Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

probable rootkit - Avira install fails with message "installation of the microsoft redistributable kit has failed"


  • This topic is locked This topic is locked
2 replies to this topic

#1 molipix

molipix

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 07 April 2010 - 01:24 PM

Hello!

I seems to have a particularly nasty form of malware which has not been removed after running Malwarebytes Scan, SuperAntiSpyware scan and Combofix (combofix gave some mesages incuding:

The system cannot find message text for message numbe 0x8 in the message file for System

Access Denied. Administrator permissions are needed to use the selected options. Use an administrator command prompt.)

Other symptoms:

Setup of Avira fails with the message "installation of the microsoft redistributable kit has failed"

Windows title bars, buttons are all blocky in style. No pretty Vista Themes

Right click network connection/properties - no Advanced tab - can't enable firewall

When browsing windows folder there is no Menu bar - can't enable viewing of hidden files

When booting into normal mode network connection appears to fail. There is also a constant pop-up requsting install of Java update (not sure if it's suspicious or not). Now booted into Safe Mode with network and can get online.

Here is my DDS log:


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Debbie at 18:36:18.23 on 07/04/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.2939.2253 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k secsvcs
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:WindowsExplorer.EXE
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowsexplorer.exe
C:Windowssystem32igfxsrvc.exe
C:Windowssystem32NOTEPAD.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
e:Desktopdds.scr
C:Windowssystem32conime.exe
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.5.4723.1820swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [msnmsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [Google Update] "c:usersdebbieappdatalocalgoogleupdateGoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [ITSecMng] %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [topi] c:program filestoshibatoshiba online product informationtopi.exe -startup
mRun: [Google Desktop Search] "c:program filesgooglegoogle desktop searchGoogleDesktop.exe" /startup
mRun: [Google EULA Launcher] c:program filesgooglegoogle eulaGoogleEULALauncher.exe IE PA
mRun: [Toshiba TEMPO] c:program filestoshiba temproToshiba.Tempo.UI.TrayApplication.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [Camera Assistant Software] "c:program filescamera assistant software for toshibatraybar.exe" /start
mRun: [HDMICtrlMan] c:program filestoshibahdmictrlmanHDMICtrlMan.exe
mRun: [TPwrMain] %ProgramFiles%TOSHIBAPower SaverTPwrMain.EXE
mRun: [HSON] %ProgramFiles%TOSHIBATBSHSON.exe
mRun: [SmoothView] %ProgramFiles%ToshibaSmoothViewSmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%TOSHIBAFlashCardsTCrdMain.exe
mRun: [Toshiba Registration] c:program filestoshibaregistrationToshibaRegistration.exe
mRun: [Toshiba TEMPRO] c:program filestoshiba temproTemproTray.exe
mRun: [Skytel] Skytel.exe
mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [Wireless Manager] "c:program filesvirgin broadband wirelessWireless Manager.exe" startup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
mRunOnce: [Cleanup] C:cleanup.exe
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
dRun: [TOSHIBA Online Product Information] c:program filestoshibatoshiba online product informationtopi.exe
StartupFolder: c:usersdebbieappdataroamingmicros~1windowsstartm~1programsstartupbbcipl~1.lnk - c:program filesbbc iplayer desktopBBC iPlayer Desktop.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:progra~1googlegoogle~2GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:usersdebbieappdataroamingmozillafirefoxprofiles867q1xd1.default
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:usersdebbieappdataroamingmozillafirefoxprofiles867q1xd1.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsfrozen.dll
FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll
FF - plugin: c:program filesgoogleupdate1.2.183.13npGoogleOneClick8.dll
FF - plugin: c:program filesgoogleupdate1.2.183.17npGoogleOneClick8.dll
FF - plugin: c:program filesgoogleupdate1.2.183.23npGoogleOneClick8.dll
FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll
FF - plugin: c:program filespicasa2npPicasa3.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - plugin: c:usersdebbieappdatalocalgoogleupdate1.2.183.23npGoogleOneClick8.dll
FF - plugin: c:usersdebbieappdataroamingfacebooknpfbplugin_1_0_3.dll
FF - plugin: c:usersdebbieappdataroamingmozillapluginsnpgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R3 FwLnk;FwLnk Driver;c:windowssystem32driversFwLnk.sys [2008-7-1 7168]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:windowssystem32driversNETw5v32.sys [2008-7-1 3658752]
S1 avgio;avgio;c:program filesaviraantivir desktopavgio.sys [2010-1-8 11608]
S1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-2-17 66632]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesaviraantivir desktopsched.exe [2010-1-8 108289]
S2 AntiVirService;Avira AntiVir Guard;c:program filesaviraantivir desktopavguard.exe [2010-1-8 185089]
S2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2010-1-8 56816]
S2 ConfigFree Service;ConfigFree Service;c:program filestoshibaconfigfreeCFSvcs.exe [2008-4-17 40960]
S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-2-8 135664]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:program filestoshiba temproTemproSvc.exe [2009-4-21 116104]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filestoshibasmartlogserviceTosIPCSrv.exe [2007-12-3 126976]
S3 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:program filesgooglegoogle desktop searchGoogleDesktop.exe [2008-7-1 30192]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:windowssystem32driversIntcHdmi.sys [2008-8-4 112128]
S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-04-07 17:24:58 0 ----a-w- c:usersdebbiedefogger_reenable
2010-04-06 23:12:18 0 d-s---w- C:ComboFix
2010-04-06 23:09:13 8252 ----a-w- C:backup.reg
2010-04-06 23:09:13 574 ----a-w- C:cleanup.bat
2010-04-06 23:09:13 19286 ----a-w- C:cleanup.exe
2010-04-06 23:09:13 135168 ----a-w- C:zip.exe
2010-04-06 23:04:16 212344451 ----a-w- c:windowsMEMORY.DMP
2010-04-06 22:52:49 0 d-sh--w- C:$RECYCLE.BIN
2010-04-06 22:39:05 98816 ----a-w- c:windowssed.exe
2010-04-06 22:39:05 77312 ----a-w- c:windowsMBR.exe
2010-04-06 22:39:05 261632 ----a-w- c:windowsPEV.exe
2010-04-06 22:39:05 161792 ----a-w- c:windowsSWREG.exe
2010-04-06 21:22:35 0 d-----w- c:programdataSUPERAntiSpyware.com
2010-04-06 21:22:26 0 d-----w- c:program filesSUPERAntiSpyware
2010-04-06 21:22:25 0 d-----w- c:usersdebbieappdataroamingSUPERAntiSpyware.com
2010-04-06 19:48:03 0 d-----w- c:usersdebbieappdataroamingMalwarebytes
2010-04-06 19:47:57 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-06 19:47:55 20824 ----a-w- c:windowssystem32driversmbam.sys
2010-04-06 19:47:55 0 d-----w- c:programdataMalwarebytes
2010-04-06 19:47:55 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2010-03-14 21:29:45 0 d-----w- c:usersdebbieappdataroamingFacebook
2010-03-13 01:19:47 293376 ----a-w- c:windowssystem32browserchoice.exe
2010-03-09 22:20:46 24064 ----a-w- c:windowssystem32nshhttp.dll
2010-03-09 22:20:44 411648 ----a-w- c:windowssystem32drivershttp.sys
2010-03-09 22:20:44 30720 ----a-w- c:windowssystem32httpapi.dll

