system
December 29, 2011, 12:41pm
1
I currently have Avast! Free as my antivirus program. Im running Windows 7 Ultimate. Recently i checked for rootkits using Avast but i got nothing. a friend recommended me to try out Trend Micro RootkitBuster and i did. It detected nearly 100 rootkits on my laptop but most of them were just my music files and some old recycle bin items. Along with that i saw some pretty suspicious programs that im not sure if i should fix or not. Can someone please please please PLEASE offer assistance soon on what to delete and what not to??
Here is HALF of the log file of RootkitBuster:
–== Dump Hidden MBR, Hidden Files and Alternate Data Streams on D:\ ==–
MBR unsupported disk type
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R20T0F4.inf:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R23Q570\quickGuide.pdf:Zone.Identifier:$DATA
FullPathLength: 86
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R23Q570\SXC-1080_User Manual_Ed 00.pdf:Zone.Identifier:$DATA
FullPathLength: 102
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R2FSMYA.mp3:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R3878BH.url:favicon:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R4NZA1P\HUAWEI EC325 HOST11.25.03.102 with Speed+ for TATA Release Notes20071026.doc:Zone.Identifier:$DATA
FullPathLength: 148
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R4NZA1P\WL2HOST11C03B102_Release\data1.cab:Zone.Identifier:$DATA
FullPathLength: 106
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R4NZA1P\WL2HOST11C03B102_Release\data1.hdr:Zone.Identifier:$DATA
FullPathLength: 106
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R4NZA1P\WL2HOST11C03B102_Release\data2.cab:Zone.Identifier:$DATA
FullPathLength: 106
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R4NZA1P\WL2HOST11C03B102_Release\ikernel.ex_:Zone.Identifier:$DATA
FullPathLength: 108
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R4NZA1P\WL2HOST11C03B102_Release\layout.bin:Zone.Identifier:$DATA
FullPathLength: 107
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R4NZA1P\WL2HOST11C03B102_Release\Setup.exe:Zone.Identifier:$DATA
FullPathLength: 106
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R4NZA1P\WL2HOST11C03B102_Release\Setup.ini:Zone.Identifier:$DATA
FullPathLength: 106
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R4NZA1P\WL2HOST11C03B102_Release\Setup.inx:Zone.Identifier:$DATA
FullPathLength: 106
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R4NZA1P\WL2HOST11C03B102_Release\Speed+.exe:Zone.Identifier:$DATA
FullPathLength: 107
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R63K3FE.url:favicon:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R6RS94H.mp3:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R77GVN2.avi:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$R7BZD3G.mp3:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RBNQYWQ.avi:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RD70MMT\32bit\setup.exe:Zone.Identifier:$DATA
FullPathLength: 87
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RD70MMT\32bit_7\setup.exe:Zone.Identifier:$DATA
FullPathLength: 89
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RD70MMT\64bit\setup.exe:Zone.Identifier:$DATA
FullPathLength: 87
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RD70MMT\64bit_7\setup.exe:Zone.Identifier:$DATA
FullPathLength: 89
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RD70MMT\Speed+.exe:Zone.Identifier:$DATA
FullPathLength: 82
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RE1JM8P\AdbeRdr80_en_US.exe:Zone.Identifier:$DATA
FullPathLength: 91
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RFRZ41C.mkv:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
I shall post the rest of the log in another message
system
December 29, 2011, 12:43pm
2
Here’s the remaining:
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RHDW5ER.mp3:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RHSR853.mkv:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RHVUTF2.avi:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RIYV3OX.avi:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RPZ0PMJ.htm:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RQXDO48.mp3:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RRF3FHZ.mkv:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RSWYTMW.exe:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RVJE5NW.mp3:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RVNS4EA.mp3:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RX3I8DT.avi:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RX7D4HA.zip:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RX8V0ST.mkv:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RXS0FE1.zip:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RYOU9TP.avi:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RZPGY75.avi:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
system
December 29, 2011, 12:44pm
3
Here is the 3rd part
[FILE_STREAM]:
FullPath : D:$Recycle.Bin\S-1-5-21-3339453874-3366688000-1237705441-1000$RZS4SBP.exe:Zone.Identifier:$DATA
FullPathLength: 75
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\ProgramData\Microsoft\eHome\thmb\TVThumb.db:encryptable:$DATA
FullPathLength: 46
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\All Users\Microsoft\eHome\thmb\TVThumb.db:encryptable:$DATA
FullPathLength: 50
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[HIDDEN_FILE]:
FullPath : D:\Users\Krithika\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000255
FullPathLength: 78
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x2020
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\AppData\Local\Microsoft\ehome\ehthumbs_vista.db:encryptable:$DATA
FullPathLength: 65
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Desktop\Kaadhal Yen Kaadhal - TamilWire.com.mp3:Zone.Identifier:$DATA
FullPathLength: 65
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Desktop\Naan Sonnadhum Mazhai Vandhucha - TamilWire.com.mp3:Zone.Identifier:$DATA
FullPathLength: 77
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\dotNetFx40_Full_setup.exe:Zone.Identifier:$DATA
FullPathLength: 53
