Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lemena.3544, Virus.Boot-DDS.v.1526, Exploit.CodeBaseExec among others


  • This topic is locked This topic is locked
3 replies to this topic

#1 Selacious7

Selacious7

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 01 February 2010 - 10:41 AM

Hello,

I've was experiencing google link redirects for a bit recently and then started getting various virus/exploit/spyware warnings from both Kapersky 6.0 and Windows XP Internet Security.

Thinking back, I do recall a file that made me cautious. Going through some files I found one "pdf.pdf" and thought it was something I had purposefully downloaded. I tried to open it and it appeared as though nothing happened - that's when I got suspicious and started scanning my PC. I have been careful to limit my PC's access to the internet as various Kapersky warnings kept popping up though it only found one threat - C:\Windows\Temp\mhivml.exe - 'Trojan.generic'.

Today I've been overwhelmed with warnings from "XP Internet Security" about Tracking Software, System Hijacked, System Danger, Privacy Threat, Security Breach etc. I haven't acted on any of that as I don't trust anything on this PC right now.

Any assistance would be greatly appreciated and if you need anything else from me, please let me know. Thanks!

Below are the logs from DDS and RootRepeal (DDS.txt; Attach.txt; ark.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by ra00538 at 8:20:53.96 on Mon 02/01/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1368 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {536F7B6F-30B3-4C65-B687-7A4357C48D39}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {70B6D7AA-3629-4A42-A596-AAA08F131442}
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\IFOR\WIN\BIN\I4LMD.EXE
C:\IFOR\WIN\BIN\i4ls.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Documents and Settings\ra00538\Local Settings\Application Data\MSASCui.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Documents and Settings\ra00538\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SignIn] "c:\program files\microsoft online services\sign in\SignIn.exe" /autorun
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SwPrnMon] "c:\program files\common files\sowedoo shared\sowedoo pdf printer v4\SwPrnMon.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TP4EX] tp4ex.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220030488484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://3ds.webex.com/client/T26L10NSP49EP9/webex/ieatgpc.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd
mASetup: 3DS-InitOutlook - "c:\windows\3ds\InitOutlook.BAT"
mASetup: 3DS-OfficeCommunicator - wscript.exe //nologo "c:\windows\OfficeCommunicator.vbs"
mASetup: 3DS-Outlook-UserAccountActivate.vbs - wscript.exe //nologo "c:\windows\Outlook-UserAccountActivate.vbs"
mASetup: 3DS-Outlook 2007 - User Profile - Network Port Cleaner.vbs - wscript.exe //nologo "c:\windows\Outlook 2007 - User Profile - Network Port Cleaner.vbs"
mASetup: 3DS-RemovePromptDesktopSearchInOutlook.vbs - wscript.exe //nologo "c:\windows\RemovePromptDesktopSearchInOutlook.vbs"
mASetup: 3DS-SettingOfficeTemplate.vbs - wscript.exe //nologo "c:\windows\SettingOfficeTemplate.vbs"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ra00538\applic~1\mozilla\firefox\profiles\kwvd42ud.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: c:\program files\dassault systemes\3d xml player\intel_a\code\bin\NP3DXMLPlugin.dll
FF - plugin: c:\program files\dassault systemes\3dvia shape\intel_a\code\bin\NPShapePlugin.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-11-9 201504]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-24 16688]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-11-19 231952]
R2 IBM LUM LMD;IBM Network License Server;c:\ifor\win\bin\i4lmd.exe [2004-7-23 24576]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-11-5 53248]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-4-27 93960]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-8-14 10896]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-11-4 62320]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-5-30 24344]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-11-4 45424]
S3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [2005-11-18 58624]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [2005-8-5 73600]
S4 IBM LUM CR;IBM Central Registry License Server;c:\ifor\win\bin\i4gdb.exe [2004-7-23 24576]
S4 IBM LUM NDL;IBM Nodelock License Server;c:\ifor\win\bin\i4llmd.exe [2004-7-23 24576]

=============== Created Last 30 ================

2010-01-28 14:45:53 55856 ----a-r- c:\windows\system32\vnetinst.dll
2010-01-28 14:45:53 16560 ----a-r- c:\windows\system32\drivers\vmnetadapter.sys
2010-01-28 14:45:49 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-01-28 14:45:48 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-01-28 14:45:47 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-01-28 14:45:38 50736 ----a-r- c:\windows\system32\vmnetbridge.dll
2010-01-28 14:45:38 31280 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2010-01-28 14:45:38 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2010-01-28 14:45:35 723504 ----a-w- c:\windows\system32\vnetlib.dll
2010-01-28 14:45:13 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-01-28 14:45:08 1024 ----a-w- C:\.rnd
2010-01-28 14:42:32 0 d-----w- c:\program files\VMware
2010-01-18 21:54:24 3868037 ----a-w- C:\ConcurrentOffline.zip
2010-01-14 22:44:19 949375680 ----a-w- C:\CoffeeFrontDemo.zip
2010-01-07 06:40:47 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-01-07 06:40:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-01-07 06:40:47 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-01-04 13:48:15 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

==================== Find3M ====================

2010-02-01 11:55:55 3365152 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-01 11:50:32 33401120 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-28 16:36:02 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-28 14:54:29 317564 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-28 14:54:28 446972 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-23 00:10:43 20075 ----a-w- c:\windows\inf\Bluetooth stuffs.zip
2009-11-16 03:10:00 150733 ----a-w- c:\windows\hpoins30.dat
2008-08-29 19:45:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-09-04 14:58:39 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-09-04 14:58:39 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-09-04 14:58:39 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 8:22:28.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Selacious7

Selacious7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 01 February 2010 - 10:52 AM

Sorry, I attached "Attach.txt" twice instead of "ark.txt" - find ark.txt attached here...

Thanks

Attached Files

  • Attached File  ark.txt   88.7KB   11 downloads


#3 Selacious7

Selacious7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 04 February 2010 - 08:21 AM

Hi,

I've since reformatted my HD and reinstalled Windows on it as this problem was getting unbearable. Thanks for checking out it though! Please close/lock this thread. Thanks again!

- Mike

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:02 PM

Posted 05 February 2010 - 09:07 AM

This topic is now closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users