45568 ----a-w- c:\windows\system32\mshta.exe
2009-12-11 05:26:59 385024 ----a-w- c:\windows\system32\html.iec
2009-12-11 05:26:59 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-12-11 05:26:58 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-12-11 05:26:58 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-12-11 05:26:58 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-12-11 05:26:58 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-12-10 23:39:59 677376 ----a-w- c:\windows\system32\imapi2fs.dll
2009-12-10 23:38:59 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-12-10 23:37:59 49152 ----a-w- c:\windows\system32\cmmon32.exe
2009-12-10 23:36:57 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-12-10 23:36:57 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-12-10 23:36:50 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-12-10 10:42:32 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-12-10 10:42:30 270848 ----a-w- c:\windows\system32\schannel.dll
2009-12-10 10:05:26 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-12-10 10:05:22 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2009-12-10 04:28:51 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 23:53:11 0 d-----w- C:\PerfLogs
2009-12-06 06:48:02 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-12-06 06:47:40 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-12-06 06:47:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-12-06 06:47:34 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-12-06 06:46:08 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-12-06 06:45:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-06 05:31:10 0 d-----w- c:\windows\system32\custom matrices
2009-12-06 05:30:30 0 d-----w- c:\windows\system32\QuickTime
2009-12-06 05:30:30 0 d-----w- c:\windows\system32\C2MP
2009-12-06 05:00:34 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-06 04:45:53 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-12-06 04:44:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-12-06 04:44:21 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-06 04:44:19 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-06 04:44:18 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-12-06 04:44:15 17920 ----a-w- c:\windows\system32\netevent.dll
2009-12-06 04:44:13 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-12-06 04:44:13 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-12-06 04:44:13 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-12-06 04:44:13 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-12-06 04:44:13 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-12-06 04:44:13 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-12-06 04:44:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-12-06 04:42:26 71680 ----a-w- c:\windows\system32\atl.dll
2009-12-06 04:38:59 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-06 04:38:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-12-06 04:38:37 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-12-06 04:38:37 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-12-06 04:38:37 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-12-06 04:38:29 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-06 04:38:29 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-06 04:38:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-06 04:38:23 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-12-06 04:38:18 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-12-06 04:38:12 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-12-06 04:24:26 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

==================== Find3M ====================

2009-12-18 10:23:05 86016 ----a-w- c:\windows\inf\infpub.dat
2009-12-18 10:23:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-18 10:23:05 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-18 10:23:04 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-17 02:43:03 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-12-10 00:19:54 174 --sha-w- c:\program files\desktop.ini
2009-12-09 22:38:07 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-12-09 22:37:54 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 23:22:08 4835652 ----a-w- c:\windows\system32\libavcodec.dll
2009-10-27 23:16:44 1632375 ----a-w- c:\windows\system32\ffmpegmt.dll
2009-10-27 23:16:12 611638 ----a-w- c:\windows\system32\libmplayer.dll
2009-10-27 23:10:02 143872 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-10-27 22:46:26 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-10-27 22:28:08 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-10-16 23:58:06 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-10-16 23:57:06 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-10-16 23:04:24 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-10-16 23:04:08 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-10-16 23:03:48 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-10-16 23:03:44 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-10-16 23:03:40 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-10-16 20:53:32 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2009-10-16 20:53:20 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-16 19:40:42 957047 ----a-w- c:\windows\system32\ff_x264.dll
2009-10-16 19:38:20 914464 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-06 06:34:05 15688 ----a-w- c:\windows\system32\lsdelete.exe
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:30:53.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:41 PM

Posted 06 January 2010 - 03:11 AM

Hi Killazilla,

Welcome to BC HijackThis forum and apologies for the delay . I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

If you have not resolved the issue please do the following:
  • Open RootRepeal. Click Hidden Services. press Scan and when finished press Save Report. Post the log or tell me if there were no hidden services found.

  • Please run DDS and post a fresh DDS.txt to your reply. No need for the Attach.txt if you have not installed or uninstalled new software.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:41 PM

Posted 10 January 2010 - 08:55 PM

This thread will now be closed now due to lack of activity.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users