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\googleupdatesetup.exe:Zone.Identifier:$DATA
FullPathLength: 49
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\HAL7600 v1.2.7z:Zone.Identifier:$DATA
FullPathLength: 43
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\RootkitBuster_5.00.1041.zip:Zone.Identifier:$DATA
FullPathLength: 55
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\securable.exe:Zone.Identifier:$DATA
FullPathLength: 41
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\TCPOptimizer.exe:Zone.Identifier:$DATA
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\Themes\CherryBlossoms.themepack:Zone.Identifier:$DATA
FullPathLength: 59
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\Themes\ColorsOfIndia.themepack:Zone.Identifier:$DATA
FullPathLength: 58
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\Themes\India.themepack:Zone.Identifier:$DATA
FullPathLength: 50
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\tor-browser-2.2.35-1_en-US.exe:Zone.Identifier:$DATA
FullPathLength: 58
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\WD bad heads click of death.ogg:Zone.Identifier:$DATA
FullPathLength: 59
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\WWTSetupPenumbra.msi:Zone.Identifier:$DATA
FullPathLength: 48
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\www.TamilRockers.com - Mayakkam.2011.Lotus.1CD.DVDRip.rar:Zone.Identifier:$DATA
FullPathLength: 85
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Downloads\YouTubeDownloaderSetup34.exe:Zone.Identifier:$DATA
FullPathLength: 56
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Castle Season 4 Premiere!!!.url:favicon:$DATA
FullPathLength: 59
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Hindi Songs Download.url:favicon:$DATA
FullPathLength: 52
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Links\Castle - Full Episodes, Watch Season 4 Online, Castle Photos, News.url:favicon:$DATA
FullPathLength: 104
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Links\Castle - Latest for Castle.url:favicon:$DATA
FullPathLength: 64
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Links\Castle.url:favicon:$DATA
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Links\Facebook.url:favicon:$DATA
FullPathLength: 46
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
system
December 29, 2011, 12:45pm
4
The 4th part
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Links\Google.url:favicon:$DATA
FullPathLength: 44
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Links\India Forums.url:favicon:$DATA
FullPathLength: 50
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Links\Kitani Mohabbat Hai 2.url:favicon:$DATA
FullPathLength: 59
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Links\Petta Rap.url:favicon:$DATA
FullPathLength: 47
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Links\Tellychakkar.url:favicon:$DATA
FullPathLength: 50
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Links\YouTube.url:favicon:$DATA
FullPathLength: 45
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Movies, TV shows, List all.url:favicon:$DATA
FullPathLength: 58
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Tamil Songs Lyrics.url:favicon:$DATA
FullPathLength: 50
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\TamilWire.url:favicon:$DATA
FullPathLength: 41
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Wonderful Windows 7 Themes\Best of Bing 2 theme - Microsoft Windows.url:favicon:$DATA
FullPathLength: 99
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Wonderful Windows 7 Themes\Best of Bing 3 theme - Microsoft Windows.url:favicon:$DATA
FullPathLength: 99
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Wonderful Windows 7 Themes\Best of Bing 5 theme - Microsoft Windows.url:favicon:$DATA
FullPathLength: 99
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Wonderful Windows 7 Themes\Best of Bing Australia theme - Microsoft Windows.url:favicon:$DATA
FullPathLength: 107
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Wonderful Windows 7 Themes\Best of Bing China theme - Microsoft Windows.url:favicon:$DATA
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Wonderful Windows 7 Themes\Best of Bing Chinese New Year theme - Microsoft Windows.url:favicon:$DATA
FullPathLength: 114
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Wonderful Windows 7 Themes\Best of Bing Japan theme - Microsoft Windows.url:favicon:$DATA
FullPathLength: 103
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Wonderful Windows 7 Themes\Cats Anytime theme - Microsoft Windows.url:favicon:$DATA
FullPathLength: 97
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Favorites\Wonderful Windows 7 Themes\Windows 7 themes - Microsoft Windows.url:favicon:$DATA
FullPathLength: 95
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Music\Balle Lakka.mp3:Zone.Identifier:$DATA
FullPathLength: 39
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Music\Bombay Ponnu.mp3:Zone.Identifier:$DATA
FullPathLength: 40
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Music\Chammak Challo.mp3:Zone.Identifier:$DATA
FullPathLength: 42
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Music\Ichu Ichu.mp3:Zone.Identifier:$DATA
FullPathLength: 37
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Music\Kadhalikka.mp3:Zone.Identifier:$DATA
FullPathLength: 38
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Music\Kuch Toh Log Kahenge.mp3:Zone.Identifier:$DATA
FullPathLength: 48
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Music\Machi Open The Bottle - TamilWire.com.mp3:Zone.Identifier:$DATA
FullPathLength: 65
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
system
December 29, 2011, 12:46pm
5
the 5th part
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Music\Vaada Bin Lada Re - TamilWire.com.mp3:Zone.Identifier:$DATA
FullPathLength: 61
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Music\Vilaiyaadu Mangatha - TamilWire.com.mp3:Zone.Identifier:$DATA
FullPathLength: 63
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : D:\Users\Krithika\Music\Voda Voda Voda.mp3:Zone.Identifier:$DATA
FullPathLength: 42
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
98 hidden files found.
