Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log file


  • This topic is locked This topic is locked
25 replies to this topic

#1 Jimmy Dick Hill

Jimmy Dick Hill

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 29 June 2009 - 05:51 PM

I need you to tell me what to fix and what to leave alone. I'm sending both attachments so look for the other one. Do I have it right now?

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:33 AM

Posted 02 July 2009 - 08:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 03 July 2009 - 05:41 AM

What had happened was about two years ago I had got hacked by [http://www.porntube.com/] and now I am and have fixed my computer. P.s. check out my protection the worlds first cloud it has 5 vendors in one and you can run suites with it (one real anti virus and or spy ware or freeware). which makes it 64.1% stronger! Hitman pro 3 from Surfright it's also dutch.(one of there sites [http://www.hitmanpro.com/en/)]

DDS (Ver_09-06-26.01) - NTFSx86
Run by SCOTTY at 6:20:33.37 on Fri 07/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Bar =
uSearch Page =
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Gamevance: {0ed403e8-470a-4a8a-85a4-d7688cfe39a3} - Gamevance
BHO: {0eedb912-c5fa-486f-8334-57288578c627} - Shareaza Web Download Hook
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\bearshare mediabar\BearShareIEHelper.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\scotty.home-dqq06mmvuh\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Weekend%20Party%20-%20Fashion%20Show/Images/stg_drm.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203947954265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203948421500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amazing%20Adventures%20Around%20the%20World/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scotty~1.hom\applic~1\mozilla\firefox\profiles\fb5z9l95.default\
FF - prefs.js: browser.search.selectedEngine - Search Microsoft Answers
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\scotty.home-dqq06mmvuh\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera\program\plugins\npsoestb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-30 00:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 00:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-30 00:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 23:18 <DIR> --d----- c:\docume~1\scotty~1.hom\applic~1\Malwarebytes
2009-06-29 23:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-29 06:38 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-06-29 06:38 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-06-29 06:38 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-06-29 06:38 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-06-29 06:38 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-06-29 06:38 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-06-29 06:38 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-06-29 06:38 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-06-29 06:38 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-06-29 06:38 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-06-28 22:36 34 a------- c:\windows\winver.ini
2009-06-28 22:11 <DIR> --d----- c:\program files\Find Junk Files
2009-06-28 02:40 <DIR> --d----- c:\program files\VS Revo Group
2009-06-27 15:42 <DIR> --d----- c:\docume~1\scotty~1.hom\applic~1\MySpace
2009-06-26 23:58 44 a---h--- c:\windows\system32\InternetAccelerator_sysquict.dat
2009-06-25 22:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hagel Technologies
2009-06-25 22:13 <DIR> --d----- c:\program files\TweakMASTER
2009-06-23 21:11 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-23 21:11 <DIR> --d----- c:\program files\Avira
2009-06-23 21:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-23 06:07 <DIR> --d----- c:\docume~1\scotty~1.hom\applic~1\IObit
2009-06-23 06:07 <DIR> --d----- c:\program files\IObit
2009-06-23 02:23 0 a------- C:\defragme.dat
2009-06-22 21:31 <DIR> --dsh--- c:\documents and settings\scotty.home-dqq06mmvuh\IECompatCache
2009-06-21 20:27 42 a------- c:\windows\Pt.dll
2009-06-21 16:43 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-06-21 16:42 <DIR> --d----- c:\windows\Logs
2009-06-21 16:42 <DIR> --d----- c:\program files\Sony Online Entertainment
2009-06-20 07:08 <DIR> --d----- c:\program files\Trend Micro
2009-06-20 00:53 <DIR> --d----- c:\program files\AVG
2009-06-17 22:11 42 a------- c:\windows\system32\AK083E209605E394C.lie
2009-06-17 21:48 <DIR> --d----- c:\docume~1\scotty~1.hom\applic~1\Blitware
2009-06-17 21:47 <DIR> --d----- c:\program files\Driver Robot
2009-06-16 16:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure
2009-06-14 15:35 <DIR> --d----- c:\docume~1\scotty~1.hom\applic~1\OnlineArmor
2009-06-13 21:06 <DIR> --d----- c:\documents and settings\scotty.home-dqq06mmvuh\Tracing
2009-06-13 14:53 <DIR> --d----- c:\docume~1\scotty~1.hom\applic~1\Windows Search
2009-06-13 14:46 <DIR> --dsh--- c:\documents and settings\scotty.home-dqq06mmvuh\PrivacIE
2009-06-13 14:42 <DIR> --dsh--- c:\documents and settings\scotty.home-dqq06mmvuh\IETldCache
2009-06-13 14:42 <DIR> --d----- c:\documents and settings\SCOTTY.HOME-DQQ06MMVUH
2009-06-10 14:00 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 14:00 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-05 06:38 11,904 a------- c:\windows\system32\drivers\hitmanpro35.sys

