Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Newbie with a google hijack


  • This topic is locked This topic is locked
13 replies to this topic

#1 Redder's

Redder's

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 31 January 2010 - 05:23 PM

I think they've got me!!! I'm sure this topic has already been covered in other threads but when I do a google search, the results come back OK, but when I click on one of the result links I'm directed to MSN Hotmail (I can get into the sites OK if I "right-click" on the link and cut and paste the URL into the browser address bar). I'm running XP Pro (version 2002) - SP3 and my browser is IE8, I have McAffee / BT NetProtect Plus (as part of my Broadband package) installed and I regularly run Ad-Aware. I've looked on the web to see how others have dealt with the problem and tried to remove it by using a number of different cleaners / software (malwarebytes, ccleaner, spyware doctor, search and destroy, windows defender and microsoft security essentials). A number of times I've thought that I've got the little blighter but then it just seems to return. I've run Hijack This and have the log - whilst I certainly don't profess to understand it (not in the least), there isn't anything "obviously suspect" - at least not that I can see (not quite sure what was expecting to see?). Can anybody out there help ?

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 PM

Posted 31 January 2010 - 10:43 PM

Hello.

Let's get a GMER scan please.

Download and Run GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Redder's

Redder's
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 02 February 2010 - 02:24 AM

Extremeboy - Thanks for offering to help. GMER, oh what a nightmare!!!. I downloaded the software and tried to run a scan. 3 times it crashed my PC and then on the 4th attempt it ran through to the end (I wished that you'd warned me that it would take 6 hours!!!). And then, right at the end, after 6 hours of waiting, I pressed "save", but my PC was totally "locked up" (frozen) and I couldn't do anything except a full power down. Frustrated or what!!!
A couple of other things to note - I'm not sure if they are related - I cant boot up in "safe mode". When I tried I got the error message back "windows did not start successfully. A recent hardware or software change might have caused this" - so I can only seem to run in "normal mode" ? Secondly, at start up, when I've gone into windows, I keep getting a "task box" come up with "wait while windows configures DocumentViewer". I've had this problem about a week now and I thought it was to do with my HP Printer software ? I've uninstalled and then re-installed the software and it seemed to cure it, but it's now come back. If I leave the HP printer CD in the drive then it seems to start OK. I believe that this problem happened because I inadvertantly deleted a file ?
As for GMER, I'll try again this evening to see if I can re-scan and this time capture a log file.

#4 Redder's

Redder's
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 02 February 2010 - 02:01 PM

Extremeboy - tried again earlier today to run GMER. Programme run OK (all the way through) but once again it freezes the PC when it completes - so I'm unable to save the scan results.
Any other suggestions ?

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 PM

Posted 02 February 2010 - 04:46 PM

Hi.

Apologize for all the trouble you went through but sometimes it happens.

Try the following instead:

Try the following instead.

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.
  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Posted Image tab at the bottom.
  • Now press the Posted Image button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.
Then...
  • Please download MBR.EXE by GMER. Save the file in your root directory. (C:\)
  • Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
    @echo off
    cd\
    mbr.exe -t
    start mbr.log
  • Next, select File --> Save As, change file type to All Files (*.*), and save it as fixme.bat in your c:\ folder.
  • Open your c:\folder and double-click on fixme.bat. A logfile will open (C:\mbr.log). Please paste the contents in your next reply.
When you try to boot into safe mode do you see some files loading? Then does it just blue screen and reboot your machine?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Redder's

Redder's
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 03 February 2010 - 04:16 PM

Extremeboy - Thanks. Have run RootRepeal and report attached :-


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/03 20:43
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAFDFC000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA660000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xABE91000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\admin\local settings\temp\~df3345.tmp
Status: Allocation size mismatch (API: 24576, Raw: 16384)

Path: c:\documents and settings\all users\application data\microsoft\microsoft antimalware\support\mpwpptracing.bin
Status: Allocation size mismatch (API: 1048576, Raw: 131072)

Path: F:\WIN51IC.RCੌ
Status: Invisible to the Windows API!

