Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Smauler

Smauler

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 18 November 2010 - 03:40 PM

Hi all.

I'm having a major problem with my PC. I'm pretty technically literate, but absolutely willing to take advice and direction from those who know more.

I'm running :
Vista 64 OEM (with dual boot Win2k)
Self-built system, 650i motherboard
A couple of striped SATA drives as my system
An old PATA as my boot and 2k system
3 Mobile Broadband (I didn't want to fork out for a land line... I wish Virgin fibre was in my area, but that's a different discussion :P)

The rest should be irrelevant, since I'm 99% sure it's not a hardware problem. What I originally thought it might be was an underpowered PSU (new nvidia 460 off of 620w), but I'm pretty sure that's not the case, because my symptoms have nothing to do with the PC being under load. I've hit the problems recently because I've been trying to get service packs, which previously didn't work either with my old 8800GT graphics card, but I ignored since they weren't all that important to me. Now I want DirectX 11, with my new card.

Symptoms :
Cannot download Service pack 1 directly. Whenever I try to, my internet connectivity goes to crap (well, more crap than it is normally), and the download can't finish.
Upon opening and running windows update, lots of HD activity, some success in minor updates, but again - SP1 will not download, stuck at 12%.
Upon opening and running windows update, lots of system unresponsiveness. All tasks seem to be affected, and can be completely non-responsive for many seconds at a time.
Generally slightly crappy performance (I know this can be caused by so much, but when I first installed Vista on this system with a different graphics card, it booted from the boot manager menu to usable desktop in 15 seconds). Gaming performance does not seem to be affected much.

I've never run any AV on this computer. I tried once quite a long time ago, with MSE, and it hosed my system entirely, and I had to go back to a previous restore point. I did a reinstall my OS about 6 months ago because I got an unexpected BSOD... I had a look and realised I'd accidently pulled out one of the stripe's SATA cables with my toe. Fortunately I didn't lose data with that, but I couldn't get Vista going again without a reinstall. The reason I ran the computer without a case was because my old 8800GT ran _very_ hot (why do PCI express cards have their fans towards the bottom of the case, anyway - there's nothing there... case fans don't help). My new 460 is sat at 23 degrees currently, and my CPU has never run very hot.

I've disabled prefetch and a few other services. I know I can get slightly quicker launching times with them on, but I don't mind the extra second or so it costs me, and I _hate_ the heavy HD access that it uses. I quite like knowing audibly when my HD is doing something.

What I've run :
HijackThis
Microsoft's anti malware tool
Malwarebyte's anti malware and rootkit tool
MSE

None came up with anything. I've run a couple of (legit) online AV scans too. Nothing. I'm at a bit of a loss... I ran DDS : see below.

All help appreciated :). Really, really, really appreciated. I'm a bit stuck.


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Ben at 19:03:24.65 on 18/11/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.4094.2234 [GMT 0:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
SP: Microsoft Security Essentials *enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\3 Mobile Broadband\3Connect\Wilog.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\conime.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\windows live safety center\wlschost.EXE
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ben\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Windows.old\Program Files (x86)\RALINK\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {F4D88DCE-B8DF-475C-9E60-FD624C282675} = 217.171.132.1 217.171.135.1
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\hpuldmix.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101703&locale=en_US&apn_uid=1E5F7D80-EF15-4CEE-8C46-CDA49F500406&apn_ptnrs=F3&apn_sauid=3871DE33-B61F-49CE-B356-803B2D04F515&apn_dtid=YYYYYYYYGB&q=
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-9-5 1737464]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-10-2 93184]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2010-11-13 25832]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2010-9-5 114304]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-11-13 155752]
S3 rt61x64;Conceptronic RT61 54g Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr6164.sys [2008-3-18 370176]

