Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit?


  • This topic is locked This topic is locked
2 replies to this topic

#1 2blue4u

2blue4u

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 30 January 2010 - 10:26 AM

Hello, I run windows vista home premium on a dell inspiron 1720 laptop. I use kis 2010 as my security suite. Recently my pc had been slowing down which was not really too much cause for alarm however, I ran a full scan with kaspersky anyway. I then ran a scan with iobit 360 which i also run along with kis. Neither found anything. So i did a system restore and it stared up and prepared to restore normally but when it went to restore it suddenly stopped and my pc restarted. When i got back to my desktop, windows informed me that the system restore had failed and that no changes where made. I tried this too more times both on different restore points with the same result. About a day later i restarted my computer to install windows updates and upon start up kaspersky detected a keylogger. Kaspersky did its thing and took care of it. But i had not downloaded anything recently. Now i was sure there was at least some kinda back door on my pc. So I came here, I wanted to be orginized and prepared so I read through the preparation guide. I scanned with hijackthis and dds and got logs from both successfully, I then scanned with rootrepel as an admin, kis warned me about it installing some driver so i told it to allow it. It started up and i got the first error message(note i turned kaspersky off and had the same result)

fops-DeviceIoControl error! error code = 0xc0000024
extended info 0x00000100

i hit ok, clicked report selected what to scan and the drive then got this error...

could not initialize the drive please contact author.

i hit ok and got this...

error dumping ssdt 0xc0000024

it seemed to start scanning then said this

attempt to read from address 0x00000004

i hit ok again

and got this

DeviceIoControl error! error code 0x2

i hit ok and root repel stoped working.