Path: F:\WIN51IC.RC1
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\diCk.sy_
Status: Invisible to the Windows API!

Path: F:\cmdcons\i8042prt.s<_
Status: Invisible to the Windows API!

Path: F:\cmdcons\KBDHU1=DLL
Status: Invisible to the Windows API!

Path: F:\cmdcons\KBDGR.=LL
Status: Invisible to the Windows API!

Path: F:\cmdcons\oh=i1394.sy_
Status: Invisible to the Windows API!

Path: F:\cmdcons\serial<sy_
Status: Invisible to the Windows API!

Path: f:\cmdcons\sparrow.sy_
Status: Size mismatch (API: 11098, Raw: 16888498602650458)

Path: F:\cmdcons\usbohcÆ.sy_
Status: Invisible to the Windows API!

Path: F:\cmdcons\vgaoemÆfo_
Status: Invisible to the Windows API!

Path: F:\cmdcons\disk.sy_
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\i8042prt.sy_
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\KBDGR.DLL
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\KBDHU1.DLL
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\ohci1394.sy_
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\serial.sy_
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\usbohci.sy_
Status: Visible to the Windows API, but not on disk.

Path: F:\cmdcons\vgaoem.fo_
Status: Visible to the Windows API, but not on disk.

Path: F:\RECYCLER\S-1-5-21-1292428093-706699ė26-839522115-1003
Status: Invisible to the Windows API!

Path: F:\RECYCLER\S-1-5-21-1292428093-706699826-839522115-1003
Status: Visible to the Windows API, but not on disk.

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_restore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\Fonts\co6re.fon
Status: Invisible to the Windows API!

Path: f:\minint\fonts\gulim.ttc
Status: Allocation size mismatch (API: 13518848, Raw: 16607023639447552)

Path: F:\MiniNT\Fonts\coure.fon
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\net21x4.in<
Status: Invisible to the Windows API!

Path: f:\minint\inf\net3c589.pnf
Status: Size mismatch (API: 11544, Raw: 16888498602650904)

Path: F:\MiniNT\inf\ne:an983.inf
Status: Invisible to the Windows API!

Path: f:\minint\inf\netcicap.inf
Status: Allocation size mismatch (API: 8192, Raw: 16325548649226240)

Path: F:\MiniNT\inf\netcb325.i:f
Status: Invisible to the Windows API!

Path: f:\minint\inf\netepro.pnf
Status: Size mismatch (API: 8232, Raw: 16325548649226280)

Path: F:\MiniNT\inf\ne:ias.PNF
Status: Invisible to the Windows API!

Path: F:\MiniNT\inf\netkls:.PNF
Status: Invisible to the Windows API!

Path: f:\minint\inf\netlanep.inf
Status: Size mismatch (API: 1823, Raw: 16325548649219871)

Path: F:\MiniNT\inf\netmhz:5.inf
Status: Invisible to the Windows API!

Path: F:\MiniNT\inf\ne;rsvp.inf
Status: Invisible to the Windows API!

Path: f:\minint\inf\netrtoem.inf
Status: Size mismatch (API: 235190, Raw: 16607023626163894)

Path: F:\MiniNT\inf\netsk_:thumbsup:.PNF
Status: Invisible to the Windows API!

Path: F:\MiniNT\inf\nettdk:.PNF
Status: Invisible to the Windows API!

Path: f:\minint\inf\nettpsmp.inf
Status: Size mismatch (API: 4749, Raw: 16325548649222797)

Path: F:\MiniNT\inf\netwv48.PN<
Status: Invisible to the Windows API!

Path: F:\MiniNT\inf\netx56<5.inf
Status: Invisible to the Windows API!

Path: f:\minint\inf\nvata.inf
Status: Size mismatch (API: 3190, Raw: 16888498602642550)

Path: F:\MiniNT\inf\net21x4.inf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netan983.inf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netcb325.inf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netias.PNF
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netklsi.PNF
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netmhzn5.inf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netrsvp.inf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netsk_fp.PNF
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\nettdkb.PNF
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netwv48.PNF
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\inf\netx56n5.inf
Status: Visible to the Windows API, but not on disk.