=============== Created Last 30 ================

2010-11-18 18:31:09 6144 ------w- C:\Windows\System32\3DD2.tmp
2010-11-18 18:29:18 6144 ------w- C:\Windows\System32\8B5E.tmp
2010-11-18 18:29:10 -------- d-----w- C:\Program Files (x86)\Sophos
2010-11-18 18:14:40 -------- d-----w- C:\Users\Ben\AppData\Roaming\Malwarebytes
2010-11-18 18:14:33 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-18 18:14:32 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-18 18:14:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-18 18:14:32 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-18 17:57:20 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2010-11-18 17:57:10 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2010-11-17 20:29:35 388096 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-17 20:29:34 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-11-17 00:04:10 441856 ----a-w- C:\Windows\System32\winhttp.dll
2010-11-17 00:04:10 378368 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-11-17 00:02:04 817152 ----a-w- C:\Windows\System32\WMSPDMOD.DLL
2010-11-17 00:02:04 604672 ----a-w- C:\Windows\SysWow64\WMSPDMOD.DLL
2010-11-17 00:01:23 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
2010-11-17 00:00:46 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2010-11-17 00:00:46 737792 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2010-11-17 00:00:45 996352 ----a-w- C:\Windows\System32\inetcomm.dll
2010-11-17 00:00:45 84480 ----a-w- C:\Windows\System32\INETRES.dll
2010-11-17 00:00:13 361472 ----a-w- C:\Windows\System32\es.dll
2010-11-17 00:00:13 268800 ----a-w- C:\Windows\SysWow64\es.dll
2010-11-16 23:56:30 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2010-11-16 23:56:30 60416 ----a-w- C:\Windows\System32\rrinstaller.exe
2010-11-16 23:56:30 52736 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2010-11-16 23:56:30 3532800 ----a-w- C:\Windows\System32\mf.dll
2010-11-16 23:56:30 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2010-11-16 23:56:30 2855424 ----a-w- C:\Windows\SysWow64\mf.dll
2010-11-16 23:56:30 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2010-11-16 23:56:30 2048 ----a-w- C:\Windows\System32\mferror.dll
2010-11-16 23:56:30 194560 ----a-w- C:\Windows\System32\mfps.dll
2010-11-16 23:56:29 24576 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2010-11-16 23:52:31 150528 ----a-w- C:\Program Files\Movie Maker\MOVIEMK.exe
2010-11-16 23:52:30 336384 ----a-w- C:\Program Files\Movie Maker\WMM2AE.dll
2010-11-16 23:52:30 26624 ----a-w- C:\Program Files\Movie Maker\WMM2EXT.dll
2010-11-16 23:52:30 16354304 ----a-w- C:\Program Files\Movie Maker\MOVIEMK.dll
2010-11-16 21:48:38 27648 ----a-w- C:\Windows\System32\dnscacheugc.exe
2010-11-16 21:48:38 114176 ----a-w- C:\Windows\System32\dnsrslvr.dll
2010-11-16 21:48:37 24576 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2010-11-16 21:48:00 50176 ----a-w- C:\Windows\SysWow64\iyuv_32.dll
2010-11-16 21:48:00 22528 ----a-w- C:\Windows\SysWow64\msyuv.dll
2010-11-16 21:45:52 289792 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-11-16 21:45:51 97280 ----a-w- C:\Windows\System32\fontsub.dll
2010-11-16 21:45:51 72704 ----a-w- C:\Windows\SysWow64\fontsub.dll
2010-11-16 21:45:51 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-11-16 21:45:51 366080 ----a-w- C:\Windows\System32\atmfd.dll
2010-11-16 21:45:51 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-11-16 21:45:51 33280 ----a-w- C:\Windows\System32\lpk.dll
2010-11-16 21:45:51 24064 ----a-w- C:\Windows\SysWow64\lpk.dll
