Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.zero access


  • Please log in to reply
1 reply to this topic

#1 edelawit

edelawit

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 13 June 2011 - 07:41 AM

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by user at 12:39:48 on 2011-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.804 [GMT 3:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Enabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\oracle\bin\omtsreco.exe
D:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
D:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Everything\Everything.exe
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
D:\Program Files\Concepts Data Systems\Power Ge'ez 2005\pg2005.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE
D:\WINDOWS\system32\usmt\migwiz.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = svhqisa02:8080
uInternet Settings,ProxyOverride = <local>
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - d:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - d:\progra~1\bitdef~1\bitdef~1\IEToolbar.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [Everything] "d:\program files\everything\Everything.exe" -startup
mRun: [googletalk] d:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BitDefender Antiphishing Helper] "d:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "d:\program files\bitdefender\bitdefender 2011\bdagent.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft firewall client 2004\FwcMgmt.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\powerg~1.lnk - d:\program files\concepts data systems\power ge'ez 2005\pg2005.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: ForceActiveDesktopOn = 1 (0x1)
uPolicies-system: HideLegacyLogonScripts = 1 (0x1)
uPolicies-system: Wallpaper = \\svhqads02\wall paper\First_to-_Fly234.jpg
uPolicies-system: WallpaperStyle = 2
uPolicies-system: NoSizeChoice = 1 (0x1)
uPolicies-system: SetVisualStyle = %windir%\Resources\Themes\Luna\luna.msstyles
mPolicies-system: dontdisplaylockeduserid = 1 (0x1)
mPolicies-system: MaxGPOScriptWait = 5 (0x5)
IE: E&xport to Microsoft Excel - d:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: d:\program files\microsoft firewall client 2004\FwcWsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\mi1933~1\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\metasebyae.et\application data\mozilla\firefox\profiles\qjjqegmv.default\
FF - prefs.js: network.proxy.ftp - svhqisa02
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - svhqisa02
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - svhqisa02
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - svhqisa02
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: d:\documents and settings\metasebyae.et\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BdRawPr;BdRawPr;d:\windows\system32\drivers\bdrawpr.sys [2011-5-27 12960]
R1 Bdvedisk;BDVEDISK;d:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R2 FwcAgent;Firewall Client Agent;d:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]
R2 Updatesrv;BitDefender Desktop Update Service;d:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2010-8-10 43936]
R3 BDFM;BDFM;d:\windows\system32\drivers\bdfm.sys [2010-4-22 149520]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;d:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2010-6-18 111696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MSOLAP$MSSQL2008;SQL Server Analysis Services (MSSQL2008);d:\program files\microsoft sql server\msas10.mssql2008\olap\bin\msmdsrv.exe [2008-7-10 21945368]
