Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected ROOTKIT, worm, unauth VM, localhost???


  • Please log in to reply
3 replies to this topic

#1 nerdkittin

nerdkittin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 29 December 2010 - 04:24 PM

please help... i cannot alter registry or save hive files. i cannot format HDD completely, I think I am in "winjail" when I run linux I am not the root user. Everything i do is remotely logged at c:/user/appdata/local/roaming.... my network is perm set at localhost 127.0.0.1 these are just some of the effects. Running win vista emulation but have windows 7 ultimate installed, my win updates is not correct either.
I really need help!!!!


DDS (Ver_10-12-12.02) - NTFSx86
Run by kittin at 15:05:57.56 on Wed 12/29/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1783.1180 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\kittin\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\kittin\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [Secure Browser (Firefox with plugins) - Adobe Reader Speed Launcher] "c:\windows\system32\avilaunch.exe" "c:\program files\dell kace\secure browser (firefox)\secure browser (firefox with plugins)\firefox\files\c\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Secure Browser (Firefox with plugins) - Adobe ARM] "c:\windows\system32\avilaunch.exe" "c:\program files\dell kace\secure browser (firefox)\secure browser (firefox with plugins)\firefox\files\c\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\common~1\kace\kontai~1\AviLdr.DLL
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
Hosts: 74.208.10.249 gs.apple.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\kittin\appdata\roaming\mozilla\firefox\profiles\ba7v0jzm.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

============= SERVICES / DRIVERS ===============

R1 1UnHooker;1UnHooker;c:\windows\system32\drivers\1UnHooker.sys [2010-3-2 22016]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-12-28 98392]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2010-11-19 151432]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-26 125696]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-10-30 209920]
R3 KeyScramblerDrv;KeyScramblerDrv;c:\windows\system32\drivers\keyscrambler.sys [2010-12-21 114952]
S2 OssecSvc;OSSEC Hids;c:\program files\ossec-agent\ossec-agent.exe [2010-10-12 520883]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-10-16 274984]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-12-21 182304]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-26 1343400]
S3 wxpSvc;webcamXP Service;c:\program files\wlite\wService.exe [2010-4-28 5023232]

