Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winiguard?


  • Please log in to reply
1 reply to this topic

#1 NYRfan888

NYRfan888

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 17 February 2009 - 12:28 AM

At first I noticed a major increase in ads and a unusually large amount of alerts from AVG, possibly initially caused by a file I thought was a codec package to view a video on WMP. After that I proceeded to download different spyware removers and antivirus softwares, none of which were able to fix the problem. Many of these said "unable to download updates" and would automatically reboot my computer. Eventually in my search for antivirus software I downloaded winiguard and now can't remove it. I go "uninstall programs" in control panel and it isn't there. Since then I tried to watch videos on some sites and they've stopped me with a message that I was infected with a trojan. I ran malawarebyte and have seemed to have gotten rid of the trojan I think, but now I'm continuously getting messages in my lower right and left hand corners from winiguard that I'm being attacked by a trojan dropping, password stealing, virus of some sort. I'm also getting continuous windows security alerts telling me I'm infected with spyware.

In case you can't tell from the above paragraph I have no idea whats going on... I've heard that winiguard is just some scam so I'm hoping that all of this password stealing stuff is just a bluff, but I do have money involved in online poker sites and recently made a few online purchases so I am getting somewhat concerned. Any help you could give me would be deeply, deeply appreciated. To make matters worse, for some reason I have no browse/upload button in this note. The site looks a little different then in the "preparation guide", for example side bar is below the message box, and site is plain white and not blue. I'm just copying the attachment below the DDS since I can't seem to find a way to upload. Really sorry about that, if there's anyway to fix just let me know and I'll edit. Thanks!

DDS (Ver_09-02-01.01) - NTFSx86
Run by Steve at 0:10:23.62 on Tue 02/17/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.898 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\jusched.exe
C:\Windows\System32\promo.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\hp\kbd\kbd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Steve\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101676&l=dis
uSearch Page =
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Transcode360] c:\program files\transcode360\Transcode360Tray.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [promo.exe] c:\windows\system32\promo.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - c:\program files\ultimatebet\UltimateBet.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\ks9rzukj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - igoogle.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?query=
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\program files\scenecaster\NPSceneCaster.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-8 97928]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-5 76040]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-2-15 142592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-8 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-8 231704]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-16 356920]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-12-25 256000]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-3-6 84832]

=============== Created Last 30 ================

2009-02-16 20:53 <DIR> --d----- c:\users\steve\appdata\roaming\Malwarebytes
2009-02-16 20:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-16 20:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 20:53 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-16 20:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 20:53 <DIR> --d----- c:\progra~2\Malwarebytes
2009-02-16 03:26 506,368 a------- c:\windows\system32\msxml.dll
2009-02-16 03:22 <DIR> a-d----- c:\programdata\TEMP
2009-02-16 03:22 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-16 03:22 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-16 03:22 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-16 03:22 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-16 03:22 <DIR> --d----- c:\users\steve\appdata\roaming\PC Tools
2009-02-16 03:22 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-16 03:07 8,704 a------- c:\windows\system32\rasha.exe
2009-02-16 03:05 <DIR> --d----- c:\program files\WiniGuard Software
2009-02-16 03:05 610,304 a------- c:\windows\system32\promo.exe
2009-02-15 21:39 <DIR> --d----- c:\programdata\Avira
2009-02-15 21:39 <DIR> --d----- c:\program files\Avira
2009-02-15 21:39 <DIR> --d----- c:\progra~2\Avira
2009-02-15 21:37 236 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-02-15 13:20 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-15 13:20 <DIR> --d----- c:\users\steve\appdata\roaming\Spyware Terminator
2009-02-15 13:20 <DIR> --d----- c:\programdata\Spyware Terminator
2009-02-15 13:20 <DIR> --d----- c:\progra~2\Spyware Terminator
2009-02-15 13:20 <DIR> --d----- c:\program files\Spyware Terminator
2009-02-12 18:20 4 a------- c:\windows\system32\gaopdxcounter
2009-02-11 21:15 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 21:15 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-11 03:01 <DIR> --d----- c:\users\steve\.thumbnails
2009-02-11 02:56 <DIR> --d----- c:\users\steve\.gimp-2.2
2009-02-10 02:41 306,688 a------- c:\windows\IsUninst.exe
2009-02-05 10:00 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-03 04:01 <DIR> --d----- c:\program files\Transcode360
2009-02-03 03:50 <DIR> --d----- c:\programdata\VistaCodecs
2009-02-03 03:50 <DIR> --d----- c:\progra~2\VistaCodecs
2009-02-03 03:41 <DIR> --d----- c:\programdata\WindowsSearch
2009-01-25 14:45 <DIR> --d----- c:\program files\Bodog Poker
2009-01-23 18:44 141,199 -------- c:\windows\hpoins14.dat.temp
2009-01-23 18:44 2,000 -------- c:\windows\hpomdl14.dat.temp
2009-01-22 17:48 <DIR> --d----- c:\programdata\Winferno
2009-01-22 17:43 <DIR> --d----- c:\program files\ToneThis
2009-01-22 17:42 212,240 a------- c:\windows\system32\Richtx32.ocx
2009-01-22 17:42 <DIR> --d----- c:\program files\Winferno
2009-01-22 17:41 <DIR> --d----- c:\program files\My.Freeze.com Toolbar
2009-01-22 17:37 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf

==================== Find3M ====================

2009-02-15 21:19 4,518 a------- c:\users\steve\appdata\roaming\wklnhst.dat
2009-01-23 18:46 140,692 a------- c:\windows\hpoins14.dat
2008-10-02 14:12 143,360 a------- c:\windows\inf\infstrng.dat
2008-10-02 14:12 51,200 a------- c:\windows\inf\infpub.dat
2008-10-02 14:12 86,016 a------- c:\windows\inf\infstor.dat
2008-06-16 02:36 174 a--sh--- c:\program files\desktop.ini
2008-06-16 02:23 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:11:02.50 ===============


Edit: I was able to fix the problem where I couldn't upload.

Attached Files


Edited by NYRfan888, 17 February 2009 - 11:43 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:28 AM

Posted 28 February 2009 - 04:33 PM

Hello NYRfan888

Welcome to BleepingComputer :thumbup2:
========================
Please post a new updated dds log as well.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users