Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC antispyware 2010 has got my computer


  • This topic is locked This topic is locked
15 replies to this topic

#1 didwhatt

didwhatt

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 28 August 2009 - 06:04 AM

Please help me remove this stuff

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:22 AM

Posted 28 August 2009 - 12:25 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 didwhatt

didwhatt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 28 August 2009 - 04:50 PM

Sorry I must have misunderstood.
I read this and it looks like what I've got
"AntiSpy Protector 2009 + Rootkit = Big Trouble!"
http://www.bleepingcomputer.com/forums/t/249117/antispy-protector-2009-rootkit-big-trouble/


I thought that I wasn't supposed to post logs until logs were requested.

What would you like me to post?

#4 Straythe

Straythe

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:22 AM

Posted 31 August 2009 - 08:36 PM

Hello; I'm sorry that you've been overlooked for so long.

Please note that I am not a staff member here, but I'm going to stick my neck out a bit and see if I can help get you started at least. Some logs are okay to post in this forum, but not HijackThis or ComboFix.

First off, what antimalware programs have you already tried? Were you able to run anything or get any partial logs?

Also see if you can generate a log with RootRepeal. There's a guide to using it here (by boopme):

http://www.bleepingcomputer.com/forums/ind...t&p=1407111

Let us know what you find.

If you subscribe to this topic, it'll email you as soon as someone replies. Go to the Options box in the top right, click "Track this topic", then mark "Immediate Notification" and hit Proceed to save the setting.

Good luck - Straythe
***"When you surround an enemy, leave an outlet free [...] to make him believe there is a road to safety, and thus prevent his fighting with the courage of despair." Sun Tzu ***

#5 didwhatt

didwhatt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 06 September 2009 - 06:58 PM

I tinlk I just got shuffled off to this dead-end topic.
I know I'm infected
I know what has infected me Cause It Told Me So

And I even posted to the topic that was recommended by the post that I referenced in my post.

So why am I off in no man's land for a week and a half?

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:22 AM

Posted 06 September 2009 - 07:17 PM

Hello didwhatt and :thumbsup: to BleepingComputer.

So why am I off in no man's land for a week and a half?

You never responded to Straythe. . . so we thought you were gone.

Am I Infected actually has three functions. The first is given away by the name of the forum: we help users determine if they are infected. The second is to attempt to clean simple infections using basic anti-malware tools. The final function is to assist those with advanced infections in generating the logs required to post to the HJT forum. Since you didn't have logs posted originally, this is why you were shifted from HJT to here.

Hopefully this makes a bit more sense.

Now. . . let's see what we're dealing with here.

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the "Drivers" tab, and then click the Posted Image button.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 didwhatt

didwhatt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 10 September 2009 - 05:10 PM

Are you familiar with this link?
http://www.bleepingcomputer.com/forums/t/249117/antispy-protector-2009-rootkit-big-trouble/

Mine says 2010 but it looks just like that and it acts like that too.

#8 didwhatt

didwhatt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 10 September 2009 - 05:29 PM

OK I have the file but I don't see any way to upload a file.
Do I just pste the contents?

#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:22 AM

Posted 10 September 2009 - 06:06 PM

Yes. . . please just past the contents :thumbsup:

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 didwhatt

didwhatt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 10 September 2009 - 06:17 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/10 14:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF754F000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF74E0000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF65B4000 Size: 96416 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF51C0000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AFS2K.SYS
Image Path: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Address: 0xF778F000 Size: 35840 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF75BF000 Size: 42368 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7498000 Size: 96512 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7C15000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF761F000 Size: 45056 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF793F000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF53A9000 Size: 63744 File Visible: - Signed: -
Status: -

Name: Cdr4_xp.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS
Address: 0xF7C01000 Size: 2432 File Visible: - Signed: -
Status: -

Name: Cdralw2k.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdralw2k.SYS
Address: 0xF7BFF000 Size: 2560 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF779F000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF758F000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF757F000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF6B64000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4F99000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7ACB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF53EE000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7BEA000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\System32\DRIVERS\e100b325.sys
Address: 0xF66D9000 Size: 158720 File Visible: - Signed: -
Status: -

Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xF5075000 Size: 401408 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xF4FB1000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF77DF000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF76DF000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF7827000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7478000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A89000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74B0000 Size: 125056 File Visible: - Signed: -
Status: -

Name: fw220.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fw220.sys
Address: 0xF77FF000 Size: 29696 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF77EF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Address: 0xF764F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Address: 0xF7837000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xF7A07000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB8A5D000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF776F000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF6B74000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7A33000 Size: 5504 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Address: 0xB8BAE000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xF50FF000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xF5277000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF752F000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF77D7000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A2F000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB48AE000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF66A2000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF744F000 Size: 92288 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A99000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF77CF000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xF7A0B000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF755F000 Size: 42368 File Visible: - Signed: -
Status: -

Name: MpFirewall.sys
Image Path: C:\WINDOWS\System32\Drivers\MpFirewall.sys
Address: 0xF520A000 Size: 80640 File Visible: - Signed: -
Status: -