2010-11-16 21:45:51 14336 ----a-w- C:\Windows\System32\dciman32.dll
2010-11-16 21:45:51 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2010-11-16 21:45:50 188416 ----a-w- C:\Windows\System32\t2embed.dll
2010-11-16 21:45:50 156672 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-11-16 21:45:12 163512 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2010-11-16 21:44:43 1039872 ----a-w- C:\Windows\System32\qmgr.dll
2010-11-16 21:44:10 836608 ----a-w- C:\Windows\System32\localspl.dll
2010-11-16 21:44:10 696832 ----a-w- C:\Windows\SysWow64\localspl.dll
2010-11-16 21:43:29 672256 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2010-11-16 21:43:29 1260544 ----a-w- C:\Windows\System32\rpcrt4.dll
2010-11-16 21:42:47 658944 ----a-w- C:\Windows\System32\kerberos.dll
2010-11-16 21:42:47 494592 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-11-16 21:42:45 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-11-16 21:42:45 272384 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-11-16 21:41:55 29696 ----a-w- C:\Windows\System32\drivers\tunnel.sys
2010-11-16 21:41:55 25600 ----a-w- C:\Windows\System32\netiougc.exe
2010-11-16 21:41:55 232960 ----a-w- C:\Windows\System32\tcpipcfg.dll
2010-11-16 21:41:55 22016 ----a-w- C:\Windows\SysWow64\netiougc.exe
2010-11-16 21:41:55 199168 ----a-w- C:\Windows\System32\iphlpsvc.dll
2010-11-16 21:41:55 18432 ----a-w- C:\Windows\System32\drivers\TUNMP.SYS
2010-11-16 21:41:55 167424 ----a-w- C:\Windows\SysWow64\tcpipcfg.dll
2010-11-16 21:41:55 1200640 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-11-16 21:40:06 399872 ----a-w- C:\Windows\System32\WSDApi.dll
2010-11-16 21:40:06 321536 ----a-w- C:\Windows\SysWow64\WSDApi.dll
2010-11-16 21:37:59 46080 ----a-w- C:\Windows\System32\lodctr.exe
2010-11-16 21:36:40 664064 ----a-w- C:\Windows\System32\win32spl.dll
2010-11-16 21:36:40 44544 ----a-w- C:\Windows\System32\printcom.dll
2010-11-16 21:36:40 441856 ----a-w- C:\Windows\SysWow64\win32spl.dll
2010-11-16 21:36:40 37376 ----a-w- C:\Windows\SysWow64\printcom.dll
2010-11-16 21:34:57 2758656 ----a-w- C:\Windows\System32\win32k.sys
2010-11-16 21:34:21 79360 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2010-11-16 21:34:21 272896 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-11-16 21:34:21 134144 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2010-11-16 21:33:44 4424072 ----a-w- C:\Windows\System32\ntoskrnl.exe
2010-11-16 21:33:05 81408 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys
2010-11-16 21:33:05 679936 ----a-w- C:\Windows\System32\FirewallAPI.dll
2010-11-16 21:33:05 580608 ----a-w- C:\Windows\System32\MPSSVC.dll
2010-11-16 21:33:04 72192 ----a-w- C:\Windows\System32\cmifw.dll
2010-11-16 21:33:04 61952 ----a-w- C:\Windows\SysWow64\cmifw.dll
2010-11-16 21:33:04 19968 ----a-w- C:\Windows\System32\wfapigp.dll
2010-11-16 21:33:04 106496 ----a-w- C:\Windows\System32\icfupgd.dll
2010-11-16 21:33:03 392192 ----a-w- C:\Windows\SysWow64\FirewallAPI.dll
2010-11-16 21:33:03 16896 ----a-w- C:\Windows\SysWow64\wfapigp.dll
2010-11-16 21:32:00 287744 ----a-w- C:\Windows\System32\raschap.dll
2010-11-16 21:32:00 274432 ----a-w- C:\Windows\SysWow64\raschap.dll
2010-11-16 21:32:00 267264 ----a-w- C:\Windows\System32\rastls.dll
2010-11-16 21:32:00 232960 ----a-w- C:\Windows\SysWow64\rastls.dll
2010-11-16 21:31:22 25600 ----a-w- C:\Windows\SysWow64\amxread.dll
2010-11-16 21:31:22 14848 ----a-w- C:\Windows\SysWow64\apilogen.dll
2010-11-16 21:31:20 25600 ----a-w- C:\Windows\System32\amxread.dll