S2 MSSQL$MSSQL2008;SQL Server (MSSQL2008);d:\program files\microsoft sql server\mssql10.mssql2008\mssql\binn\sqlservr.exe [2008-7-10 40999448]
S2 ReportServer$MSSQL2008;SQL Server Reporting Services (MSSQL2008);d:\program files\microsoft sql server\msrs10.mssql2008\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
S3 MsDtsServer100;SQL Server Integration Services 10.0;d:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
S3 OracleClientCache80;OracleClientCache80;d:\orant\bin\ONRSD80.EXE [2009-5-19 129536]
S3 OracleOracle_HomeClientCache;OracleOracle_HomeClientCache;d:\oracle\bin\ONRSD.EXE [2002-4-26 242328]
S3 SQLAgent$MSSQL2008;SQL Server Agent (MSSQL2008);d:\program files\microsoft sql server\mssql10.mssql2008\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
S3 Update Server;BitDefender Update Server v2;d:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-7-23 307544]
S3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S4 avc3;avc3;d:\windows\system32\drivers\avc3.sys [2010-6-28 633424]
S4 avckf;avckf;d:\windows\system32\drivers\avckf.sys [2010-6-28 970320]
S4 MSSQLFDLauncher$MSSQL2008;SQL Full-text Filter Daemon Launcher (MSSQL2008);d:\program files\microsoft sql server\mssql10.mssql2008\mssql\binn\fdlauncher.exe [2008-7-10 31256]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;d:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0102;RsFx0102 Driver;d:\windows\system32\drivers\RsFx0102.sys [2009-3-30 239464]
S4 RsFx0103;RsFx0103 Driver;d:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);d:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-06-13 09:14:02 -------- d-----w- d:\program files\Runtime Software
2011-06-13 08:31:41 -------- d-s---w- D:\ComboFix
2011-06-11 11:23:41 -------- d-----w- d:\program files\common files\Macromedia
2011-06-11 11:23:40 -------- d-----w- d:\program files\Macromedia
2011-06-11 11:23:21 266240 ------w- d:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
2011-06-11 11:23:21 180224 ------w- d:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
2011-06-11 11:23:20 409600 ------w- d:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
2011-06-11 11:23:20 32768 ------w- d:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
2011-06-11 11:23:19 172032 ------w- d:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
2011-06-11 11:23:16 761856 ------w- d:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
2011-06-11 11:23:15 540772 ------w- d:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
2011-06-10 12:30:55 0 ----a-w- d:\documents and settings\metasebyae.et\application data\oembios.exe
2011-06-09 08:42:25 98816 ----a-w- d:\windows\sed.exe
2011-06-09 08:42:25 518144 ----a-w- d:\windows\SWREG.exe
2011-06-09 08:42:25 256512 ----a-w- d:\windows\PEV.exe
2011-06-09 08:42:25 208896 ----a-w- d:\windows\MBR.exe
2011-06-01 09:02:37 -------- d-----w- d:\program files\Windows Media Connect 2
2011-06-01 08:46:03 -------- d-sh--w- d:\documents and settings\metasebyae.et\PrivacIE
2011-06-01 08:45:59 -------- d-----w- d:\documents and settings\metasebyae.et\local settings\application data\AskToolbar
2011-06-01 08:44:17 -------- d-----w- d:\program files\Ask.com
2011-06-01 07:22:56 -------- d-----w- d:\windows\ie8updates
