Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit (Haxdoor) Trojan's Worm's Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 day_dreams

day_dreams

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 15 February 2010 - 03:16 AM

I started finding logs that told me I had a problem even Logs that said someone had been logging remotely so I Reinstalled Windows Vista. I then saw that it didnt do what it was suppose to with more investagation I found out I have at least one rootkit and trojan's and malware.. The rootkit has rewrote my reinstallation section and short of ordering another installation disk I was hoping you could help me fix this problem. Plz see attacted...
DDS (Ver_09-12-01.01) - NTFSx86
Run by Babykitty at 0:49:30.90 on Mon 02/15/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1760 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Earthcom\dialer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Users\Babykitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDJZYCAA\Defogger[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Babykitty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM3G7R6D\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.0.0.125\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
StartupFolder: c:\users\babyki~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {47DDA3EB-67AC-4CDA-9F7C-FAE4AB177D5F} = 64.136.173.4 64.136.164.76
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1000000.07d\SymEFA.sys [2008-10-23 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1000000.07d\BHDrvx86.sys [2008-10-23 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1000000.07d\ccHPx86.sys [2008-10-23 362544]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100210.001\IDSvix86.sys [2010-2-14 343088]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [2008-10-23 115560]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-10-23 99376]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nis\1000000.07d\symndisv.sys [2008-10-23 40496]