2010-11-16 21:31:20 15872 ----a-w- C:\Windows\System32\apilogen.dll
2010-11-16 21:30:41 379392 ----a-w- C:\Windows\System32\gdi32.dll
2010-11-16 21:30:41 303616 ----a-w- C:\Windows\SysWow64\gdi32.dll
2010-11-16 21:30:00 1808896 ----a-w- C:\Windows\System32\NlsLexicons0046.dll
2010-11-16 21:30:00 1793536 ----a-w- C:\Windows\System32\NlsLexicons0045.dll
2010-11-16 21:25:58 2048 ----a-w- C:\Windows\System32\asferror.dll
2010-11-16 21:25:58 11776 ----a-w- C:\Windows\System32\LAPRXY.DLL
2010-11-16 21:25:57 9728 ----a-w- C:\Windows\SysWow64\LAPRXY.DLL
2010-11-16 21:25:57 301056 ----a-w- C:\Windows\System32\WMASF.DLL
2010-11-16 21:25:57 223232 ----a-w- C:\Windows\SysWow64\WMASF.DLL
2010-11-16 21:25:57 2048 ----a-w- C:\Windows\SysWow64\asferror.dll
2010-11-16 21:23:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-11-16 21:23:52 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-11-16 21:23:02 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-11-16 21:23:02 118272 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-11-16 21:19:19 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2010-11-16 21:19:19 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2010-11-16 21:19:19 1902080 ----a-w- C:\Windows\System32\msxml3.dll
2010-11-16 21:19:19 1406464 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-11-16 21:19:19 1260032 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-11-16 21:19:18 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2010-11-16 21:19:18 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2010-11-16 21:19:18 1827328 ----a-w- C:\Windows\System32\msxml6.dll
2010-11-16 21:18:37 36352 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2010-11-16 21:18:37 27648 ----a-w- C:\Windows\System32\tsgqec.dll
2010-11-16 21:18:37 1871872 ----a-w- C:\Windows\SysWow64\mstscax.dll
2010-11-16 21:18:37 130048 ----a-w- C:\Windows\System32\aaclient.dll
2010-11-16 21:18:37 116736 ----a-w- C:\Windows\SysWow64\aaclient.dll
2010-11-16 21:18:36 2194432 ----a-w- C:\Windows\System32\mstscax.dll
2010-11-16 21:18:01 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2010-11-16 21:17:14 61440 ----a-w- C:\Windows\SysWow64\winipsec.dll
2010-11-16 21:17:14 49152 ----a-w- C:\Windows\System32\FwRemoteSvr.dll
2010-11-16 21:17:14 28672 ----a-w- C:\Windows\SysWow64\FwRemoteSvr.dll
2010-11-16 21:17:14 272896 ----a-w- C:\Windows\SysWow64\polstore.dll
2010-11-16 21:17:13 523264 ----a-w- C:\Windows\System32\IPSECSVC.DLL
2010-11-16 21:17:13 379904 ----a-w- C:\Windows\System32\polstore.dll
2010-11-16 21:17:13 100352 ----a-w- C:\Windows\System32\winipsec.dll
2010-11-16 21:16:13 67584 ----a-w- C:\Program Files\Windows Sidebar\sbdrop.dll
2010-11-16 21:16:13 66048 ----a-w- C:\Program Files (x86)\Windows Sidebar\sbdrop.dll
2010-11-16 21:16:13 1554432 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe
2010-11-16 21:16:13 13312 ----a-w- C:\Windows\System32\sbunattend.exe
2010-11-16 21:16:12 1232896 ----a-w- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
2010-11-16 21:16:12 11776 ----a-w- C:\Windows\SysWow64\sbunattend.exe
2010-11-16 21:15:11 604160 ----a-w- C:\Windows\System32\drivers\http.sys
2010-11-16 21:15:11 33792 ----a-w- C:\Windows\System32\httpapi.dll
2010-11-16 21:15:11 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2010-11-16 21:15:11 31232 ----a-w- C:\Windows\SysWow64\httpapi.dll
2010-11-16 21:15:11 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2010-11-16 21:11:20 3087360 ----a-w- C:\Windows\explorer.exe
2010-11-16 21:11:20 2923520 ----a-w- C:\Windows\SysWow64\explorer.exe