=============== Created Last 30 ================

2010-12-29 18:46:42 -------- d-----w- C:\MinGW
2010-12-28 08:13:06 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-28 08:13:06 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-12-28 08:13:00 -------- d-----w- C:\VIPRERESCUE
2010-12-28 07:55:23 -------- d-----w- c:\users\kittin\appdata\local\{A9984D09-3786-4E16-BA2B-BD8AE89B49F7}
2010-12-28 07:55:23 -------- d-----w- c:\users\kittin\appdata\local\{37428B7F-DDEC-4EC9-BC49-7FA9CBDEE2A3}
2010-12-28 07:44:12 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{60e58578-673f-4bd4-b965-fbf1fcd9cf45}\mpengine.dll
2010-12-26 09:26:58 -------- d-----w- c:\windows\system32\Wat
2010-12-24 08:19:50 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-24 08:10:25 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-24 08:09:19 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-24 08:09:19 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-24 08:09:19 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-24 08:09:19 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-24 08:09:19 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-24 08:06:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-24 08:01:53 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-24 08:01:53 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-24 05:26:40 -------- d-----w- c:\users\kittin\appdata\local\MediaMonkey
2010-12-24 05:26:39 -------- d-----w- c:\program files\MediaMonkey
2010-12-24 02:03:32 -------- d-----w- c:\program files\ossec-agent
2010-12-23 21:58:33 -------- d-----w- c:\users\kittin\appdata\local\{569D0C19-CA5A-4348-9B46-D61C84514E37}
2010-12-23 19:25:40 -------- d-----w- c:\users\kittin\appdata\roaming\BitZilla
2010-12-23 12:37:57 -------- d-----w- c:\program files\KACE
2010-12-23 12:37:21 -------- d-----w- c:\progra~2\KACE
2010-12-23 12:37:19 -------- d-----w- c:\program files\Dell KACE
2010-12-23 12:37:19 -------- d-----w- c:\program files\common files\KACE
2010-12-23 09:51:33 -------- d-----w- c:\program files\JDownloader
2010-12-23 09:49:48 -------- d-----w- c:\program files\common files\SolarWinds
2010-12-23 09:49:47 -------- d-----w- c:\program files\SolarWinds
2010-12-23 09:49:47 -------- d-----w- c:\progra~2\SolarWinds
2010-12-23 09:47:13 -------- d-----w- c:\program files\VideoLAN
2010-12-23 08:21:46 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-23 08:21:46 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-12-23 08:21:45 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-23 08:21:35 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-12-23 08:21:34 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-23 08:21:10 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-12-23 08:21:10 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-12-23 08:21:07 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-12-23 08:21:07 2614272 ----a-w- c:\windows\explorer.exe
2010-12-23 08:21:07 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-12-23 08:21:06 516096 ----a-w- c:\program files\windows mail\wab.exe
2010-12-23 08:21:03 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-23 08:19:59 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-12-23 08:19:59 507568 ----a-w- c:\windows\system32\winload.exe
2010-12-23 08:19:59 442920 ----a-w- c:\windows\system32\winresume.exe
2010-12-23 08:19:59 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-12-23 08:19:22 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-12-23 08:19:20 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-12-23 08:19:12 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-12-23 08:19:12 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-12-23 08:18:13 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-12-23 08:18:13 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-23 08:18:04 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-12-23 08:16:59 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-12-23 08:16:58 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-23 08:16:50 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-12-23 08:16:50 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-12-23 08:16:50 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-12-23 08:14:01 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 05:59:26 -------- d-----w- c:\windows\system32\appmgmt
2010-12-23 05:54:11 -------- d-----w- c:\users\kittin\appdata\local\Apple Computer
2010-12-23 05:53:51 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-23 05:53:51 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-23 05:53:01 -------- d-----w- c:\program files\iPod
2010-12-23 05:53:00 -------- d-----w- c:\program files\iTunes
2010-12-23 05:53:00 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-23 05:51:47 -------- d-----w- c:\users\kittin\appdata\local\Apple
2010-12-23 05:51:07 -------- d-----w- c:\program files\Bonjour
2010-12-23 05:48:23 -------- d-----w- c:\users\kittin\.shsh
2010-12-23 01:27:25 -------- d-----w- C:\TEMP
2010-12-23 00:51:32 -------- d-----w- c:\program files\Ask.com
2010-12-23 00:49:57 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-12-23 00:49:57 544768 ----a-w- c:\windows\system32\wbocx.ocx
2010-12-23 00:49:57 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-12-23 00:49:57 33968 ----a-w- c:\windows\system32\anim.dll
2010-12-23 00:49:57 258352 ----a-w- c:\windows\system32\unicows.dll
2010-12-23 00:49:57 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-12-23 00:49:49 -------- d-----w- c:\program files\WinUtilities
2010-12-22 11:31:07 -------- d-----w- c:\users\kittin\appdata\local\FrameShots
2010-12-22 11:28:42 -------- d-----w- c:\program files\FrameShots3
2010-12-22 08:52:41 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-12-22 08:52:40 132608 ----a-w- c:\windows\system32\cabview.dll