=============== Created Last 30 ================

2010-02-15 06:36:01 0 ----a-w- c:\users\babykitty\defogger_reenable
2010-02-15 05:42:51 0 d-----w- c:\program files\Trend Micro
2010-02-12 11:01:45 0 d-----r- c:\program files\Norton Support
2010-02-12 07:14:28 0 d-----w- c:\program files\MSXML 4.0
2010-02-11 19:15:46 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-11 19:15:45 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-11 19:10:04 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-02-11 19:10:04 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-02-11 19:10:02 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-11 19:09:59 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-02-11 19:09:59 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-02-11 19:09:59 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-02-11 18:56:59 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-11 18:56:57 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-10 18:03:59 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-10 18:00:50 2868224 ----a-w- c:\windows\system32\mf.dll
2010-02-10 17:50:35 0 d-----w- c:\programdata\LightScribe
2010-02-10 17:08:47 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-02-10 17:08:46 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-02-10 17:08:46 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-02-10 17:08:46 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-02-10 17:08:46 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-02-10 17:08:05 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-02-10 16:52:10 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-02-10 16:52:10 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-02-10 16:52:10 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-02-10 16:52:10 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-02-10 16:51:39 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-02-10 16:51:39 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-02-10 16:50:55 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-02-10 16:50:55 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-02-10 16:49:35 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-02-10 16:43:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-02-10 16:35:10 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-02-10 16:35:07 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-02-10 16:35:07 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-02-10 16:33:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-02-10 16:31:25 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-02-10 16:31:20 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-02-10 16:30:54 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-02-10 16:30:44 2927104 ----a-w- c:\windows\explorer.exe
2010-02-10 16:29:59 296960 ----a-w- c:\windows\system32\gdi32.dll
2010-02-10 10:55:29 884 ----a-w- c:\users\babyki~1\appdata\roaming\wklnhst.dat
2010-02-10 07:54:07 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-02-10 07:54:07 94720 ----a-w- c:\windows\system32\logagent.exe
2010-02-10 07:52:04 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 07:52:04 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 07:28:09 71680 ----a-w- c:\windows\system32\atl.dll
2010-02-10 07:25:14 1645568 ----a-w- c:\windows\system32\connect.dll
2010-02-10 07:14:07 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-10 07:10:56 0 d-----w- c:\program files\muvee Technologies
2010-02-10 07:10:49 0 d-----w- c:\program files\common files\muvee Technologies
2010-02-10 07:06:02 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-02-10 07:06:02 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-02-10 07:05:41 89088 ------w- c:\windows\system32\atl71.dll
2010-02-10 07:04:29 16078 ----a-w- c:\windows\system32\results.xml
2010-02-10 07:02:20 6416928 ----a-w- c:\windows\system\DriveIcon.dll
2010-02-10 07:02:20 61952 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2010-02-10 07:02:20 5430 ----a-w- c:\windows\system\MyMulti.ico
2010-02-10 07:00:22 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-02-10 07:00:22 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-02-10 07:00:22 0 d-----w- c:\windows\system32\Lang
2010-02-10 07:00:21 0 d-----w- C:\Intel
2010-02-10 07:00:06 0 d-----w- c:\program files\NetWaiting
2010-02-10 06:59:53 0 d-----w- c:\program files\CONEXANT
2010-02-10 06:59:12 123904 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-02-10 06:59:11 0 d-----w- c:\program files\Realtek
2010-02-10 06:59:03 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-02-10 06:58:44 0 d-----w- c:\program files\Synaptics
2010-02-10 06:57:50 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-10 06:56:32 909824 ----a-w- c:\windows\system32\drivers\athr.sys
2010-02-10 06:56:32 53248 ----a-w- c:\windows\system32\athihvui.dll
2010-02-10 06:56:32 393216 ----a-w- c:\windows\system32\athihvs.dll
2010-02-10 06:56:32 376832 ----a-w- c:\windows\system32\S64CPA.exe
2010-02-10 06:56:32 0 d-----w- c:\windows\system32\nn-NO
2010-02-10 06:56:23 0 d-----w- c:\program files\Cisco
2010-02-10 06:56:23 0 d-----w- c:\program files\Atheros
2010-02-10 06:56:20 0 d-----w- c:\programdata\Atheros
2010-02-10 02:27:21 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 02:25:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-02-10 02:24:59 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2010-02-10 02:24:59 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-02-10 02:24:59 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-02-10 02:24:59 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2010-02-10 02:20:18 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-10 02:20:14 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-10 02:20:14 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-10 00:07:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 00:07:51 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 00:00:36 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-02-10 00:00:34 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-02-10 00:00:34 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-02-10 00:00:34 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-02-10 00:00:34 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-02-10 00:00:34 10240 ----a-w- c:\windows\system32\finger.exe
2010-02-10 00:00:33 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-02-10 00:00:33 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-02-10 00:00:32 17920 ----a-w- c:\windows\system32\netevent.dll
2010-02-09 23:44:32 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-02-09 23:44:32 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-02-09 23:44:31 72704 ----a-w- c:\windows\system32\secur32.dll
2010-02-09 23:44:31 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-02-09 23:44:31 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-02-09 23:44:30 9728 ----a-w- c:\windows\system32\lsass.exe
2010-02-09 23:41:41 636928 ----a-w- c:\windows\system32\localspl.dll
2010-02-09 23:38:24 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-02-09 23:38:22 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-02-09 23:38:22 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-02-09 23:38:22 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-02-09 23:38:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-02-09 23:36:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-09 23:36:56 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-09 23:32:22 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-02-09 23:32:21 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-02-09 23:32:21 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-02-09 22:40:19 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-02-09 22:40:18 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-02-09 22:40:18 551424 ----a-w- c:\windows\system32\rpcss.dll
2010-02-09 22:40:18 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-02-09 22:40:16 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-02-09 22:40:16 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-02-09 22:40:15 98304 ----a-w- c:\windows\system32\iasrecst.dll
2010-02-09 22:40:15 54784 ----a-w- c:\windows\system32\iasads.dll
2010-02-09 22:40:15 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2010-02-09 22:40:15 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-02-09 22:40:15 183296 ----a-w- c:\windows\system32\sdohlp.dll
2010-02-09 22:40:15 17408 ----a-w- c:\windows\system32\iashost.exe
2010-02-09 22:13:10 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-09 21:47:35 24064 ----a-w- c:\windows\system32\amxread.dll
2010-02-09 21:47:35 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-02-09 21:23:52 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-02-09 21:22:20 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-02-09 21:21:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-02-09 21:19:57 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-09 21:19:57 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-09 21:19:56 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-09 21:19:56 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-09 21:19:56 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-09 21:19:56 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-09 21:19:56 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-09 21:19:56 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-09 21:19:55 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-09 21:19:55 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-09 21:17:19 281600 ----a-w- c:\windows\system32\raschap.dll
2010-02-09 21:17:19 244224 ----a-w- c:\windows\system32\rastls.dll
2010-02-09 21:15:42 147456 ----a-w- c:\windows\system32\Faultrep.dll
2010-02-09 21:15:42 125952 ----a-w- c:\windows\system32\wersvc.dll
2010-02-09 21:14:47 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-02-09 21:14:43 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-02-09 19:16:05 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-02-09 19:13:33 0 d-----w- c:\programdata\Blizzard
2010-02-09 18:53:22 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-02-09 18:53:09 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-02-09 18:52:58 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-02-09 18:52:58 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-02-09 18:35:13 0 d-----w- c:\program files\Earthcom
2010-02-09 18:34:42 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-02-09 18:34:35 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-09 18:34:35 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-09 18:34:35 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-09 18:34:35 0 d-----w- c:\program files\Symantec
2010-02-09 18:34:35 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-09 18:26:49 0 d-----w- c:\users\babyki~1\appdata\roaming\HP TCS
2010-02-09 18:25:13 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_G70 Notebook PC_Y5335KV_0U_Q2CE91513V7_E508165-001_4A_I360C_SWistron_V09.51_F.36_T090312_WV3-1_L409_M3003_J320_7Intel_867A_92.00_#100209_N10EC8136;168C002A_(NF795UA#ABA)_XMOBILE_CN10_Z_2F.36.MRK

==================== Find3M ====================

2010-02-10 07:06:31 505392 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-10 07:06:31 353840 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-10 07:06:30 1066544 ----a-w- c:\windows\system32\MFC71.dll
2010-02-10 07:06:30 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2010-02-09 18:34:37 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-09 18:34:37 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-09 18:34:37 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-23 18:22:42 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-r- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-r- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-r- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-r- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-r- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-r- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-r- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-r- c:\windows\inf\perflib\0000\perfc.dat
2008-10-23 18:22:41 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:49:57.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:06 AM

Posted 18 February 2010 - 09:03 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:06 AM

Posted 23 February 2010 - 08:09 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users