==================== Find3M ====================

2009-06-01 05:36 12,288 a------- c:\windows\system32\drivers\hitmanpro3.sys
2009-05-28 20:55 12,800 a------- c:\windows\system32\bootdelete.exe
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-22 16:47 348,160 a------- c:\windows\system32\msvcr71.dll
2009-05-22 16:47 499,712 a------- c:\windows\system32\msvcp71.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-30 23:02 539,160 a------- c:\windows\system32\LVUI2RC.dll
2009-04-30 23:02 539,160 a------- c:\windows\system32\LVUI2.dll
2009-04-30 22:57 199,192 a------- c:\windows\system32\lvci1201278.dll
2009-04-30 22:57 416,280 a------- c:\windows\system32\lvcodec2.dll
2009-04-30 22:39 34,068 a------- c:\windows\system32\Repository.reg
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-04-02 05:03 449 a------- c:\program files\Shortcut to Java.lnk
2008-05-26 12:10 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052620080527\index.dat

============= FINISH: 6:22:09.00 ===============

Attached Files


Edited by PropagandaPanda, 05 July 2009 - 09:59 AM.
Deactivate links. ~ OB


#4 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 03 July 2009 - 07:46 PM

Freeware bug repellent software <http://www.allmosquito.com/> (another one that fights malaria Anti-MAL but I can't find it in English.)

Edited by Orange Blossom, 04 July 2009 - 06:18 PM.
Deactivate link. ~ OB


#5 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 04 July 2009 - 05:43 PM

I made a mistake mosquitos with a s.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:33 AM

Posted 05 July 2009 - 03:43 PM

Hi Jimmy Dick Hill,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 05 July 2009 - 06:56 PM

ok

#8 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 05 July 2009 - 06:59 PM

I am here.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:33 AM

Posted 05 July 2009 - 07:09 PM

Hi Jimmy Dick Hill,

There's a bit of adware on the logs but nothing really bad.

Just to make sure please run these two scanners.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Then

We need to create an OTL Report
  • Please download OTL from the mirror:
    [http://oldtimer.geekstogo.com/OTL.exe]This is THE Mirror[/url]
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#10 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 05 July 2009 - 07:18 PM

Are you there m0le?

ok i din not see you were ok hold on

#11 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 05 July 2009 - 08:57 PM

I have been trying but the first one gamer.exe. it says I don't have permission to access sorry for delay internet interruption.

#12 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 05 July 2009 - 11:10 PM

Yeah there's got to be a little ad ware because when I tuned on my firewall and then back off before trying again it worked. Here is the first one.

#13 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 06 July 2009 - 12:58 AM

The second one says Access violation at address 004f005h in module OTL.exe. Read of address ffffffff. It only gave one report there may be something wrong. Or I didn't wait long enough for the second report to finish or I couldn't find the minimized report. But here's the log tell me what to do.

Attached Files

  • Attached File  OTL.Txt   117.54KB   9 downloads

Edited by Jimmy Dick Hill, 07 July 2009 - 12:16 AM.


#14 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 06 July 2009 - 01:04 AM

I did the first one wrong I'll send it again but I'll have to find it or do it again. It will probally be tomorrow I have to go to work

#15 Jimmy Dick Hill

Jimmy Dick Hill
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:03:33 AM

Posted 07 July 2009 - 08:32 PM

Here's gamer.exe I sorry it took so long. My mom and aunt were on myspace. When I did the first one it looked like it was finished like something was wrong tell me what to do about that one . I'll try it again and wait longer if you want me to.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users