2010-11-16 21:09:31 88576 ----a-w- C:\Windows\System32\atl.dll
2010-11-16 21:09:31 71680 ----a-w- C:\Windows\SysWow64\atl.dll
2010-11-16 21:08:58 562176 ----a-w- C:\Windows\System32\wmpeffects.dll
2010-11-16 21:08:58 303616 ----a-w- C:\Windows\SysWow64\wmpeffects.dll
2010-11-16 21:06:59 162304 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-11-16 21:05:59 996352 ----a-w- C:\Windows\SysWow64\WMNetMgr.dll
2010-11-16 21:05:59 94720 ----a-w- C:\Windows\SysWow64\logagent.exe
2010-11-16 21:05:59 1245184 ----a-w- C:\Windows\System32\WMNetMgr.dll
2010-11-16 21:05:59 112640 ----a-w- C:\Windows\System32\logagent.exe
2010-11-16 21:05:31 125952 ----a-w- C:\Windows\System32\DWWIN.EXE
2010-11-16 21:05:31 104448 ----a-w- C:\Windows\SysWow64\DWWIN.EXE
2010-11-16 21:05:11 17408 ----a-w- C:\Windows\System32\wshrm.dll
2010-11-16 21:05:11 14848 ----a-w- C:\Windows\SysWow64\wshrm.dll
2010-11-16 21:05:11 140288 ----a-w- C:\Windows\System32\drivers\rmcast.sys
2010-11-16 21:04:47 84480 ----a-w- C:\Windows\System32\msasn1.dll
2010-11-16 21:04:47 60928 ----a-w- C:\Windows\SysWow64\msasn1.dll
2010-11-16 21:03:51 199680 ----a-w- C:\Windows\System32\wkssvc.dll
2010-11-16 21:03:15 97792 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-11-16 21:03:15 104448 ----a-w- C:\Windows\System32\cabview.dll
2010-11-16 21:02:51 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-11-16 21:02:51 171520 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-11-16 21:02:07 75264 ----a-w- C:\Windows\System32\imagehlp.dll
2010-11-16 21:02:07 5632 ----a-w- C:\Windows\System32\wmi.dll
2010-11-16 21:02:07 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2010-11-16 21:02:07 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2010-11-16 21:02:07 152576 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2010-11-16 21:01:44 500736 ----a-w- C:\Windows\SysWow64\msdtcprx.dll
2010-11-16 21:01:44 30208 ----a-w- C:\Windows\SysWow64\xolehlp.dll
2010-11-16 21:01:43 679936 ----a-w- C:\Windows\System32\msdtcprx.dll
2010-11-16 21:01:43 38400 ----a-w- C:\Windows\System32\xolehlp.dll
2010-11-16 21:01:18 72192 ----a-w- C:\Windows\System32\l3codeca.acm
2010-11-16 21:01:18 62464 ----a-w- C:\Windows\SysWow64\l3codeca.acm
2010-11-16 21:01:18 220672 ----a-w- C:\Windows\SysWow64\l3codecp.acm
2010-11-16 21:01:18 181760 ----a-w- C:\Windows\System32\l3codecp.acm
2010-11-16 20:59:14 585728 ----a-w- C:\Program Files\Common Files\System\msadc\msadce.dll
2010-11-16 20:59:14 454656 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadce.dll
2010-11-16 20:57:12 810496 ----a-w- C:\Windows\System32\user32.dll
2010-11-16 20:57:08 646656 ----a-w- C:\Windows\SysWow64\user32.dll
2010-11-16 18:39:18 2621440 ----a-w- C:\Windows\System32\wucltux.dll
2010-11-16 18:32:36 98816 ----a-w- C:\Windows\System32\wudriver.dll
2010-11-16 18:32:36 87552 ----a-w- C:\Windows\SysWow64\wudriver.dll
2010-11-16 18:32:02 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2010-11-16 18:32:02 185416 ----a-w- C:\Windows\System32\wuwebv.dll
2010-11-16 18:32:02 171608 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2010-11-16 18:32:01 36864 ----a-w- C:\Windows\System32\wuapp.exe
2010-11-15 18:17:06 -------- d-----w- C:\Program Files (x86)\EVGA Precision
2010-11-14 14:35:27 -------- d-----w- C:\PROGRA~3\BioWare
2010-11-14 14:34:56 -------- d-----w- C:\Users\Ben\AppData\Roaming\NVIDIA
2010-11-13 13:36:47 411656 ----a-w- C:\Windows\System32\xactengine2_10.dll
2010-11-13 13:19:49 29288 ----a-w- C:\Windows\System32\nvhdap64.dll

