Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infections


  • This topic is locked This topic is locked
2 replies to this topic

#1 windowcat

windowcat

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 16 May 2010 - 04:51 PM

Hello, and thank you for your time!

I have recently come across a few seemingly minor problems, namely google chrome suddenly not working at all and firefox redirecting from links/popping up random ad pages. I've done as much research as I have been able to on the forum and the issues seem to be not so minor at all, and the fixes that seem to work for most (TDSS killer, Hitman) are able only to identify infected files, but not remove/quarantine them. From these programs, it seems the issues lie in the iaStor and netbt files, both in the drivers folder of my system32 windows. Hopefully I have done all I can, and now leave it to the experts! I am pasting the dds file as requested; the gmer gave me my first ever "blue screen of death" of my windows 7 career on numerous occasions, but I was able to get a few lines out of it.

Again, and sincerely, thank you for what you do! I eagerly await any help as this has been a frustrating and puzzling situation.

All best





DDS (Ver_10-03-17.01) - NTFSx86
Run by Matt at 17:12:55.64 on Sun 05/16/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.321 [GMT -4:00]

SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\vVX1000.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Matt\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uWindow Title = Windows Internet Explorer provided by Comcast
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\matt\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\matt\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download All By FlashGet3 - c:\users\matt\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\matt\appdata\roaming\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: kuaiche.com\software
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\05dshhq1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\webzen\webzengamestarter\NPGameWebStarter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\matt\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-13 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-15 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-15 29512]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-15 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1291544]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-26 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-26 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-26 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-26 40552]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-4 1343400]