2011-06-01 07:13:00 602112 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2011-06-01 07:13:00 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2011-06-01 07:12:55 247808 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2011-06-01 07:12:55 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2011-06-01 07:12:49 743424 -c----w- d:\windows\system32\dllcache\iedvtool.dll
2011-06-01 07:12:44 1991680 -c----w- d:\windows\system32\dllcache\iertutil.dll
2011-06-01 07:12:18 11080704 -c----w- d:\windows\system32\dllcache\ieframe.dll
2011-06-01 05:12:20 -------- d-sh--w- d:\documents and settings\metasebyae.et\IECompatCache
2011-06-01 05:09:00 -------- d-sh--w- d:\documents and settings\metasebyae.et\IETldCache
2011-06-01 05:02:35 -------- dc-h--w- d:\windows\ie8
2011-05-31 15:45:38 617472 -c----w- d:\windows\system32\dllcache\comctl32.dll
2011-05-31 15:42:46 471552 -c----w- d:\windows\system32\dllcache\aclayers.dll
2011-05-31 15:32:10 744448 -c----w- d:\windows\system32\dllcache\helpsvc.exe
2011-05-31 15:24:43 40960 -c----w- d:\windows\system32\dllcache\ndproxy.sys
2011-05-31 15:09:03 473600 -c----w- d:\windows\system32\dllcache\fastprox.dll
2011-05-31 15:09:03 401408 -c----w- d:\windows\system32\dllcache\rpcss.dll
2011-05-31 15:09:03 284160 -c----w- d:\windows\system32\dllcache\pdh.dll
2011-05-31 15:09:03 110592 -c----w- d:\windows\system32\dllcache\services.exe
2011-05-31 15:09:02 617472 -c----w- d:\windows\system32\dllcache\advapi32.dll
2011-05-31 15:09:02 453120 -c----w- d:\windows\system32\dllcache\wmiprvsd.dll
2011-05-31 15:09:02 227840 -c----w- d:\windows\system32\dllcache\wmiprvse.exe
2011-05-31 15:07:23 153088 -c----w- d:\windows\system32\dllcache\triedit.dll
2011-05-31 15:01:14 1172480 -c----w- d:\windows\system32\dllcache\msxml3.dll
2011-05-31 14:46:00 916480 -c--a-w- d:\windows\system32\dllcache\wininet.dll
2011-05-31 14:46:00 66560 -c--a-w- d:\windows\system32\dllcache\mshtmled.dll
2011-05-31 14:46:00 611840 -c--a-w- d:\windows\system32\dllcache\mstime.dll
2011-05-31 14:46:00 184320 -c--a-w- d:\windows\system32\dllcache\iepeers.dll
2011-05-31 14:46:00 1210880 -c--a-w- d:\windows\system32\dllcache\urlmon.dll
2011-05-31 14:45:59 5962240 -c--a-w- d:\windows\system32\dllcache\mshtml.dll
2011-05-31 14:45:59 1510400 -c----w- d:\windows\system32\dllcache\shdocvw.dll
2011-05-31 14:45:59 1025024 -c----w- d:\windows\system32\dllcache\browseui.dll
2011-05-31 14:36:46 357888 -c----w- d:\windows\system32\dllcache\srv.sys
2011-05-31 14:34:53 270336 -c----w- d:\windows\system32\dllcache\oakley.dll
2011-05-31 14:33:03 455936 -c----w- d:\windows\system32\dllcache\mrxsmb.sys
2011-05-31 14:30:11 8462336 -c----w- d:\windows\system32\dllcache\shell32.dll
2011-05-31 14:30:11 135168 -c----w- d:\windows\system32\dllcache\shsvcs.dll
2011-05-31 14:26:58 978944 -c----w- d:\windows\system32\dllcache\mfc42.dll
2011-05-31 14:19:28 65536 -c----w- d:\windows\system32\dllcache\asycfilt.dll
2011-05-31 14:18:31 343040 -c----w- d:\windows\system32\dllcache\mspaint.exe
2011-05-31 14:17:30 3558912 -c----w- d:\windows\system32\dllcache\moviemk.exe
2011-05-31 14:14:34 1291776 -c----w- d:\windows\system32\dllcache\quartz.dll
2011-05-31 14:06:04 286720 -c----w- d:\windows\system32\dllcache\gdi32.dll
2011-05-31 14:03:58 718336 -c----w- d:\windows\system32\dllcache\ntdll.dll
2011-05-31 14:03:57 2192768 -c----w- d:\windows\system32\dllcache\ntoskrnl.exe
2011-05-31 14:03:57 2148864 -c----w- d:\windows\system32\dllcache\ntkrnlmp.exe
2011-05-31 14:03:57 2069376 -c----w- d:\windows\system32\dllcache\ntkrnlpa.exe