==================== Find3M ====================

2010-11-17 00:03:36 87040 ----a-w- C:\Windows\SysWow64\msoert2.dll
2010-11-17 00:03:36 39424 ----a-w- C:\Windows\SysWow64\ACCTRES.dll
2010-11-17 00:03:36 39424 ----a-w- C:\Windows\System32\ACCTRES.dll
2010-11-17 00:03:36 245760 ----a-w- C:\Windows\System32\msoeacct.dll
2010-11-17 00:03:36 205824 ----a-w- C:\Windows\SysWow64\msoeacct.dll
2010-11-17 00:03:36 118784 ----a-w- C:\Windows\System32\msoert2.dll
2010-11-16 23:59:15 89088 ----a-w- C:\Windows\System32\admparse.dll
2010-11-16 23:59:15 72704 ----a-w- C:\Windows\SysWow64\admparse.dll
2010-11-16 23:59:13 32768 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-16 23:59:13 26624 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-16 23:59:11 832512 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-16 23:59:11 52736 ----a-w- C:\Windows\apppatch\iebrshim.dll
2010-11-16 23:59:11 145408 ----a-w- C:\Windows\apppatch\AppPatch64\iebrshim.dll
2010-11-16 23:59:10 1042432 ----a-w- C:\Windows\System32\wininet.dll
2010-11-16 23:58:36 86528 ----a-w- C:\Windows\System32\ieencode.dll
2010-11-16 23:58:36 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2010-11-16 23:58:36 485376 ----a-w- C:\Windows\System32\html.iec
2010-11-16 23:58:36 48128 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2010-11-16 23:58:36 48128 ----a-w- C:\Windows\System32\mshtmler.dll
2010-11-16 23:58:36 389120 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-16 23:58:35 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-16 23:58:34 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-16 23:58:31 1830912 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-16 23:58:30 2076672 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-16 23:58:26 69120 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-16 23:58:26 56320 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-16 23:13:41 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-11-16 21:38:47 1937408 ----a-w- C:\Windows\System32\setupapi.dll
2010-11-16 21:37:59 39424 ----a-w- C:\Windows\SysWow64\lodctr.exe
2010-11-16 21:31:22 40960 ----a-w- C:\Windows\apppatch\apihex86.dll
2010-11-16 21:31:20 55296 ----a-w- C:\Windows\apppatch\AppPatch64\apihex64.dll
2010-11-16 21:30:00 1411072 ----a-w- C:\Windows\System32\NlsLexicons0047.dll
2010-11-16 21:12:58 724992 ----a-w- C:\Windows\System32\rpcss.dll
2010-11-16 21:10:36 616448 ----a-w- C:\Windows\System32\vbscript.dll
2010-11-16 21:10:36 434176 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-11-16 21:10:01 9728 ----a-w- C:\Windows\System32\lsass.exe
2010-11-16 21:10:01 95232 ----a-w- C:\Windows\System32\secur32.dll
2010-11-16 21:10:01 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2010-11-16 21:10:01 479816 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2010-11-16 21:10:01 270336 ----a-w- C:\Windows\System32\msv1_0.dll
2010-11-16 21:10:01 216576 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-11-16 21:10:01 205824 ----a-w- C:\Windows\System32\wdigest.dll
2010-11-16 21:10:01 175104 ----a-w- C:\Windows\SysWow64\wdigest.dll
2010-11-16 21:10:01 1664000 ----a-w- C:\Windows\System32\lsasrv.dll
2010-11-16 21:00:55 30208 ----a-w- C:\Windows\System32\netcfg.exe
2010-11-16 20:56:57 211456 ----a-w- C:\Windows\System32\WebClnt.dll
2010-11-14 14:01:22 525792 ----a-w- C:\Windows\DIFxAPI.dll
2010-10-19 10:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 13:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
2010-10-16 13:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-10-16 13:13:34 61032 ----a-w- C:\Windows\System32\nvshext.dll
2010-10-16 13:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
2010-10-16 13:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
2010-10-02 08:16:12 96760 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-10-02 08:16:12 112120 ----a-w- C:\Windows\System32\dfshim.dll
2010-10-02 08:16:11 41984 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-10-02 08:16:11 406528 ----a-w- C:\Windows\System32\mscoree.dll
2010-10-02 08:16:11 282112 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-10-02 08:16:11 13824 ----a-w- C:\Windows\System32\netfxperf.dll
2010-10-02 08:16:10 83968 ----a-w- C:\Windows\SysWow64\mscories.dll
2010-10-02 08:16:10 76288 ----a-w- C:\Windows\System32\mscories.dll
2010-10-02 08:16:10 158720 ----a-w- C:\Windows\SysWow64\mscorier.dll
2010-10-02 08:16:10 158208 ----a-w- C:\Windows\System32\mscorier.dll
2010-09-07 20:08:55 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2010-09-07 20:08:54 1308776 ----a-w- C:\Windows\System32\nvgenco64.dll
2010-09-06 17:34:57 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-05 17:43:16 71259 ----a-w- C:\Windows\Huawei ModemsUninstall.exe
2010-09-03 17:18:32 396288 ----a-w- C:\Windows\System32\RCoRes64.dat
2010-08-31 15:28:46 1251944 ----a-w- C:\Windows\RtlExUpd.dll