2010-12-22 08:50:48 -------- d-----w- c:\users\kittin\appdata\local\Scansoft
2010-12-22 08:28:46 -------- d-----w- c:\users\kittin\appdata\roaming\JAM Software
2010-12-22 08:28:44 -------- d-----w- c:\program files\JAM Software
2010-12-22 08:15:28 -------- d-----w- c:\users\kittin\appdata\roaming\Nuance
2010-12-22 08:10:24 -------- d-----w- c:\program files\common files\ScanSoft Shared
2010-12-22 08:10:24 -------- d-----w- c:\program files\common files\Nuance
2010-12-22 08:10:02 -------- d-----w- c:\program files\Nuance
2010-12-22 08:10:02 -------- d-----w- c:\progra~2\Nuance
2010-12-22 07:55:44 -------- d-----w- c:\progra~2\Comodo
2010-12-22 07:55:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-22 07:55:42 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-12-22 07:55:42 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-12-22 07:55:42 -------- d-----w- c:\program files\COMODO
2010-12-22 07:29:15 -------- d-----w- c:\program files\Intelore
2010-12-22 05:27:32 -------- d-----w- c:\program files\Motorola
2010-12-22 05:25:51 -------- d-----w- c:\windows\system32\sda
2010-12-22 05:10:46 -------- d-----w- c:\program files\common files\Motorola Shared
2010-12-22 03:39:36 -------- d-----w- c:\users\kittin\appdata\local\{8988047F-5655-4CD9-BDA8-F789EB08B4C2}
2010-12-22 03:39:24 -------- d-----w- c:\users\kittin\appdata\roaming\Windows Live Writer
2010-12-22 03:39:24 -------- d-----w- c:\users\kittin\appdata\local\Windows Live Writer
2010-12-22 02:53:18 -------- d-----w- c:\program files\RAR Password Cracker
2010-12-22 02:44:16 -------- d-----w- c:\users\kittin\appdata\local\ElevatedDiagnostics
2010-12-22 02:33:43 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-12-22 02:33:41 -------- d-----w- c:\program files\KeyScrambler
2010-12-22 01:40:59 -------- d-----w- c:\windows\en
2010-12-22 01:30:45 -------- d-----w- c:\windows\PCHEALTH
2010-12-22 01:29:31 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-22 01:29:31 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-22 01:29:31 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-22 01:29:11 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-22 01:27:59 94040 ----a-w- c:\program files\common files\windows live\.cache\775ef4661cba1770f\DSETUP.dll
2010-12-22 01:27:59 525656 ----a-w- c:\program files\common files\windows live\.cache\775ef4661cba1770f\DXSETUP.exe
2010-12-22 01:27:59 1691480 ----a-w- c:\program files\common files\windows live\.cache\775ef4661cba1770f\dsetup32.dll
2010-12-22 01:27:52 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-12-22 01:27:52 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-12-22 01:27:49 94040 ----a-w- c:\program files\common files\windows live\.cache\701835301cba1770e\DSETUP.dll
2010-12-22 01:27:49 525656 ----a-w- c:\program files\common files\windows live\.cache\701835301cba1770e\DXSETUP.exe
2010-12-22 01:27:49 1691480 ----a-w- c:\program files\common files\windows live\.cache\701835301cba1770e\dsetup32.dll
2010-12-22 01:27:06 6260088 ----a-w- c:\program files\common files\windows live\.cache\568f1f081cba1770d\Silverlight.4.0.exe
2010-12-22 01:27:06 3181568 ----a-w- c:\windows\system32\mf.dll
2010-12-22 01:27:06 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-12-22 01:27:06 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-12-22 01:23:36 -------- d-----w- c:\users\kittin\appdata\local\Windows Live
2010-12-22 01:23:34 -------- d-----w- c:\program files\common files\Windows Live
2010-12-22 01:02:34 -------- d-----w- c:\progra~2\webcamXP 5
2010-12-22 00:27:26 -------- d-----w- c:\users\kittin\appdata\roaming\Azureus
2010-12-22 00:27:12 -------- d-----w- c:\program files\Vuze
2010-12-21 23:31:40 -------- d-----w- c:\windows\Downloaded Installations
2010-12-21 23:27:47 -------- d-----w- c:\users\kittin\appdata\local\Adobe
2010-12-21 23:25:06 -------- d-----w- c:\program files\Nmap
2010-12-21 23:21:21 -------- d-----w- c:\users\kittin\appdata\local\Diagnostics
2010-12-21 22:55:46 -------- d-----w- c:\program files\wLite
2010-12-21 22:32:11 -------- d-----w- c:\program files\Tizer™ Rootkit Razor
2010-12-21 22:25:44 -------- d-----w- c:\windows\Panther
2010-12-21 21:52:15 -------- d-----w- c:\users\kittin\appdata\local\Mozilla
2010-12-21 21:32:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-21 21:28:57 -------- d-----w- c:\program files\SIW
2010-12-21 21:25:02 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-12-21 21:25:02 -------- d-----w- c:\windows\system32\Lang
2010-12-21 21:22:33 -------- d-----w- c:\program files\WinPcap
2010-12-21 21:22:23 -------- d-----w- c:\program files\Wireshark
2010-12-21 21:20:27 -------- d-----w- c:\users\kittin\appdata\local\Opera
2010-12-21 21:03:18 7367200 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2010-12-21 21:02:48 313888 ----a-w- c:\windows\system32\RtsUStor.dll
2010-12-21 21:02:48 182304 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2010-12-21 21:02:48 -------- d-----w- c:\program files\Realtek
2010-12-21 21:00:52 -------- d-----w- c:\program files\common files\Intel
2010-12-21 21:00:04 -------- d-----w- C:\Intel
2010-12-21 20:28:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-21 20:17:47 -------- d-sh--w- c:\windows\Installer
2010-12-21 20:16:59 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-12-21 20:16:58 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-12-21 20:16:58 3862528 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-12-21 20:16:58 3551232 ----a-w- c:\windows\system32\bcmihvui.dll
2010-12-21 20:16:58 2661368 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-12-21 20:16:58 -------- d-----w- c:\program files\Broadcom
2010-12-21 19:38:31 -------- d-----w- c:\windows\system32\wbem\Performance