Path: f:\minint\system32\backupst.exe
Status: Allocation size mismatch (API: 868352, Raw: 19140298417192960)

Path: F:\MiniNT\system32\BackupSTJP_OEM1.smD
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\clusapi.dl<
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\C_1000Á.NLS
Status: Invisible to the Windows API!

Path: f:\minint\system32\ipconfig.exe
Status: Size mismatch (API: 49664, Raw: 29836347531379200)

Path: f:\minint\system32\nwwks.dll
Status: Allocation size mismatch (API: 59392, Raw: 29836347531388928)

Path: F:\MiniNT\system32\dbgeng<dll
Status: Invisible to the Windows API!

Path: f:\minint\system32\dgnet.dll
Status: Size mismatch (API: 103424, Raw: 54606145481970688)

Path: F:\MiniNT\system32\driverĪ
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\E1000MSG.DĪL
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\fpnpba?e.usa
Status: Invisible to the Windows API!

Path: f:\minint\system32\hal.dll
Status: Allocation size mismatch (API: 104448, Raw: 17732923532875776)

Path: F:\MiniNT\system32\IMJP81K.DL?
Status: Invisible to the Windows API!

Path: f:\minint\system32\initpki.dll
Status: Size mismatch (API: 144896, Raw: 17732923532916224)

Path: F:\MiniNT\system32\kb=a3.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\kerber>s.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\LOCO_XGA.BMP
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\msjet40.dl>
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\NOISE.>HS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\NT>LL.DLL
Status: Invisible to the Windows API!

Path: f:\minint\system32\ntsd.exe
Status: Allocation size mismatch (API: 32768, Raw: 17451448556093440)

Path: F:\MiniNT\system32\NvRaidSvEn?.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\od?ccp32.cpl
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\polstore.d>l
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\Pr>mium.exe
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\rasapi32.dÎl
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\Restore.xgG
Status: Invisible to the Windows API!

Path: f:\minint\system32\restorestch_oem1.smf
Status: Allocation size mismatch (API: 61440, Raw: 19984723346518016)

Path: f:\minint\system32\restorest_oem1.smf
Status: Allocation size mismatch (API: 61440, Raw: 19984723346518016)

Path: F:\MiniNT\system32\rpĀrt4.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\servic@s.exe
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\sortkey.nlA
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\spAolss.dll
Status: Invisible to the Windows API!

Path: f:\minint\system32\startnet.cmd
Status: Allocation size mismatch (API: 0, Raw: 18295873486192640)

Path: F:\MiniNT\system32\UNICDIAE.IME
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\virtdk64.sBs
Status: Invisible to the Windows API!

Path: f:\minint\system32\wingb.ime
Status: Allocation size mismatch (API: 69632, Raw: 18577348462972928)

Path: F:\MiniNT\system32\wkAsvc.dll
Status: Invisible to the Windows API!

Path: f:\minint\system32\writer.ini
Status: Size mismatch (API: 569, Raw: 18295873486193209)

Path: f:\minint\system32\backupwiz_oem1.smf
Status: Allocation size mismatch (API: 157696, Raw: 13792273858979840)

Path: F:\MiniNT\system32\kb)hu.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\BackupSTJP_OEM1.smf
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\clusapi.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\C_10006.NLS
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\dbgeng.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\drivers
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\E1000MSG.DLL
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\fpnpbase.usa
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\IMJP81K.DLL
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\kbda3.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\kbdhu.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\kerberos.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\LOGO_XGA.BMP
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\msjet40.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\NOISE.CHS
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\NTDLL.DLL
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\NvRaidSvEnu.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\odbccp32.cpl
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\polstore.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\Premium.exe
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\rasapi32.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\Restore.xga
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\rpcrt4.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\services.exe
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\sortkey.nls
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\spoolss.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\UNICDIME.IME
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\virtdk64.sys
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\system32\wkssvc.dll
Status: Visible to the Windows API, but not on disk.