=============== Created Last 30 ================

2010-05-17 00:14:01 0 d-----w- C:\Temp
2010-05-16 21:11:27 0 ----a-w- c:\users\matt\defogger_reenable
2010-05-16 20:38:46 0 d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2010-05-16 20:38:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-16 20:38:27 0 d-----w- c:\programdata\Malwarebytes
2010-05-16 20:38:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-16 20:38:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 20:31:12 65536 --sha-w- c:\users\matt\ntuser.dat{e2071313-6129-11df-ac89-001b38976451}.TM.blf
2010-05-16 20:31:12 524288 --sha-w- c:\users\matt\ntuser.dat{e2071313-6129-11df-ac89-001b38976451}.TMContainer00000000000000000002.regtrans-ms
2010-05-16 20:31:12 524288 --sha-w- c:\users\matt\ntuser.dat{e2071313-6129-11df-ac89-001b38976451}.TMContainer00000000000000000001.regtrans-ms
2010-05-16 19:53:13 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-05-16 19:27:54 2 --shatr- c:\windows\winstart.bat
2010-05-16 19:26:59 0 d-----w- c:\program files\UnHackMe
2010-05-16 18:53:05 98816 ----a-w- c:\windows\sed.exe
2010-05-16 18:53:05 77312 ----a-w- c:\windows\MBR.exe
2010-05-16 18:53:05 256512 ----a-w- c:\windows\PEV.exe
2010-05-16 18:53:05 161792 ----a-w- c:\windows\SWREG.exe
2010-05-16 18:52:35 0 d-s---w- C:\ComboFix
2010-05-16 18:15:21 0 d-----w- c:\program files\LQ Software
2010-05-16 17:36:11 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-16 17:29:39 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-16 17:29:31 0 d-----w- c:\programdata\Hitman Pro
2010-05-16 17:29:28 0 d-----w- c:\program files\Hitman Pro 3.5
2010-05-16 14:22:31 3396680 ----a-w- c:\windows\system32\GameMon.des
2010-05-16 14:18:17 51360 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2010-05-16 14:18:17 51360 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2010-05-16 14:18:17 362656 ----a-w- c:\windows\system32\CMStarterCore.exe
2010-05-16 13:28:59 0 d-----w- c:\program files\Webzen
2010-05-16 13:23:29 0 d-----w- c:\program files\mu
2010-05-16 06:59:15 0 d--h--w- C:\$AVG
2010-05-16 00:45:54 0 d-----w- c:\program files\pdo
2010-05-16 00:26:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-16 00:26:08 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-16 00:24:54 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-16 00:24:32 0 d-----w- c:\program files\AVG
2010-05-16 00:24:12 0 d-----w- c:\programdata\avg9
2010-05-14 16:44:17 0 d-----w- c:\program files\Eudemons Online
2010-05-14 16:31:20 0 d-----w- c:\program files\Phoenix Dynasty Online
2010-05-14 16:27:13 0 d-----w- c:\program files\Phoenix Dynasty
2010-05-14 14:58:40 0 d-----w- c:\users\matt\appdata\roaming\WildTangent
2010-05-14 14:53:37 0 d-----w- c:\program files\WildGames
2010-05-14 00:26:01 205920 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-13 22:02:57 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-13 19:33:10 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-13 19:33:01 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-13 19:23:49 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-13 19:22:52 0 d-----w- c:\program files\Lavasoft
2010-05-13 19:22:51 0 d-----w- c:\programdata\Lavasoft
2010-05-13 15:27:52 336 ----a-w- c:\windows\system32\secustat.dat
2010-05-13 15:27:42 891 ----a-w- c:\windows\system32\secushr.dat
2010-05-13 15:27:06 25 ----a-w- c:\windows\libem.INI
2010-05-13 15:26:51 0 d-----w- c:\users\matt\appdata\roaming\BITS
2010-05-13 15:26:34 0 d-----w- c:\users\matt\appdata\roaming\FlashGetBHO
2010-05-13 15:26:32 0 d-----w- c:\program files\FlashGet Network
2010-05-12 18:07:54 0 d-----w- c:\program files\Microsoft LifeCam
2010-05-12 18:07:31 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-12 18:07:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-12 14:33:57 18147 ----a-w- c:\windows\DIIUnin.dat
2010-05-12 14:33:53 94208 ----a-w- c:\windows\DIIUnin.exe
2010-05-12 14:33:53 2829 ----a-w- c:\windows\DIIUnin.pif
2010-05-12 01:15:09 0 d-----w- c:\program files\iPod
2010-05-12 01:15:08 0 d-----w- c:\program files\iTunes
2010-05-12 01:09:06 0 d-----w- c:\program files\Bonjour
2010-05-11 21:02:07 172 ----a-w- c:\windows\system32\MRT.INI
2010-05-11 20:37:48 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 20:19:12 524288 --sha-w- c:\users\matt\ntuser.dat{5dce5892-5d38-11df-8d0d-001b38976451}.TMContainer00000000000000000002.regtrans-ms
2010-05-11 20:19:11 65536 --sha-w- c:\users\matt\ntuser.dat{5dce5892-5d38-11df-8d0d-001b38976451}.TM.blf
2010-05-11 20:19:11 524288 --sha-w- c:\users\matt\ntuser.dat{5dce5892-5d38-11df-8d0d-001b38976451}.TMContainer00000000000000000001.regtrans-ms
2010-05-11 18:18:01 0 d-----w- C:\Sandbox
2010-05-11 18:17:06 0 d-----w- c:\program files\Sandboxie
2010-05-11 15:13:55 0 d-----w- c:\program files\Tensons
2010-05-07 21:25:03 0 d--h--w- c:\windows\msdownld.tmp
2010-05-07 21:25:00 0 d-----w- c:\windows\system32\directx
2010-05-04 22:34:30 0 d-----w- c:\windows\system32\Wat
2010-05-03 16:49:32 0 d-----w- c:\program files\Diablo II
2010-05-03 02:29:08 0 d-----w- c:\program files\Conquer Online 2.0
2010-04-28 11:52:37 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 11:52:37 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-21 23:21:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-19 03:22:38 0 d-----w- c:\program files\common files\Software Update Utility
2010-04-18 17:08:30 0 d-----w- c:\program files\Project64 1.6
2010-04-18 03:04:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-04-17 15:17:50 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-17 15:17:49 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-17 05:19:18 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-17 03:38:00 717892 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-04-17 03:36:59 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-17 03:36:59 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-17 03:36:56 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-17 03:36:56 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-17 03:36:56 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-17 03:35:45 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-17 03:35:28 0 d-----w- c:\windows\system32\wbem\Performance
2010-04-17 03:35:17 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-17 03:32:17 20 --sh--w- c:\users\matt\ntuser.ini
2010-04-17 03:32:06 0 d-sh--w- C:\Recovery
2010-04-17 03:09:13 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-17 02:03:25 9712 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2010-04-17 02:03:25 9712 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2010-04-17 02:03:03 0 d-----w- c:\program files\CONEXANT
2010-04-17 02:03:00 873310 ----a-w- c:\windows\system32\oem50.inf
2010-04-17 02:02:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-04-17 02:02:40 0 d-----w- c:\program files\Apoint2K
2010-04-17 01:05:28 8192 --sha-r- C:\BOOTSECT.BAK
2010-04-16 22:26:14 1908 ----a-w- c:\windows\diagwrn.xml
2010-04-16 22:26:14 1908 ----a-w- c:\windows\diagerr.xml

==================== Find3M ====================

2010-05-16 19:30:45 304920 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-05-12 14:40:00 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-05-12 14:40:00 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-05-12 14:40:00 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-12 22:41:18 101232 ----a-w- c:\windows\VX1000.dll
2010-03-12 22:41:16 762736 ----a-w- c:\windows\vVX1000.exe
2010-03-12 22:41:16 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-03-12 22:41:16 227696 ----a-w- c:\windows\vVX1000.dll
2010-03-12 22:41:16 175472 ----a-w- c:\windows\system32\cVX1000.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:14:55.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 windowcat

windowcat
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 18 May 2010 - 12:44 PM

Update

Disregard original post; have lost enough time and money waiting for a response to continue to do so. Clean install of course fixed the problem, now getting things back up and running. Thanks for the potential future help!

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:55 AM

Posted 19 May 2010 - 02:35 PM

Since this topic appears to be resolved, I will now close it. Thanksfor letting us know.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users