2011-05-31 14:03:57 2027008 -c----w- d:\windows\system32\dllcache\ntkrpamp.exe
2011-05-31 14:03:10 590848 -c----w- d:\windows\system32\dllcache\rpcrt4.dll
2011-05-31 14:03:10 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2011-05-31 14:01:48 90112 -c----w- d:\windows\system32\dllcache\wshext.dll
2011-05-31 14:01:48 180224 -c----w- d:\windows\system32\dllcache\scrobj.dll
2011-05-31 14:01:48 172032 -c----w- d:\windows\system32\dllcache\scrrun.dll
2011-05-31 14:01:48 155648 -c----w- d:\windows\system32\dllcache\wscript.exe
2011-05-31 14:01:48 135168 -c----w- d:\windows\system32\dllcache\cscript.exe
2011-05-31 14:01:20 81920 -c----w- d:\windows\system32\dllcache\isign32.dll
2011-05-31 14:00:44 253952 -c----w- d:\windows\system32\dllcache\es.dll
2011-05-31 14:00:09 726528 -c--a-w- d:\windows\system32\dllcache\jscript.dll
2011-05-31 14:00:09 420864 -c--a-w- d:\windows\system32\dllcache\vbscript.dll
2011-05-31 13:59:00 1857920 -c----w- d:\windows\system32\dllcache\win32k.sys
2011-05-31 13:57:19 439296 -c----w- d:\windows\system32\dllcache\shimgvw.dll
2011-05-31 13:50:17 58880 -c----w- d:\windows\system32\dllcache\atl.dll
2011-05-31 13:41:45 -------- d-----w- d:\windows\system32\PreInstall
2011-05-31 13:41:06 406016 -c----w- d:\windows\system32\dllcache\usp10.dll
2011-05-31 13:32:18 81920 -c----w- d:\windows\system32\dllcache\fontsub.dll
2011-05-31 13:32:18 119808 -c----w- d:\windows\system32\dllcache\t2embed.dll
2011-05-31 13:17:06 331776 -c----w- d:\windows\system32\dllcache\msadce.dll
2011-05-31 12:55:34 337408 -c----w- d:\windows\system32\dllcache\netapi32.dll
2011-05-31 12:51:32 218112 -c----w- d:\windows\system32\dllcache\wordpad.exe
2011-05-31 12:50:01 45568 -c----w- d:\windows\system32\dllcache\wab.exe
2011-05-31 12:48:02 177664 -c----w- d:\windows\system32\dllcache\wintrust.dll
2011-05-31 12:47:39 86016 -c----w- d:\windows\system32\dllcache\cabview.dll
2011-05-31 12:36:19 989696 -c----w- d:\windows\system32\dllcache\kernel32.dll
2011-05-31 12:32:18 80896 -c----w- d:\windows\system32\dllcache\tlntsess.exe
2011-05-31 12:32:18 76288 -c----w- d:\windows\system32\dllcache\telnet.exe
2011-05-31 12:31:18 132096 -c----w- d:\windows\system32\dllcache\wkssvc.dll
2011-05-31 12:29:09 92928 -c----w- d:\windows\system32\dllcache\ksecdd.sys
2011-05-31 12:29:09 56832 -c----w- d:\windows\system32\dllcache\secur32.dll
2011-05-31 12:29:09 136192 -c----w- d:\windows\system32\dllcache\msv1_0.dll
2011-05-31 12:29:08 54272 -c----w- d:\windows\system32\dllcache\wdigest.dll
2011-05-31 12:29:08 149504 -c----w- d:\windows\system32\dllcache\schannel.dll
2011-05-31 12:29:05 730112 -c----w- d:\windows\system32\dllcache\lsasrv.dll
2011-05-31 12:29:05 301568 -c----w- d:\windows\system32\dllcache\kerberos.dll
2011-05-31 12:25:46 74240 -c----w- d:\windows\system32\dllcache\mscms.dll
2011-05-31 12:19:44 272128 -c----w- d:\windows\system32\dllcache\bthport.sys
2011-05-31 12:06:03 203136 -c----w- d:\windows\system32\dllcache\rmcast.sys
2011-05-27 12:48:02 -------- d-----w- D:\MedicalUnit
2011-05-27 09:06:32 -------- d-----w- d:\documents and settings\all users\application data\bdch
2011-05-27 08:50:30 -------- d-----w- d:\documents and settings\metasebyae.et\application data\BitDefender
2011-05-27 08:50:04 -------- d-----w- d:\program files\BitDefender
2011-05-27 07:32:57 -------- d-----w- d:\program files\GRETECH
2011-05-27 07:02:05 -------- d-----w- d:\documents and settings\all users\application data\dc990000-bf09-44c2-3daf-f2f50eeae7b9