Path: F:\MiniNT\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0ĩx-ww_ff9986d7
Status: Invisible to the Windows API!

Path: F:\MiniNT\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
Status: Visible to the Windows API, but not on disk.

Path: \\?\F:\RECYCLER\S-1-5-21-1292428093-706699ė26-839522115-1003\*
Status: Could not enumerate files with the Windows API (0x00000003)!


Path: F:\RECYCLER\S-1-5-21-1292428093-706699ė26-839522115-1003\desktop.ini
Status: Invisible to the Windows API!

Path: F:\RECYCLER\S-1-5-21-1292428093-706699ė26-839522115-1003\INFO2
Status: Invisible to the Windows API!

Path: \\?\F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\*
Status: Could not enumerate files with the Windows API (0x00000003)!


Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP466
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP508
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP546
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP468
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP470
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP471
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP472
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP473
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP476
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP478
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP481
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP482
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP485
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP489
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP490
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP492
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP495
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP496
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP500
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP503
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP504
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP505
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP506
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP463
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP465
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP511
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP512
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP513
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP514
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP515
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP516
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP517
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP518
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP521
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP522
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP523
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP524
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP525
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP526
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP530
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP533
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP537
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP539
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP543
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP545
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP549
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP552
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP556
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP557
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP558
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP564
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP565
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP566
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP567
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP571
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP572
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP574
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP575
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP580
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP581
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP582
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP583
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP584
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP585
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP586
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP587
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP588
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP589
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP590
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP591
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP592
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP593
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP594
Status: Invisible to the Windows API!

Path: F:\System Volume Information\_rනstore{A4CEB2B4-63AF-4D0F-8FAF-224FE0EEF689}\RP595
Status: Invisible to the Windows API!

Path: f:\minint\system32\config\security
Status: Allocation size mismatch (API: 0, Raw: 16888498602639360)

Path: \\?\F:\MiniNT\system32\driverĪ\*
Status: Could not enumerate files with the Windows API (0x00000003)!


Path: F:\MiniNT\system32\driverĪ\1394BUS.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\1394vdbg.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ABP480N5.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ac300nd5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ACPI.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ACPIEC.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\adm8511.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\adptsf50.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ADPU16=M.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\afd.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\AHA154X.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ahcix86.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\AIC78U2.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\AI=78XX.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\akspccard.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\aksusb.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ali5261.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ALIIDE.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\AMSINT.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\an983.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\arp1394.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ASC.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ASC3350P.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ASC3550.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\aspi32.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\aspndis3.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\asyncmac.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ATAPI.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\atmarpc.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\atmlane.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\atmuni.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\b1.t4
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\b1cbase.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\b1tr6.t4
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\b1usa.t4
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\b57xp32.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\bcm42u.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\bcm4e5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\beep.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\bioprime.bin
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\brzwlan.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\c4.bin
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cb102.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cb325.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cben5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CBIDF2K.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CD20XRNT.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cdaudio.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CDFS.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CDROM.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ce2n5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\ce3n5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cem28n5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cem33n5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cem56n5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cinemst2.s<s
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CMDIDE.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cnxt1803.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\CPQARRAY.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cpqndis5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\cpqtrnd5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\c_1252.nl_
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\c_437.nl_
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\d100ib5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DAC2W2<.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DAC960NT.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dc21x4.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\defpa.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dfe650.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dfe650d.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dgapci.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dgsetup.dll
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\diapi2.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\digirlpt.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DISK.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\diskdump.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\diwan.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dlh5xnd5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dm9pci5.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DMBOOT.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DMIO.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DMLOAD.SYS
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\dp83820.sys
Status: Invisible to the Windows API!