here is the dds log

DDS (Ver_09-12-01.01) - NTFSx86
Run by Fae at 9:30:13.68 on Sat 01/30/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.2037.875 [GMT -5:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\NlsSrv32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fae\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.5)_Gecko/20091102_Firefox/3.5.5_(.NET_CLR_3.5.30729)" -"http://www.gamespyarcade.com/software/webgames/sicktwisted/fivefinger/fivefinger_index.htm"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\fae\appdata\roaming\mozilla\firefox\profiles\lesgww7g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\fae\appdata\roaming\mozilla\firefox\profiles\lesgww7g.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\users\fae\appdata\roaming\mozilla\firefox\profiles\lesgww7g.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 21520]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-16 1858144]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-12-15 73728]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-1-28 311568]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [2009-12-28 61440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2010-01-30 01:54:39 0 d-----w- c:\users\fae\appdata\roaming\1morebee
2010-01-30 01:48:13 0 d-----w- c:\program files\Fiona Finch and the Finest Flowers
2010-01-29 20:15:13 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-01-29 20:15:13 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-29 18:50:16 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-01-29 18:49:50 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-01-29 18:46:09 0 d-----w- c:\windows\system32\RsFx
2010-01-29 18:43:47 0 d-----w- c:\windows\system32\1033
2010-01-29 18:40:35 0 d-----w- c:\windows\PCHEALTH
2010-01-29 18:26:20 73216 ----a-w- c:\windows\system32\msiexec.exe
2010-01-29 18:26:20 2560 ----a-w- c:\windows\system32\msimsg.dll
2010-01-29 18:26:19 332800 ----a-w- c:\windows\system32\msihnd.dll
2010-01-29 18:26:19 2252288 ----a-w- c:\windows\system32\msi.dll
2010-01-29 18:24:25 0 d-----w- c:\program files\Microsoft SQL Server
2010-01-29 18:23:05 0 d-----w- c:\windows\system32\Visual Studio 2008Templates
2010-01-29 18:23:05 0 d-----w- c:\windows\system32\Visual Studio 2008
2010-01-29 18:19:04 0 d-----w- c:\program files\common files\Merge Modules
2010-01-29 18:19:02 0 d-----w- c:\programdata\Microsoft Help
2010-01-29 16:34:35 0 d-----w- c:\users\fae\appdata\roaming\Dev-Cpp
2010-01-29 16:33:55 0 d-----w- C:\Dev-Cpp
2010-01-28 20:58:29 0 dc-h--w- c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-01-28 19:49:07 58792 ----a-w- c:\windows\system32\wbload.dll
2010-01-28 19:49:06 42672 ----a-w- c:\windows\system32\wbsys.dll
2010-01-28 19:49:05 0 d-----w- c:\program files\Stardock
2010-01-28 18:44:46 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-28 18:44:43 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-28 18:44:43 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-01-28 18:44:00 0 d-----w- c:\users\fae\appdata\roaming\TuneUp Software
2010-01-28 18:43:34 0 d-----w- c:\program files\TuneUp Utilities 2010
2010-01-28 18:42:25 0 d-----w- c:\programdata\TuneUp Software
2010-01-28 18:42:02 0 d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-27 23:26:35 0 d-----w- c:\program files\Alice's Tea Cup Madness
2010-01-27 04:01:23 0 d-----w- c:\users\fae\appdata\roaming\SevenSails
2010-01-27 03:03:10 0 d-----w- c:\users\fae\Million
2010-01-27 02:28:12 0 d-----w- c:\program files\Sultan's Labyrinth - A Royal Sacrifice
2010-01-27 02:21:45 0 d-----w- c:\program files\Million Dollar Quest
2010-01-26 11:10:39 0 d-----w- c:\users\fae\appdata\roaming\GrabPro
2010-01-26 11:02:02 0 d-----w- C:\Downloads
2010-01-26 02:50:10 0 d-----w- c:\users\fae\appdata\roaming\Red Kawa
2010-01-24 20:32:08 0 d-----w- c:\users\fae\appdata\roaming\Boomzap
2010-01-22 09:28:59 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-01-22 09:13:12 0 d-----w- c:\program files\Paradox Interactive
2010-01-22 03:36:02 0 d-----w- c:\users\fae\appdata\roaming\Friday's games
2010-01-22 02:40:56 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-22 02:21:21 0 d-----w- c:\program files\Sally's Spa
2010-01-21 06:05:23 0 d-----w- c:\program files\Red Kawa
2010-01-21 05:33:36 0 d-----w- c:\users\fae\dwhelper
2010-01-20 18:58:07 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-01-20 18:58:06 272384 ----a-w- c:\windows\system32\schannel.dll
2010-01-20 01:37:53 0 d-----w- c:\program files\Transcode360
2010-01-20 01:35:37 0 d-----w- c:\windows\system32\URTTEMP
2010-01-20 00:37:53 0 d-----w- c:\program files\common files\PX Storage Engine
2010-01-20 00:37:17 0 d-----w- c:\program files\common files\DivX Shared
2010-01-20 00:37:13 0 d-----w- c:\program files\DivX
2010-01-19 22:42:11 0 d-----w- c:\users\fae\appdata\roaming\BigFishGames
2010-01-19 12:28:54 0 d-----w- c:\program files\uTorrent
2010-01-19 12:28:25 0 d-----w- c:\users\fae\appdata\roaming\uTorrent
2010-01-19 11:20:07 0 d-----w- c:\programdata\SpeedBit
2010-01-19 11:19:59 0 d-----w- c:\program files\DAP
2010-01-18 19:38:45 0 d-----w- c:\program files\iPod
2010-01-18 05:49:07 0 d-----w- c:\program files\Pet Pals - New Leash on Life
2010-01-17 23:35:09 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2010-01-17 23:33:16 0 d-----w- c:\program files\Conduit
2010-01-17 14:18:46 286720 ------w- c:\windows\Setup1.exe
2010-01-17 14:18:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-17 13:45:38 0 ---ha-w- c:\windows\SwSys2.bmp
2010-01-17 13:45:38 0 ---ha-w- c:\windows\SwSys1.bmp
2010-01-17 00:54:16 0 d-----w- c:\programdata\FarmFrenzy3_America
2010-01-17 00:45:17 0 d-----w- c:\users\fae\appdata\roaming\Mean Hamster Software
2010-01-17 00:45:17 0 d-----w- c:\programdata\Mean Hamster Software
2010-01-14 20:17:46 52224 ----a-w- c:\windows\ipuninst.exe
2010-01-14 20:16:53 0 d-----w- c:\program files\Interplay
2010-01-12 22:31:58 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 22:31:58 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 22:31:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-12 22:31:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-12 22:31:57 24064 ----a-w- c:\windows\system32\lpk.dll
2010-01-12 22:31:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-12 20:36:15 0 d-----w- c:\users\fae\appdata\roaming\GetRightToGo
2010-01-12 19:19:00 0 d-----w- C:\$$current$$
2010-01-09 01:24:27 0 d-----w- c:\program files\14 Degrees East
2010-01-09 01:23:57 306688 ----a-w- c:\windows\IsUninst.exe
2010-01-03 06:09:38 0 d-----w- c:\programdata\AlawarWrapper
2010-01-03 06:09:08 0 d-----w- c:\program files\Alawar
2010-01-02 04:03:44 0 d-----w- c:\users\fae\appdata\roaming\ERS G-Studio
2010-01-01 05:07:12 0 d-----w- c:\programdata\Fenomen Games

==================== Find3M ====================

2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-30 08:30:34 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-30 08:30:34 138056 ----a-w- c:\users\fae\appdata\roaming\PnkBstrK.sys
2009-12-30 08:30:24 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-30 08:30:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-30 08:30:15 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-12-18 21:16:24 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-18 21:16:24 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-18 21:16:24 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-18 12:52:36 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48:23 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:46:10 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45:07 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-02 00:59:20 0 ----a-w- c:\users\fae\appdata\roaming\wklnhst.dat
2009-11-14 00:49:00 129784 ------w- c:\windows\system32\PxAFS.DLL
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-11 19:50:34 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2009-11-09 13:34:40 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:30:40 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-10-22 21:10:52 174 --sha-w- c:\program files\desktop.ini
2009-10-22 21:05:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-15 12:11:55 76 --sha-r- c:\windows\CT4CET.bin
2009-10-27 07:45:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\userdata\index.dat
2007-12-15 19:46:21 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 9:32:35.86 ===============

Any help would be much appreciated and thanks so much for your time.

And a quick edit, I can no longer install updates and both explorer and dwm will stop working sometimes when I attempt even small tasks.

Edited by 2blue4u, 30 January 2010 - 02:40 PM.


BC AdBot (Login to Remove)

 


#2 2blue4u

2blue4u
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 01 February 2010 - 09:08 AM

This problum has been resolved and I no longer need help ty.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:45 PM

Posted 03 February 2010 - 12:28 PM

Topic closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users