2011-05-27 06:56:35 -------- d-----w- d:\program files\common files\BitDefender
2011-05-27 06:56:35 -------- d-----w- d:\documents and settings\all users\application data\BitDefender
2011-05-27 06:56:28 307784 ----a-w- d:\windows\system32\drivers\trufos.sys
2011-05-27 06:56:27 353096 ----a-w- d:\windows\system32\drivers\bdfsfltr.sys
2011-05-27 06:56:27 12960 ----a-w- d:\windows\system32\drivers\bdrawpr.sys
2011-05-27 06:37:57 -------- d-----w- d:\documents and settings\all users\application data\91a0000-b632-4736-5b7c-ba12e038bc86
2011-05-27 06:29:28 -------- d-----w- d:\documents and settings\all users\application data\10bb0000-2a65-4b9c-35bf-6a448424a2a7
2011-05-27 06:20:15 -------- d-----w- d:\documents and settings\metasebyae.et\application data\QuickScan
2011-05-27 06:19:30 882191 ----a-w- d:\documents and settings\all users\application data\bdinstall.bin
2011-05-26 07:43:16 -------- d-----w- d:\documents and settings\metasebyae.et\local settings\application data\Opera
2011-05-25 11:16:51 -------- d-----w- D:\oracle
2011-05-25 10:52:32 -------- d-----w- d:\program files\Oracle
2011-05-25 10:33:41 -------- d-----w- D:\Oracle1
2011-05-25 08:54:39 -------- d-----w- D:\HCMScripts
2011-05-24 09:46:56 -------- d-----w- d:\program files\Free PDF to Word Converter
2011-05-23 11:12:47 -------- d-----w- d:\documents and settings\metasebyae.et\application data\Windows Search
2011-05-23 11:12:26 -------- d-----w- d:\documents and settings\metasebyae.et\local settings\application data\Identities
2011-05-23 11:12:24 -------- d-----w- d:\documents and settings\metasebyae.et\application data\Windows Desktop Search
2011-05-23 11:10:52 -------- d--h--w- d:\windows\system32\GroupPolicy
2011-05-23 11:10:52 -------- d-----w- d:\program files\Windows Desktop Search
2011-05-23 11:10:11 98304 -c----w- d:\windows\system32\dllcache\nlhtml.dll
2011-05-23 11:10:11 29696 -c----w- d:\windows\system32\dllcache\mimefilt.dll
2011-05-23 11:10:11 192000 -c----w- d:\windows\system32\dllcache\offfilt.dll
2011-05-23 07:57:10 -------- d-----w- d:\documents and settings\metasebyae.et\local settings\application data\assembly
2011-05-23 07:56:29 -------- d-----w- d:\documents and settings\metasebyae.et\local settings\application data\Deployment
2011-05-20 06:43:20 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 04:54:24 -------- d-----w- d:\documents and settings\metasebyae.et\local settings\application data\Temp
2011-05-19 11:36:59 -------- d-----w- d:\documents and settings\metasebyae.et\application data\Microsoft Corporation
2011-05-17 10:01:48 -------- d-----w- d:\documents and settings\metasebyae.et\local settings\application data\Mozilla
2011-05-17 08:40:05 50200 ----a-w- d:\windows\system32\perf-ReportServer$MSSQL2008-rsctr.dll
2011-05-17 08:38:09 -------- d--h--w- d:\windows\$hf_mig$
2011-05-17 08:37:17 397664 ----a-w- d:\documents and settings\all users\application data\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll
2011-05-17 08:37:05 397664 ----a-w- d:\documents and settings\all users\application data\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll
2011-05-17 08:35:58 50200 ----a-w- d:\windows\system32\perf-SQLAgent$MSSQL2008-sqlagtctr10.0.1600.22.dll
2011-05-17 08:35:44 79896 ----a-w- d:\windows\system32\perf-MSSQL$MSSQL2008-sqlctr10.0.1600.22.dll
2011-05-17 08:34:11 121728 ----a-w- d:\documents and settings\all users\application data\microsoft\visualstudio\9.0\1033\ResourceCache.dll