Path: F:\MiniNT\system32\driverĪ\DPTI2O.SYS
Status: Invisible tSSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba0f887e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba0f8bfe

Stealth Objects
-------------------
Object: Hidden Module [Name: z00clicker.dll]
Process: iexplore.exe (PID: 1256) Address: 0x10000000 Size: 204800

Object: Hidden Module [Name: z00clicker.dll]
Process: iexplore.exe (PID: 4228) Address: 0x10000000 Size: 204800

Object: Hidden Module [Name: z00clicker.dll]
Process: iexplore.exe (PID: 4804) Address: 0x10000000 Size: 204800

==EOF==

#7 Redder's

Redder's
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 03 February 2010 - 04:39 PM

Results from MBR.EXE scan :-

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x89D868C8]<<
kernel: MBR read successfully
user & kernel MBR OK

#8 Redder's

Redder's
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 03 February 2010 - 04:57 PM

Extremeboy - re my problem going into safe mode.

If I press F8 on power up, it takes me into the "Windows Advanced Options Menu", I then select (highlight) "Safe Mode" and press return. On the next screen I have to select (highlight) "Microsoft Windows XP Professional" (this is the only option) and the press return. I then get the files loading and then it goes to the blue intel screen as though it is loading as normal. I then get the error message which says "we apologize for.................and that windows did not start successfully", I then get the option to start windows normally or "safe mode" again. If I choose "safe mode" it all happens again, so I choose "normal mode" and windows starts OK as normal.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 PM

Posted 03 February 2010 - 07:11 PM

Hello.

Thanks for those logs and description I see the issue and unfortunately to deal with this infection some tools are restricted here, it would be best if you start a topic here:

1st Step: Preparation Guide Before Starting a Topic: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
2nd Step: Starting a Topic in the HJT-Malware Removal forum: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Let me know once you have started a topic there so I can notify a Moderator to close off this topic.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 Redder's

Redder's
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 04 February 2010 - 04:27 AM

Thanks. Are the 2 problems related (i.e. the spyware / hijack problem and the inability to boot up in "safe mode") ?
Your recomendation to start a new thread is that for both of these issues ?

#11 Redder's

Redder's
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 04 February 2010 - 04:48 AM

This post has been removed from the Hijack This forum. There are no logs present



Two problems (well actually 3):-
1) When I do a google search, the results come back OK, but when I click on one of the result links I'm directed to MSN Hotmail (I can get into the sites OK if I "right-click" on the link and cut and paste the URL into the browser address bar).
2) Cannot boot up into "safe mode".
Not sure if they are related ?
The 3rd is every time I start up I get a message about DocumentViewer needing a disk - but I don't think this is related ? - I just think that I've inadvertantly deleted a file ?

Anyway, I've recently had a thread open in the "Am I infected? What do I do?" section and have been helped by extremeboy. I sent him a RootReal log and his last reply was :-

"Thanks for those logs and description I see the issue and unfortunately to deal with this infection some tools are restricted here, it would be best if you start a topic here:

1st Step: Preparation Guide Before Starting a Topic: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
2nd Step: Starting a Topic in the HJT-Malware Removal forum: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Let me know once you have started a topic there so I can notify a Moderator to close off this topic."


Edited by garmanma, 04 February 2010 - 11:40 AM.


#12 Redder's

Redder's
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 04 February 2010 - 04:51 AM

Have raised a new thread as suggested - just out of interest, what do you think the problem is (in laymans terms) ?
Thanks for your help to date.
Regards, Redder's

#13 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:03 PM

Posted 04 February 2010 - 11:50 AM

As extremeboy has told you. You must read and complete the steps found in the preparation guide, at this link:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Start at step number :thumbsup:

You will be asked to create a DDS Log
Once you have done that, you can start a topic, here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

After giving a brief description of your problem, you need to copy/past the DDS log and the Root Repeal log , that you already made and submit the topic

Edited by garmanma, 04 February 2010 - 11:50 AM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#14 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:03 PM

Posted 04 February 2010 - 06:43 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Thr HJT team is very busy. It will take some time, but you will receive a response

To avoid confusion, I am closing this topic.

Good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users