==================== Find3M ====================

2010-12-22 11:24:02 81920 ----a-w- c:\users\kittin\appdata\roaming\ezpinst.exe
2010-12-22 11:24:02 47360 ----a-w- c:\users\kittin\appdata\roaming\pcouffin.sys
2010-11-10 07:54:18 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-10 07:28:46 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

============= FINISH: 15:06:35.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 AM

Posted 29 December 2010 - 05:22 PM

There is no Windows infection that would affect what you do in linux if you are dual-booting.

What do you mean everything you do is saved at c:/user/appdata/local/roaming?

What do you mean you are running win vista emulation?

#3 nerdkittin

nerdkittin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 29 December 2010 - 05:47 PM

hi there,

i am not dual booting, i am running live cd (slax, zorin, knopppix). i was going to format and then install a linux OS when my win OS was giving me problems but then i realized that I wasn't the root user in that either so it was pointless, when reading dmesg it looks like a diff kernel is booting w/weird daemons

c:/users/kittin/appdata/roaming
" " /local

I cannot do a complete format either, I tried Boot n Nuke and it finishes quickly and says it is done, when I used DiskKill it shows hidden folders $extend, mediaID.bin, sys vol info, $recyclebin etc. It never is completely erased.

I am running Win 7 technically but when I ran comodo firewall/security it showed that i am running RTM_6.1.7600.16385 (vista) but my update is 7.0.... (uninstalled it after I realized it was disabled).
please excuse my noobie lang, I have had a drop course in linux, win and everything in between trying to figure this out in the last couple months. thanks again.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 AM

Posted 30 December 2010 - 12:08 PM

No windows infection will affect a live cd of linux. I can't answer as to what is going on there. If you boot knoppix, it should be knoppix.

These folders are under your userprofile:

c:/users/kittin/appdata/roaming

It is perfectly normal for Windows, and programs you run in it, to store information there.

When you format a Windows hard drive there are certain folders that will automatically be created when finished. These include the ones listed above. The mediaID.bin file is associated with using windows backup.

If you right-click on computer and select properties and it says Windows 7, then you can be comfortable that you are running Windows 7. My guess is this is a false positive in Comodo.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users