–== Dump Hidden Registry Value on HKLM ==–
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : (null)
Root : 206fe00
SubKey : (null)
ValueName : (null)
Data : (null)
ValueType : 66
AccessType: 67
FullLength: 0x81b9ad0
DataSize : 0x206e540
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : (null)
Root : 206fe00
SubKey : (null)
ValueName : (null)
Data : (null)
ValueType : 58
AccessType: 5f
FullLength: 0x81bb0fc
DataSize : 0x81bb0e0
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : (null)
Root : 206fe00
SubKey : (null)
ValueName : (null)
Data : (null)
ValueType : 5d
AccessType: 5f
FullLength: 0x81bb0fc
DataSize : 0x206e540
3 hidden registry entries found.
–== Dump Hidden Process ==–
No hidden processes found.
–== Dump Hidden Driver ==–
No hidden drivers found.
–== Service Win32 API Hook List ==–
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d4f4be
CurrentHandler : 0x8ec20202
ServiceNumber : 0x9
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c74b0c
CurrentHandler : 0x8f332d8c
ServiceNumber : 0x13
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c8b72f
CurrentHandler : 0x8ec227f0
ServiceNumber : 0x40
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d551cc
CurrentHandler : 0x8ec22848
ServiceNumber : 0x41
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82ca5725
CurrentHandler : 0x8ec2295e
ServiceNumber : 0x43
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c5b212
CurrentHandler : 0x8ec22746
ServiceNumber : 0x4a
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c6df8d
CurrentHandler : 0x8ec22898
ServiceNumber : 0x54
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c50a09
CurrentHandler : 0x8ec2279a
ServiceNumber : 0x55
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c49381
CurrentHandler : 0x8ec2290c
ServiceNumber : 0x59
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d4f4ef
CurrentHandler : 0x8ec20226
ServiceNumber : 0x64
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82b044bb
CurrentHandler : 0x8f332e3c
ServiceNumber : 0x83
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c10b80
CurrentHandler : 0x8ec1fff0
ServiceNumber : 0x9b
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d4f6c0
CurrentHandler : 0x8ec2024a
ServiceNumber : 0xa9
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c44e8d
CurrentHandler : 0x8ec22d56
ServiceNumber : 0xac
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c43faf
CurrentHandler : 0x8ec20cda
ServiceNumber : 0xad
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c5ac0e
CurrentHandler : 0x8ec22820
ServiceNumber : 0xb1
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d552cd
CurrentHandler : 0x8ec22870
ServiceNumber : 0xb2
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d01d8d
CurrentHandler : 0x8ec22988
ServiceNumber : 0xb4
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82cac1a0
CurrentHandler : 0x8ec22772
ServiceNumber : 0xbb
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82cb4734
CurrentHandler : 0x8ec228d8
ServiceNumber : 0xc2
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c3013c
CurrentHandler : 0x8ec227c8
ServiceNumber : 0xc3
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d54f73
CurrentHandler : 0x8ec22936
ServiceNumber : 0xc9
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c8d4c1
CurrentHandler : 0x8f332ed4
ServiceNumber : 0xd7
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c4bf52
CurrentHandler : 0x8ec20ba0
ServiceNumber : 0xf8
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d4fdd1
CurrentHandler : 0x8ec2026e
ServiceNumber : 0x13a
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d502bd
CurrentHandler : 0x8ec20292
ServiceNumber : 0x13b
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82c991ac
CurrentHandler : 0x8ec2004a
ServiceNumber : 0x15e
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d6cd9a
CurrentHandler : 0x8ec20186
ServiceNumber : 0x15f
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d4d6f3
CurrentHandler : 0x8ec20162
ServiceNumber : 0x168
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82cd052c
CurrentHandler : 0x8ec201aa
ServiceNumber : 0x170
ModuleName : a
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : D
OriginalHandler : 0x82d428ab
CurrentHandler : 0x8ec202b6
ServiceNumber : 0x182
ModuleName : a
SDTType : 0x0
system
December 29, 2011, 12:47pm
6
Here are the logs guys. I’m hoping you’ll help me ASAP. Thanks in advance
system
December 29, 2011, 12:48pm
7
Empty the reclycle bin and follow the guide…link below:
http://forum.avast.com/index.php?topic=53253.0
attach the logs here.A malware removal expert will help u soon.