2011-05-17 08:29:35 416 ----a-w- d:\documents and settings\all users\application data\microsoft\msdn\9.0\1033\ResourceCache.dll
2011-05-17 08:25:05 -------- d-----w- d:\documents and settings\metasebyae.et\local settings\application data\Microsoft Help
2011-05-17 08:24:06 -------- d-----w- d:\documents and settings\metasebyae.et\local settings\application data\Microsoft_Corporation
2011-05-17 08:00:41 -------- d-----w- d:\windows\system32\SoftwareDistribution
2011-05-17 08:00:31 -------- d-----w- d:\windows\system32\Lang
2011-05-17 08:00:24 -------- d-----w- d:\documents and settings\metasebyae.et\local settings\application data\Google
2011-05-17 08:00:14 221184 ----a-w- d:\windows\system32\wmpns.dll
2011-05-17 08:00:09 -------- d-----w- d:\windows\system32\appmgmt
2011-05-17 08:00:09 -------- d-----w- d:\windows\SchCache
2011-05-17 07:54:20 -------- d-----w- d:\program files\Microsoft Firewall Client 2004
2011-05-17 07:50:29 -------- d-----w- d:\windows\system32\Logfiles
2011-05-17 07:43:29 6272 -c--a-w- d:\windows\system32\dllcache\splitter.sys
2011-05-17 07:43:29 6272 ----a-w- d:\windows\system32\drivers\splitter.sys
2011-05-17 07:43:28 83072 -c--a-w- d:\windows\system32\dllcache\wdmaud.sys
2011-05-17 07:43:28 83072 ----a-w- d:\windows\system32\drivers\wdmaud.sys
2011-05-17 07:43:27 52864 -c--a-w- d:\windows\system32\dllcache\dmusic.sys
2011-05-17 07:43:27 52864 ----a-w- d:\windows\system32\drivers\DMusic.sys
2011-05-17 07:41:13 57344 ----a-w- d:\windows\system32\igxprd32.dll
2011-05-17 07:40:59 880640 ----a-w- d:\windows\system32\RTSndMgr.CPL
2011-05-17 07:40:59 77824 ----a-w- d:\windows\SOUNDMAN.EXE
2011-05-17 07:40:59 1482752 ----a-w- d:\windows\RtlUpd.exe
2011-05-17 07:40:56 9715200 ----a-w- d:\windows\RTLCPL.EXE
2011-05-17 07:40:54 5888512 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
2011-05-17 07:40:51 18702336 ----a-w- d:\windows\RTHDCPL.EXE
2011-05-17 07:40:49 278528 ----a-w- d:\windows\system32\ALSNDMGR.CPL
2011-05-17 07:40:49 2170880 ----a-w- d:\windows\MicCal.exe
2011-05-17 07:40:48 73728 ----a-w- d:\windows\system32\RtNicProp32.dll
2011-05-17 07:40:48 57344 ----a-w- d:\windows\ALCMTR.EXE
2011-05-17 07:40:48 2808832 ----a-w- d:\windows\ALCWZRD.EXE
2011-05-17 07:40:48 142336 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2011-05-17 07:37:20 -------- d-----w- d:\documents and settings\all users\application data\Microsoft Visual Studio
2011-05-17 07:35:59 -------- d-----w- D:\orant
2011-05-17 06:49:10 33104 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-05-17 06:49:10 32592 ----a-w- d:\windows\system32\msonpmon.dll
2011-05-17 06:45:40 -------- d-----w- d:\windows\SHELLNEW
2011-05-17 06:43:49 -------- d-----w- d:\windows\system32\vmm32
2011-05-17 06:43:49 -------- d-----w- d:\program files\Dell
2011-05-17 06:43:35 -------- d-----w- d:\program files\Microsoft Visual Studio 8
2011-05-17 06:32:00 -------- d-----w- d:\program files\Microsoft Analysis Services
2011-05-17 06:15:45 -------- d-----w- d:\program files\JDownloader
2011-05-17 06:15:00 -------- d-----w- d:\program files\Sun
2011-05-17 06:13:44 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-05-17 06:13:44 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-05-17 06:12:47 -------- d-----w- d:\windows\system32\XPSViewer
2011-05-17 06:12:20 89088 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-05-17 06:12:19 -------- d-----w- d:\program files\Everything