==================== Find3M ====================

2010-02-24 10:16:06 181632 ------w- c:windowssystem32MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:windowssystem32wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:windowssystem32iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:windowssystem32iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:windowssystem32ieUnatt.exe
2010-01-25 12:00:35 471552 ----a-w- c:windowssystem32secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:windowssystem32secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:windowssystem32secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:windowssystem32secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:windowssystem32msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:windowssystem32RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:windowssystem32RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:windowssystem32RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:windowssystem32RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:windowssystem32tzres.dll
2010-01-22 19:14:03 51200 ----a-w- c:windowsinfinfpub.dat
2010-01-22 19:14:03 143360 ----a-w- c:windowsinfinfstrng.dat
2010-01-20 23:25:53 86016 ----a-w- c:windowsinfinfstor.dat
2009-11-18 19:14:48 665600 ----a-w- c:windowsinfdrvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:program filesdesktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2009-10-18 20:43:25 245760 --sha-w- c:windowsserviceprofilesnetworkserviceappdataroamingmicrosoftwindowsietldcacheindex.dat

============= FINISH: 18:37:53.85 ===============

Thanks for reading smile.gif

Please help! posted this a couple of days ago and still stuck, anyone got any ideas?

I merged your bump into the original post. Please don't bump your topic, it will result in you having to wait longer for help. ~BP

Attached Files


Edited by Budapest, 09 April 2010 - 05:04 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:25 PM

Posted 10 April 2010 - 06:40 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:25 PM

Posted 16 April 2010 - 06:52 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users