Rootkit? Have reinstalled windows, still have problems.

cherrysue · 11-22-2010, 09:28 PM

Please help me. I have a problem that is recurring despite reformatting my hard drive and reinstalling windows! I have reformatted my hard drive and reinstalled windows 3 times now after restoring to factory install several times did not help. My computer will be fine for a short time, sometimes for a couple of days, then problems return. I reformatted the harddrive and reinstalled windows Sunday night and encountered problems again. I had only checked e-mail at yahoo and gone to cookinglight.com. So Monday I reformmated my hard drive again and reinstalled windows around 5pm... I did not have a network cable plugged in during this time. Next, I installed Kaspersky AV from a trial CD I purchased Sunday (I had been using McAfee Internet Security, but thought something different, instead of McAfee IS, might help.)

After installing Kaspersky, I plugged the network cable in so I could activate AV and install Windows Updates. I went to McAfee's website and installed Family Protection because it has identified part of the problem. After McAfee Family Protection was installed, I went to TrendMicro and installed BrowserGuard. I read some articles at Kaspersky.com and SmartComputing.com and Microsoft.com - nothing risky! My computer became sluggish, so I checked the McAfee Family Protection Useage Report and found that FastTrack File Sharing Protocol was used. I have not installed File Sharing software, however, it keeps installing itself on my computer!! I don't want this on my computer. It interferes with my internet connection, causes computer to be slow, and is a security risk since I don't know what it is sharing. I copied all of my data files on to a USB drive before reinstalling windows but have not put them back on my computer yet.

Please help. This problem started about a month ago and I have been trying to find information on this. I tried contacting McAfee but they say the software is working as it is supposed to.

There are 3 partitions to my hard drive only one of which is visible in Windows Explorer. I saw the partitions when I reinstalled Windows - I reformatted the largest parittion (451GB) of my 500 GB drive. I left the other two partitions alone - they are labeled OEM and RECOVERY. Not sure what they are for, if I need them, or if they can be scanned.

Thanks for reading all of this. I hope you can help me!
I purchased this computer in January and have the CDs that came with it. I am running Windows 7, 64bit so I don'thave an ARK.txt file.

Without further rambling, here is my DDS scan:

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by bobxerton at 23:23:13.90 on Mon 11/22/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2111 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Internet Content Filter\mfp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wuauclt.exe
C:\Users\BOBXER~1\AppData\Local\Temp\ose00000.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\bobxerton\Downloads\Tech Support Forum Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - C:\Program Files (x86)\Trend Micro\Browser Guard 2010\TMAMS.dll
TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - C:\Program Files (x86)\Trend Micro\Browser Guard 2010\tmieg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [ICF] "C:\Program Files (x86)\Internet Content Filter\mfp.exe"
mRun: [Trend Micro Browser Guard v2.0 Beta] "C:\Program Files (x86)\Trend Micro\Browser Guard 2010\BGUI.EXE"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
LSP: C:\Windows\SYSWOW64\icf.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO-X64: IEGBH0 - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: TMIEGBHO Class: {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard 2010\X64\TMAMS64.dll
BHO-X64: TMIEGBHO - No File
TB-X64: TMBGBAR TOOLBAR: {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard 2010\X64\tmieg64.dll

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-1 352976]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]

=============== Created Last 30 ================

2010-11-23 03:39:27 -------- d-----w- C:\Users\BOBXER~1\AppData\Local\Microsoft Help
2010-11-23 03:26:21 -------- d-----w- C:\Users\BOBXER~1\AppData\Local\Browser Guard 2010
2010-11-23 03:25:06 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-11-23 02:44:42 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{19CF7432-0530-4906-A568-C447FA010F2C}\mpengine.dll
2010-11-23 02:44:42 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-11-23 01:59:11 416784 ----a-w- C:\Windows\System32\seinst.dll
2010-11-23 01:59:10 380944 ----a-w- C:\Windows\sediag.exe
2010-11-23 01:59:10 328208 ----a-w- C:\Windows\SysWow64\ICF.dll
2010-11-23 01:59:10 324112 ----a-w- C:\Windows\SysWow64\seinst.dll
2010-11-23 01:59:10 -------- d-----w- C:\Program Files (x86)\Internet Content Filter
2010-11-23 01:59:07 372240 ----a-w- C:\Windows\System32\ICF.dll
2010-11-23 00:45:07 0 ----a-w- C:\Windows\ativpsrm.bin
2010-11-23 00:42:31 -------- d-----w- C:\Windows\Panther
2010-11-23 00:42:04 -------- d-----w- C:\Windows\System32\oem
2010-11-22 22:27:49 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2010-11-22 22:27:49 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2010-11-22 22:19:58 -------- d-sh--w- C:\Windows\Installer

==================== Find3M ====================

============= FINISH: 23:28:32.13 ===============

Thank you, thank you, thank you!

cherrysue · 11-25-2010, 09:05 PM

"BUMP, please"