Jump to content

Rootkit problem!

BlaineRR
 Share

Recommended Posts

BlaineRR

BlaineRR

Posted
Posted

Ok i have a Rootkit Malware problem. I have ran the Malware thing you guys offer and i would love to post it on here but everytime i minimize the internet page and go to my desktop the computer freezes up forcing me to manually reboot and continues to give me a blue screen error so i will send you what i have for now.

Whats Happening?:

1.) Computer keeps freezing up and when i check eventvwr, it tells me that remote control access has been enabled and thats when it freezes the computer.

2.) while using 2 applications (usually) e.g - facebook and limewire the computer insists on freezing

3.) while playing World of Warcraft, i can play continuously with zero problems, and the computer never needs to reboot.

I need help please and thank you very much! if you need any other information i will check back here constantly. I have done everything the "I have been infected" post has told me to do. Thank-you for your time.

DDS:

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK

Run by Administrator at 13:43:21.00 on Tue 07/27/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2831 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wpabaln.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator.USER-D11A8D682C\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: Antiwpa - wpa.dll

Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-7-21 44032]

S3 {1E1905E9-DA40-4D92-8791C54EE0A7EC80};{1E1905E9-DA40-4D92-8791C54EE0A7EC80};\??\c:\windows\temp\a0.tmp --> c:\windows\temp\A0.tmp [?]

S3 {B23A5750-8281-46C2-A52346DB94CD272B};{B23A5750-8281-46C2-A52346DB94CD272B};c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-7-21 1684736]

S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [2010-7-27 34576]

=============== Created Last 30 ================

2010-07-27 19:42:43 0 ----a-w- c:\documents and settings\administrator.user-d11a8d682c\defogger_reenable

2010-07-27 18:39:32 0 d-----w- c:\docume~1\admini~1.use\applic~1\Malwarebytes

2010-07-27 18:37:34 96784 ----a-w- c:\windows\system32\WPRO_40_1340woem.tmp

2010-07-27 18:37:34 34576 ----a-w- c:\windows\system32\drivers\WPRO_40_1340.sys

2010-07-27 18:37:34 109072 ----a-w- c:\windows\system32\WPRO_40_1340woem_nm.tmp

2010-07-27 17:54:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-27 17:54:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-27 17:54:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-27 17:54:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-25 19:09:07 0 d-sh--w- c:\documents and settings\administrator.user-d11a8d682c\PrivacIE

2010-07-25 18:50:46 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-25 18:45:04 0 d-----w- c:\windows\system32\wbem\Repository

2010-07-23 21:50:05 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr

2010-07-23 21:48:32 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-07-23 21:48:03 189480 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-07-23 21:48:02 794408 ----a-w- c:\windows\system32\pbsvc.exe

2010-07-23 21:48:02 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-07-23 11:52:36 0 d-----w- c:\program files\USArmy

2010-07-23 11:04:32 0 d-----w- c:\docume~1\alluse~1\applic~1\AA3DeployClient

2010-07-23 06:04:46 0 d-----w- C:\086c3e8b53543828e1

2010-07-23 06:04:35 0 d-----w- c:\windows\SxsCaPendDel

2010-07-23 05:57:57 0 d-----w- c:\windows\system32\XPSViewer

2010-07-23 05:57:28 14048 ------w- c:\windows\system32\spmsg2.dll

2010-07-22 05:33:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-07-22 05:33:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-07-22 05:33:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-07-22 05:33:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-07-22 05:26:56 0 d-----w- c:\windows\ie8updates

2010-07-22 05:25:20 0 dc-h--w- c:\windows\ie8

2010-07-22 05:23:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-22 05:23:46 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-22 05:23:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-22 05:23:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-07-22 05:23:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-22 05:23:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-07-22 05:23:44 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-07-22 05:23:24 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-07-22 04:22:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment

2010-07-22 03:02:06 0 d-----w- c:\windows\.jagex_cache_32

2010-07-22 02:22:28 0 d-----w- c:\program files\Raptr

2010-07-22 02:21:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-07-22 02:21:22 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-07-22 02:20:12 0 d-----w- c:\program files\LimeWire