============= FINISH: 19:04:32.04 ===============

Edited by boopme, 18 November 2010 - 04:04 PM.
Moved from Vista ~BP


BC AdBot (Login to Remove)

 


#2 Smauler

Smauler
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 20 November 2010 - 11:12 AM

I think I was wrong about the rootkit infection. I now believe that I was having a hard drive heating issue. Because I run my 2 SATA drives in a RAID stripe, there's no software out there (that I can find) that will report temperatures. Recently, my front fan died... I thought they might be getting a little hot, but didn't really follow it up. I've now replaced the side of my case, and seperated the two hard disks (previously they were mounted on top of each other), and my system seems to be running relatively stable.

I guess the reason why Windows update caused problems, while nothing else did, is the fact it thrashes the hard drives more and longer than just about everything else I do. Gaming (generally) is not that HD heavy, and browsing obviously isn't. I don't do video or photo editing, or anything that hits the HD hard, and as I said in my previos post, have turned prefetch and anything that I can find that hits the HD off. I think the reason why my direct download of SP1 was problematic was because I always tried it after windows update, when the hard drives were already running hot. My internet connection is pretty flakey, anyway.

Anyway, crossing fingers, everything seems to be working ok now. That is, except for the front fan. I'm going to have to rewire that (I don't think the fan itself died, because a seperate LED went at the same time). I think a connection I can't get at has died - I unplugged and plugged in the fan connection to no effect. I've got 2 8cm fans at the back pulling air through at the moment, though some of that is coming in through the side.

I've never had a HD heat issue before, which is perhaps why I didn't notice any of the symptoms. The major thing I missed was when there should have been high HD activity, there was very sporadic on/off HD activity, and when it was off, the entire system became unresponsive. I'm guessing the drives have automatic cut offs to prevent damage (for which I'm grateful).

I'm only posting this in case anyone else has a similar problem... it's almost automatic to assume that you've got malware when windows update is the only thing that doesn't work. Perhaps this might help someone.

Well, I'm crossing my fingers that this was the problem, anyway :P.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 22 November 2010 - 01:32 AM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users