2011-05-17 06:12:05 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-05-17 06:12:05 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-05-17 06:12:05 597504 ------w- d:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-05-17 06:12:05 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2011-05-17 06:12:05 575488 ------w- d:\windows\system32\xpsshhdr.dll
2011-05-17 06:12:05 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2011-05-17 06:12:05 1676288 ------w- d:\windows\system32\xpssvcs.dll
2011-05-17 06:12:05 117760 ------w- d:\windows\system32\prntvpt.dll
2011-05-17 06:12:05 -------- d-----w- D:\d2a7349fde43a8185b8528
2011-05-17 06:10:38 -------- d-----w- D:\ceac03096a75f7b546e159554758cc
2011-05-17 06:05:25 50200 ----a-w- d:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-05-17 06:05:19 79896 ----a-w- d:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-05-17 06:04:50 -------- d-----w- d:\windows\system32\RsFx
2011-05-17 06:02:38 -------- d-----w- d:\program files\Microsoft SQL Server
2011-05-17 06:02:09 -------- d-----w- d:\program files\Microsoft Synchronization Services
2011-05-17 06:02:08 -------- d-----w- d:\program files\Microsoft SQL Server Compact Edition
2011-05-17 06:01:59 -------- d-----w- d:\documents and settings\all users\application data\PreEmptive Solutions
2011-05-17 05:58:58 -------- d-----w- d:\program files\Microsoft ASP.NET
2011-05-17 05:58:54 -------- d-----w- d:\program files\IIS
2011-05-17 05:58:19 18368 ----a-w- d:\documents and settings\all users\application data\microsoft\vsa\9.0\1033\ResourceCache.dll
2011-05-17 05:58:17 2478272 ----a-w- d:\documents and settings\all users\application data\microsoft\visualstudio\10.0\1033\ResourceCache.dll
2011-05-17 05:47:19 -------- d-----w- d:\program files\Microsoft F#
2011-05-17 05:47:19 -------- d-----w- d:\program files\HTML Help Workshop
2011-05-17 05:47:18 -------- d-----w- d:\program files\Microsoft Visual Studio 10.0
2011-05-17 05:47:18 -------- d-----w- d:\program files\Microsoft Help Viewer
2011-05-17 05:47:18 -------- d-----w- d:\program files\common files\Merge Modules
2011-05-17 05:08:11 79872 -c----w- d:\windows\system32\dllcache\msxml6r.dll
2011-05-17 05:07:59 9728 ------w- d:\windows\system32\ativdaxx.ax
2011-05-17 05:06:36 456704 -c--a-w- d:\windows\system32\dllcache\smtpsvc.dll
2011-05-17 05:06:30 331264 -c--a-w- d:\windows\system32\dllcache\aqueue.dll
2011-05-17 05:06:28 -------- d-----w- d:\windows\ServicePackFiles
2011-05-17 05:06:16 294912 ------w- d:\program files\windows media player\dlimport.exe
2011-05-17 05:06:12 294912 -c----w- d:\windows\system32\dllcache\dlimport.exe
2011-05-17 05:03:54 19569 ----a-w- d:\windows\002852_.tmp
2011-05-17 05:03:50 -------- d-----w- d:\windows\system32\ReinstallBackups
2011-05-17 05:03:47 26144 ----a-w- d:\windows\system32\spupdsvc.exe
.
==================== Find3M ====================
.
2011-06-09 05:26:49 306320 ----a-w- d:\windows\system32\drivers\trufos.sys.upd
2011-05-27 08:57:28 111696 ----a-w- d:\windows\system32\drivers\bdfndisf.sys
2010-07-08 07:37:14 101544 ----a-w- d:\program files\common files\LinkInstaller.exe
.
============= FINISH: 12:50:28.03 ===============

Attached Files


Edited by edelawit, 13 June 2011 - 07:43 AM.


BC AdBot (Login to Remove)

 


#2 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 PM

Posted 13 June 2011 - 08:45 PM

Hello edelawit,

Did ComboFix complete its run? Kindly post the C:\ComboFix.txt

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users