Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware I think


  • This topic is locked This topic is locked
2 replies to this topic

#1 NickD420

NickD420

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 12 September 2010 - 02:12 AM

So I let my bro use my pc for a week when I was not home, never had a virus or a problem since, and now when i click any website from google it redirects me, it does it on someother sites but just google recently, I downloaded combofixer and ran it and here is the log from it.

ComboFix 10-09-11.02 - Nick 09/12/2010 2:40.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3326.2546 [GMT -4:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\start
c:\users\Nick\AppData\Roaming\inst.exe

c:\windows\system32\drivers\rdpencdd.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-12 06:53 . 2010-09-12 06:54 -------- d-----w- c:\users\Nick\AppData\Local\temp
2010-09-12 06:53 . 2010-09-12 06:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-09-12 06:53 . 2010-09-12 06:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-12 06:21 . 2010-09-12 06:22 -------- d-----w- C:\32788R22FWJFW
2010-09-04 02:47 . 2010-09-04 02:48 -------- d-----w- c:\program files\SpeedFan
2010-09-02 19:09 . 2010-09-02 19:09 -------- d-----w- c:\users\Nick\AppData\Local\ElevatedDiagnostics
2010-08-31 04:08 . 2010-08-31 04:08 -------- d-----w- c:\users\Nick\AppData\Local\2K Games
2010-08-31 04:03 . 2010-06-02 08:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-31 04:03 . 2010-06-02 08:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-31 04:03 . 2010-06-02 08:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-31 04:03 . 2010-05-26 15:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-31 04:03 . 2010-05-26 15:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-31 04:03 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-31 04:03 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-31 04:03 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-31 04:03 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-08-31 04:03 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-08-31 04:03 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-08-31 04:03 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-08-28 06:22 . 2010-08-29 07:17 -------- dc----w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-28 06:22 . 2010-08-28 06:22 -------- d-----w- c:\program files\Lavasoft
2010-08-28 06:22 . 2010-08-28 07:23 -------- d-----w- c:\programdata\Lavasoft
2010-08-28 06:21 . 2010-08-29 07:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-28 06:21 . 2010-08-29 07:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 06:45 . 2010-08-16 06:45 258352 ----a-w- c:\windows\system32\unicows.dll
2010-08-16 06:05 . 2010-08-16 06:45 -------- d-----w- c:\users\Nick\AppData\Roaming\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 21:24 . 2009-12-08 20:05 -------- d-----w- c:\users\Nick\AppData\Roaming\BitTorrent
2010-09-09 03:43 . 2009-11-02 21:30 -------- d-----w- c:\program files\Steam
2010-08-31 04:03 . 2010-03-26 04:08 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-29 07:44 . 2010-04-18 01:17 -------- d-----w- c:\program files\Common Files\Java
2010-08-29 07:44 . 2010-03-15 18:53 -------- d-----w- c:\program files\Java
2010-08-20 01:03 . 2010-05-11 21:07 224960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-20 01:01 . 2010-05-11 21:07 137944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-18 21:22 . 2010-06-01 03:26 -------- d-----w- c:\users\Nick\AppData\Roaming\vlc
2010-08-18 21:21 . 2010-06-10 12:52 -------- d-----w- c:\users\Nick\AppData\Roaming\dvdcss
2010-08-12 06:28 . 2010-03-23 00:27 -------- d-----w- c:\users\Nick\AppData\Roaming\FrostWire
2010-08-07 18:50 . 2010-05-11 21:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-07 18:19 . 2010-03-12 17:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 04:59 . 2010-05-11 21:07 22328 ----a-w- c:\users\Nick\AppData\Roaming\PnkBstrK.sys
2010-08-07 04:59 . 2010-05-11 21:07 22328 ----a-w- c:\users\Nick\AppData\Roaming\PnkBstrK.sys
2010-08-07 04:45 . 2010-08-07 04:45 -------- d-----w- c:\program files\Activision
2010-07-29 06:30 . 2010-08-11 23:13 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 23:13 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-25 01:46 . 2010-05-19 20:31 -------- d-----w- c:\program files\StepMania
2010-07-21 21:48 . 2010-07-21 21:47 -------- d-----w- c:\users\Nick\AppData\Roaming\Ventrilo
2010-07-21 21:36 . 2010-07-21 21:36 -------- d-----w- c:\program files\Ventrilo
2010-07-21 21:36 . 2010-07-21 21:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-21 20:09 . 2010-07-21 20:09 -------- d-----w- c:\programdata\McAfee
2010-07-17 03:43 . 2010-04-27 19:42 -------- d-----w- c:\users\Nick\AppData\Roaming\Audacity
2010-07-17 03:41 . 2010-04-27 19:50 -------- d-----w- c:\programdata\PACE Anti-Piracy
2010-07-16 06:16 . 2009-11-07 02:39 -------- d-----w- c:\program files\World of Warcraft
2010-07-16 03:06 . 2010-05-06 12:15 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-07-15 04:43 . 2010-07-15 04:43 -------- d-----w- c:\program files\GoldWave
2010-07-15 04:37 . 2010-07-03 07:26 -------- d-----w- c:\users\Nick\AppData\Roaming\Darkfall US
2010-07-15 04:37 . 2010-04-27 19:36 -------- d-----w- c:\program files\Antares Audio Technologies
2010-06-30 06:25 . 2010-08-11 23:13 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:00 . 2010-03-28 06:30 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-06-22 02:47 . 2010-08-11 23:13 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 23:13 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 23:13 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-11 23:13 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 23:13 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 23:13 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 23:13 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 23:13 224256 ----a-w- c:\windows\system32\schannel.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Aim"="c:\program files\AIM\aim.exe" [2010-05-21 3824472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 22:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 03:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2009-07-14 01:14 51712 ----a-w- c:\windows\Speech\Common\sapisvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-08-24 04:34 1242448 ----a-w- c:\program files\Steam\steam.exe

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-31 3612600]
R3 USR_Find_Handle;USR_Find_Handle;c:\program files\LockHunter\USRFindHandle32.sys [2009-04-16 12824]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-31 1343400]
R3 WUSB54GSCv2.NTx86;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_X86.sys [2008-01-08 238072]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\fgbj14g8.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ProxyCap - c:\progra~1\PROXYL~1\ProxyCap\ProxyCap.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x864F3EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x5254535f
SecurityProcedure -> 0x42304330
QueryNameProcedure -> 0x500000
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3615504293-2718602247-4142863541-1001\Software\SecuROM\License information*]
"datasecu"=hex:de,6d,13,1d,c0,3f,26,f8,7a,88,6e,87,d3,b0,a3,7d,f0,45,dc,9e,f1,
91,05,84,14,00,0f,5b,d1,6c,03,b7,65,c9,32,de,77,e5,c6,c0,50,37,99,df,1d,11,\
"rkeysecu"=hex:41,5e,a9,95,57,b0,3a,89,c6,c1,2a,95,4d,69,bc,82

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-12 02:57:39
ComboFix-quarantined-files.txt 2010-09-12 06:57

Pre-Run: 67,784,265,728 bytes free
Post-Run: 67,428,671,488 bytes free

- - End Of File - - 63E203B139D67CB0F4BBB1281CC1704A


And also Here is a HJT Log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:03 AM, on 9/12/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 3149 bytes


Any help would be appreciated!

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:08 PM

Posted 17 September 2010 - 04:40 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:08 PM

Posted 27 September 2010 - 05:51 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users