Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I'm being hijacked


  • This topic is locked This topic is locked
2 replies to this topic

#1 compuray45

compuray45

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 24 February 2010 - 05:26 PM


DDS (Ver_09-12-01.01) - NTFSX64
Run by Ray at 17:09:26.18 on Wed 02/24/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4473 [GMT -5:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2010\TPSrvWow.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost -k Panda
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Ray\AppData\Roaming\mjusbsp\magicJack.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\TPSRVAUX.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ray\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\TPSRVAUX.EXE
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\TPSRVAUX.EXE
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.comcast.net/
uSearch Bar =
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
uRun: [cdloader] "c:\users\ray\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [APVXDWIN] "c:\program files (x86)\panda security\panda antivirus pro 2010\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files (x86)\panda security\panda antivirus pro 2010\Inicio.exe"
mRun: [RemoteControl] "c:\program files (x86)\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files (x86)\cyberlink\powerdvd\language\Language.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\eventr~1.lnk - c:\program files (x86)\the print shop 23\Remind.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files (x86)\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg64.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - c:\users\ray\appdata\roaming\microsoft\windows\start menu\programs\ub\UB.lnk

============= SERVICES / DRIVERS ===============

R0 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2009-1-29 322088]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot64.sys [2009-11-4 33800]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2009-11-6 218056]
R1 ShldFlt;Panda File Shield Driver;c:\windows\system32\drivers\ShldFlt.sys [2009-11-4 46136]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm6460.sys [2009-11-4 57352]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-11-4 90112]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 Panda Software Controller;Panda Software Controller;c:\program files (x86)\panda security\panda antivirus pro 2010\PsCtrlS.exe [2009-11-4 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files (x86)\panda security\panda antivirus pro 2010\PavFnSvr.exe [2009-11-4 169216]
R2 PavPrSrv;Panda Process Protection Service;c:\program files (x86)\common files\panda security\pavshld\PavPrSrv.exe [2009-11-4 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files (x86)\panda security\panda antivirus pro 2010\pavsrvx86.exe [2009-11-4 293120]
R2 PskSvcRetail;Panda PSK service;c:\program files (x86)\panda security\panda antivirus pro 2010\psksvc.exe [2009-11-4 28928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-9-28 395264]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
S2 PremierOpinion;PremierOpinion;c:\program files (x86)\premieropinion\pmservice.exe /service --> c:\program files (x86)\premieropinion\pmservice.exe [?]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2009-11-6 358600]
S3 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2009-11-6 1141200]

============== File Associations ===============

JSEFile=c:\progra~2\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~2\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~2\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2010-02-24 21:50:14 0 d-----w- c:\program files (x86)\Trend Micro
2010-02-22 14:40:43 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-22 14:38:49 0 d-----w- c:\users\ray\appdata\roaming\SUPERAntiSpyware.com
2010-02-22 14:38:49 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2010-02-22 12:53:46 0 d-----w- c:\users\ray\appdata\roaming\Malwarebytes
2010-02-22 12:53:41 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-22 12:53:41 0 d-----w- c:\programdata\Malwarebytes
2010-02-22 12:53:41 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-02-15 12:30:07 0 d-----w- C:\Panda Software
2010-02-09 19:44:53 84480 ----a-w- c:\windows\syswow64\mciavi32.dll
2010-02-08 13:33:34 0 d-----w- c:\users\ray\appdata\roaming\Morpheus Software
2010-02-08 13:32:05 0 d-----w- c:\program files (x86)\Morpheus Photo Warper
2010-02-02 20:04:39 0 d-----w- c:\program files\iTunes
2010-02-02 20:04:39 0 d-----w- c:\program files\iPod
2010-02-02 20:04:39 0 d-----w- c:\program files (x86)\iTunes
2010-02-02 17:38:45 22068 ----a-w- C:\fraglist.luar
2010-02-02 17:31:42 0 d-----w- c:\windows\UltraDefrag
2010-01-27 10:40:32 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 10:40:32 2870272 ----a-w- c:\windows\explorer.exe
2010-01-27 10:40:32 2614272 ----a-w- c:\windows\syswow64\explorer.exe

==================== Find3M ====================

2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll
2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-18 11:54:13 23140 ----a-w- c:\windows\hpqins15.dat
2010-01-14 16:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-08 03:38:32 285696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:38:28 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-21 04:29:22 230068 ----a-w- c:\windows\hpwins23.dat
2009-12-21 04:18:05 62231 ----a-w- c:\windows\hpqins01.dat
2009-12-21 04:17:19 81767 ----a-w- c:\windows\hpqins13.dat
2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:55 977920 ----a-w- c:\windows\syswow64\wininet.dll
2009-12-19 09:02:53 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2009-12-19 09:02:52 12288 ----a-w- c:\windows\syswow64\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\syswow64\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\syswow64\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\syswow64\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\syswow64\msrle32.dll
2009-12-19 09:02:42 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-12-19 09:02:42 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\syswow64\iyuv_32.dll
2009-12-19 09:02:38 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\syswow64\avifil32.dll
2009-12-15 14:27:56 111928 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2009-12-08 15:39:47 682280 ----a-w- c:\windows\syswow64\pbsvc.exe
2009-12-08 15:39:47 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2009-12-03 20:11:09 40448 ----a-w- c:\windows\system32\mvcoinst.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:10:07.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:00 PM

Posted 26 February 2010 - 10:22 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run Gmer, a rootkit scanner

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:00 PM

Posted 03 March 2010 - 08:27 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users