2010-07-22 02:18:53 0 d-----w- c:\program files\Vuze

2010-07-22 02:18:53 0 d-----w- c:\program files\common files\i4j_jres

2010-07-22 02:18:51 0 d-----w- c:\program files\Conduit

2010-07-22 02:08:58 0 d-----w- c:\program files\World of Warcraft

2010-07-22 02:08:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard

2010-07-22 02:06:23 0 d-----w- c:\program files\common files\Blizzard Entertainment

2010-07-21 22:08:13 0 ----a-w- c:\windows\ativpsrm.bin

2010-07-21 22:06:32 280576 ----a-w- c:\windows\system32\drivers\MRV8335.sys

2010-07-21 22:06:23 0 d-----w- c:\windows\Downloaded Installations

2010-07-21 21:59:32 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-21 21:58:12 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-07-21 21:58:12 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-07-21 21:57:47 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-07-21 21:57:46 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-07-21 21:57:45 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-07-21 21:56:45 593920 ------w- c:\windows\system32\ati2sgag.exe

2010-07-21 21:56:16 0 d-----w- c:\program files\ATI Technologies

2010-07-21 21:55:39 0 d-----w- C:\ATI

2010-07-21 21:55:30 2560 ------w- c:\windows\system32\xpsp4res.dll

2010-07-21 21:31:56 0 d-----w- c:\windows\system32\PreInstall

2010-07-21 21:31:55 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-07-21 21:31:54 0 d--h--w- c:\windows\$hf_mig$

2010-07-21 21:24:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec

2010-07-21 21:24:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-07-21 21:24:41 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-07-21 21:24:20 44032 ----a-r- c:\windows\system32\drivers\l1c51x86.sys

2010-07-21 21:24:13 0 d-----w- c:\windows\system32\Atheros_L1e

2010-07-21 21:24:06 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-07-21 21:23:46 940794 ----a-w- c:\windows\system32\LoopyMusic.wav

2010-07-21 21:23:46 146650 ----a-w- c:\windows\system32\BuzzingBee.wav

2010-07-21 21:23:46 0 d-----w- c:\windows\system32\Lang

2010-07-21 21:22:03 0 d-----w- c:\program files\Realtek

2010-07-21 21:21:59 540672 ------r- c:\windows\RtlExUpd.dll

2010-07-21 21:19:51 0 d-----w- c:\windows\system32\ReinstallBackups

2010-07-21 21:19:49 53248 ----a-r- c:\windows\system32\CSVer.dll

2010-07-21 21:19:44 0 d-----w- C:\Intel

2010-07-21 21:18:36 10 ----a-w- c:\windows\GSetup.ini

2010-07-21 21:18:35 207400 ----a-r- c:\windows\GSetup.exe

2010-07-21 21:16:36 0 d-s---w- c:\windows\system32\Microsoft

2010-07-21 20:41:29 0 d-sh--w- c:\documents and settings\all users\DRM

2010-07-21 20:41:15 0 d--h--w- c:\program files\WindowsUpdate

2010-07-21 20:40:32 0 d-----w- c:\program files\common files\MSSoap

2010-07-21 20:38:35 0 d-----w- c:\program files\Online Services

2010-07-21 20:37:29 0 d-----w- c:\program files\Messenger

2010-07-21 20:37:25 0 d-----w- c:\program files\MSN Gaming Zone

2010-07-21 20:36:42 0 d-----w- c:\program files\Windows NT

2010-07-21 13:23:18 0 d-----w- c:\program files\common files\ODBC

2010-07-21 13:23:16 0 d-----w- c:\program files\common files\SpeechEngines

2010-07-21 13:22:52 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-07-27 07:04:53 86016 ----a-w- c:\windows\DUMP87ec.tmp

2010-07-21 20:38:58 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 13:43:23.89 ===============

ark.zip

Link to post
Share on other sites
  • 2 weeks later...
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.