Name: mrtRate.SYS
Image Path: C:\WINDOWS\System32\Drivers\mrtRate.SYS
Address: 0xB9714000 Size: 13504 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xB9728000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xF5125000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF786F000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF6B14000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF79CF000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7285000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7395000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF6CCD000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xBADDC000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF659D000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF6AE4000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF76BF000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xF51E2000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7877000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF73C2000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C03000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D5000 Size: 4530176 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Address: 0xF6714000 Size: 3994624 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF753F000 Size: 61696 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF66C5000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77B7000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7AC7000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF74CF000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF77AF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcouffin.sys
Image Path: C:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xF6B04000 Size: 47360 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF65CC000 Size: 147456 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\processr.sys
Address: 0xF6B54000 Size: 35840 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF658C000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF780F000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF759F000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF7A1F000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF6B44000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF6B34000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF6B24000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF7817000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xF5195000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A9B000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF75EF000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8BBE000 Size: 49152 File Visible: No Signed: -
Status: -

Name: secdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\secdrv.sys
Address: 0xF7887000 Size: 27456 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF6CD9000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF777F000 Size: 64512 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xF65F0000 Size: 578304 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7466000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB965E000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF7A83000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xBAD08000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF521E000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF7807000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF6AF4000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF652E000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF7A87000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF760F000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF667E000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF77F7000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7867000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6700000 Size: 81920 File Visible: - Signed: -
Status: -

Name: vmodem.sys
Image Path: vmodem.sys
Address: 0xF729F000 Size: 604224 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF756F000 Size: 52352 File Visible: - Signed: -
Status: -

Name: vpctcom.sys
Image Path: vpctcom.sys
Address: 0xF7333000 Size: 397472 File Visible: - Signed: -
Status: -

Name: vvoice.sys
Image Path: vvoice.sys
Address: 0xF75AF000 Size: 64576 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF76EF000 Size: 34560 File Visible: - Signed: -
Status: -

Name: wanatw4.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanatw4.sys
Address: 0xF781F000 Size: 20512 File Visible: - Signed: -
Status: -

Name: wandrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wandrv.sys
Address: 0xF79CB000 Size: 9888 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7897000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xBA27B000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7A31000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF7A23000 Size: 12032 File Visible: - Signed: -
Status: -

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:22 AM

Posted 10 September 2009 - 06:23 PM

Okay well the good news is that you don't seem to have the rootkit variant that is discussed in the topic you linked to.

Let's try a more in-depth scan with RootRepeal.

Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Open Posted Image on your desktop.
  • At the top of the window, click Settings, then Options.
  • Click the Ssdt & Shadow Ssdt Tab.
  • Make sure the box next to "Only display hooked functions." is checked.
  • Click the "X" in the top right corner of the Settings window to close it.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 didwhatt

didwhatt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 10 September 2009 - 07:00 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/10 16:39
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4F99000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7ACB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8B3E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0119.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\ASHLYN BLUE EYES.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Copy (2) of Copy of PICT0005.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\JESSICA.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Jessica2.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0012.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0014.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0015.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0017.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0021.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0029.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0039.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0041.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0043.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0044.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0057.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0115.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0124.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0127.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0201.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0202.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0212.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0220.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0221.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0226.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0235.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0238.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\PICT0239.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Picture 004.jpg
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Picture 011.jpg
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Picture 028.jpg
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Picture 063.jpg
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Picture 089.jpg
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc12.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc13.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc14.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc15.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc16.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc17.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc18.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc19.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc20.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc21.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc22.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc23.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc24.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc25.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc26.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc27.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc28.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc29.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc30.JPG
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1690550294-1599196801-3479383672-1009\Dc88\Dc31.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc41.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc34.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc35.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc36.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc37.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc38.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc39.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc40.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc42.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc43.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc44.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc45.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc46.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc47.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc48.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc49.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\jessica\Desktop\saras\Dc50.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc12.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc13.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc14.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc15.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc16.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc17.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc18.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc19.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc20.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc21.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc22.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc23.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc24.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc25.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc26.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc27.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc28.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc29.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc30.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Documents\My Pictures\TiffDadJessiJason\2004-10 (Oct)\Dc31.JPG
Status: Locked to the Windows API!

Processes
-------------------
Path: C:\WINDOWS\system32\braviax.exe
PID: 996 Status: Hidden from the Windows API!

==EOF==

#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:22 AM

Posted 10 September 2009 - 07:16 PM

With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days before you receive a reply. But rest assured, help is on the way!

Sorry I couldn't help more. . . they are better equipped to deal with this kind of thing in the Malware Removal forum. If you have trouble producing the logs as directed by the Preparation Guide post back here and let me know.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#14 didwhatt

didwhatt
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 10 September 2009 - 07:34 PM

isn't that where I started?

#15 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:22 AM

Posted 10 September 2009 - 07:47 PM

Yes. . . but you failed to post DDS and RootRepeal logs as directed in the Preparation Guide. . . hence you got sent here. Now we've confirmed that you have a serious infection and have provided more detailed steps on how to establish a thread in the HJT forum.

I know you probably feel like you're just getting shuffled around here, but we have a well tested system in place here to diagnose problems and get people where they need to be as quickly as possible.

On a related note, I just wanted to give you a heads up that there is about a 12-14 day wait for help in the HJT forum; there are only a handful of trained volunteers and hundreds of requests for help are received each day. I can promise though that, when you have made it through the line, you will be helped by a member of one of the best malware removal teams on the Web. For free.

Good Luck :thumbsup:

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users