Essexboy[malware removal expert] notified.
system
December 29, 2011, 4:42pm
8
Appears RootkitBuster works similiar to SysInternal’s RootkitRevealer.
These type of utilities show “potential” problem areas such as hidden and hooked files. Their existance does not automatically imply that they are malicious rootkits. Also since many of those files are music files, I somewhat suspect that what is being shown is the result of the old Sony copyright “rootkit” or equivalent software at work.
The output needs to be analyzed by an expert familiar with the utility. Does Trend have a forum or support link where you can unload those logs for analysis?
system
December 30, 2011, 3:53pm
9
@DonZ63 Thanks for replying :). I’m 100% sure that MP3 files can have no rootkits. It’s just the other entries that seem suspicious to me. Ya trend micro has Discussion Boards but for some reason i can’t post any messages to it. i have an account on trend micro but it just refuses to accept my posts. heaven knows why.
@trueindian thanx a lot for the link. i shall get down to it immediately and have the logs up in an hour
system
December 30, 2011, 4:45pm
10
Here is the log of Malwarebytes’ Anti Malware:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2011.12.24.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Krithika :: KRITHIKA-PC [administrator]
30-12-2011 22:02:09
mbam-log-2011-12-30 (22-02-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 154854
Time elapsed: 8 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
system
December 30, 2011, 4:59pm
11
First, MBAM is not the most effective anti-malware software for detecting rootkits.
You can try Kapersky’s TDSS Rootkit utility here: http://support.kaspersky.com/faq/?qid=208283363 or Sophos Rootkit Detection utility here: http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx .
Personally, I think you are clean. Remember what I posted previously, the Trend utility output is just letting you know of potential vulnerabilities. Again, someone at Trend has to review your log output and determine if there is indeed a problem,
system
December 30, 2011, 5:12pm
12
here are the logs for OTL:
system
December 30, 2011, 5:15pm
13
DonZ63 thank u for the links.i shall download them and check with them ASAP
system
December 30, 2011, 5:59pm
14
I’m sorry but TDSS Rootkit and Sophos Rootkit Detection are painfully slow. It’s at 3% for the past 1hr. Isn’t there a way to find out if i’m infected or if it’s just a false positive?
Pondus
December 30, 2011, 6:09pm
15
Isn't there a way to find out if i'm infected or if it's just a false positive?
yes....you got that option in reply #6 from true indian
so now relax and wait for Essexboy to arrive…
OBS: you should also run aswMBR from that guide and attach the log
system
December 30, 2011, 6:26pm
16
thanks for your reply pondus :). im trying to run aswMBR but it just hangs everytime. il try to post the logs once i fix it
No visible malware showing there, the ads’s attached to the music may well be DRM data and is of no import
The main pointer though would be if you are experiencing any problems ? Are you ?
system
December 30, 2011, 10:14pm
18
I'm sorry but TDSS Rootkit and Sophos Rootkit Detection are painfully slow. It's at 3% for the past 1hr.
TDSS runs in about a minute or less on my PC excluding updating time. Sophos does run for a while since it is doing a full scan of your hard drive.
Scan times are however hardware dependent.
system
December 31, 2011, 10:52am
19
Phew thank u so much essexboy. My computer is good for most of the time but it becomes slow in opening files or launching applications at random times. i have no idea why. Also i have a problem when dragging windows. the contents aren’t shown. just a black outline appears whenever i drag them. after i change the visual settings inside Computer, it turns normal but again the black outline comes back after some time. Any way to fix these?
Clear all the temporary files and run the windows defrag tool
Let me know if that makes an improvement
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator ).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion .
[*]Once it’s finished it should reboot your machine . If it does not, please manually reboot the machine yourself to ensure a complete clean.