Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.bifrose


  • This topic is locked This topic is locked
2 replies to this topic

#1 mazzy

mazzy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 02 November 2010 - 10:35 PM

I've had many problems, but nothing seems to detect anything. My security center & AV software keeps getting disabled, so I think I've tried it all. Finally malwarebytes found Backdoor.bifrose, but couldn't remove it. Hijack This scans, but won't save a log file. I've followed the intructions per your prep guide. Your help is greatly appreciated!

DDS.txt



DDS (Ver_10-11-01.01) - NTFSx86
Run by Ownmer at 20:36:39.27 on Tue 11/02/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1215 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\CISVC.EXE
C:\Program Files\xwenerww\xwenerww.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\Program Files\xwenerww\xwenerww.exe
C:\windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Autorun Eater\billy.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Ownmer\Desktop\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.elrideintl.net/main/forumv4/viewforum.php?f=9&sid=9faa9b51efacb8cee9357f83184ebc82
uDefault_Page_URL = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/ig/
mDefault_Page_URL = hxxp://www.google.com/ig/
mStart Page = hxxp://www.google.com/ig/
mSearch Page = hxxp://www.google.com/ig/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: 659636B69656 = 208.67.222.222,208.67.220.220
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\ownmer\appdata\roaming\mozilla\firefox\profiles\34tor85i.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62781&p=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\ownmer\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-11-1 32008]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2010-6-9 39736]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-11-1 76440]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-1 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-1 60936]
R2 CSIScanner;CSIScanner;c:\program files\xwenerww\xwenerww.exe [2010-11-1 6415608]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-1-23 9472]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-11-1 26096]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-26 167936]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-10-31 35816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-10-31 24416]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-26 171008]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-28 1343400]
S4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]
S4 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-15 1153368]
S4 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-11-26 51512]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]

=============== Created Last 30 ================

2010-11-02 10:11:26 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{227381be-3bc6-4dbc-b869-4b1b0d334c0f}\mpengine.dll
2010-11-02 08:36:40 388096 ----a-r- c:\users\ownmer\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-02 06:31:46 -------- d-----w- c:\users\ownmer\appdata\roaming\Avira
2010-11-02 02:37:09 -------- d-----w- c:\program files\Safer Networking
2010-11-02 02:24:17 76440 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-11-02 02:24:17 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-11-02 02:24:17 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-11-02 02:24:16 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-11-02 02:24:16 -------- d-----w- c:\program files\xwenerww
2010-11-02 02:23:54 -------- d-----w- c:\progra~2\PrevxCSI
2010-11-01 20:18:13 -------- d-----w- c:\users\ownmer\appdata\local\ChemTable Software
2010-11-01 19:59:11 -------- d-----w- c:\program files\RegCleaner
2010-11-01 19:48:52 -------- d-----w- c:\users\ownmer\appdata\roaming\ChemTable Software
2010-11-01 19:48:18 -------- d-----w- c:\program files\Reg Organizer
2010-11-01 17:39:38 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-01 17:39:38 -------- d-----w- c:\program files\Avira
2010-11-01 17:39:38 -------- d-----w- c:\progra~2\Avira
2010-11-01 05:27:58 -------- d-----w- c:\progra~2\Autorun Eater
2010-11-01 05:27:49 -------- d-----w- c:\program files\Autorun Eater
2010-11-01 05:13:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-01 05:13:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-01 04:11:23 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-11-01 04:10:54 -------- d-----w- c:\windows\RestoreSafeDeleted
2010-11-01 01:15:38 6146896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{a27d6fbc-dfa1-419a-bc5b-9043415b2b2f}\mpengine.dll
2010-10-31 21:54:45 2 --shatr- c:\windows\winstart.bat
2010-10-31 21:54:20 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-10-31 21:54:20 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-10-31 21:53:58 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-10-31 21:53:32 -------- d-----w- c:\program files\UnHackMe
2010-10-31 21:52:50 -------- d-----w- c:\users\ownmer\unhackme
2010-10-31 21:18:34 -------- d-----w- c:\program files\Trend Micro
2010-10-27 16:01:21 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 16:01:21 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 16:01:21 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 16:01:16 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-26 04:03:31 -------- d-----w- c:\program files\Bonjour
2010-10-25 17:38:39 -------- d-----w- c:\users\ownmer\appdata\roaming\Windows Live Writer
2010-10-25 17:38:39 -------- d-----w- c:\users\ownmer\appdata\local\Windows Live Writer
2010-10-24 18:19:08 -------- d-----w- c:\users\ownmer\appdata\local\Windows Live
2010-10-24 18:17:22 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-24 18:17:21 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-24 18:17:20 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-24 16:40:55 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-10-24 16:39:59 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-10-24 16:37:59 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-10-23 22:58:13 -------- d-----w- c:\windows\system32\directx
2010-10-23 19:21:38 -------- d-----w- c:\program files\The Weather Channel FW
2010-10-23 19:21:25 -------- d-----w- c:\users\ownmer\appdata\local\The Weather Channel
2010-10-13 10:04:57 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 10:04:55 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 10:04:53 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 10:04:51 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 10:04:51 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 10:04:45 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 10:04:44 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 10:04:44 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 10:04:44 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 10:04:44 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 10:04:43 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

==================== Find3M ====================

2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-21 19:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 20:37:58.16 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:27 AM

Posted 11 November 2010 - 08:39 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,203 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:27 AM

Posted 22 November 2010 - 06:40 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users