Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit / Other Infection - Odd Symptoms (Missing tray icons, explorer.exe crashes, etc)


  • This topic is locked This topic is locked
2 replies to this topic

#1 street9009

street9009

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 PM

Posted 09 November 2010 - 06:08 PM

I'm hoping someone here has seen this before. This is really odd. I have never seen an infection like this before.

I have a laptop in my possession that I'm trying to fix. I have run the standard SpyBot, Malwarebytes, SUPERAntispyware, and Symantec Endpoint scans and turned up little to nothing (SpyBot removed Coupon Bar and the others only found tracking cookies and removed them).

I am unable to run Combofix (as I usually would do) because this is a Vista x64 machine. I've run a few other tools looking for a new one but have had no luck.

The PC obviously still has something on it but I can't tell what. The tray area is mostly hidden but I can tell there are icons there that aren't showing (Symantec shows on occasion before disappearing and every now and then a message will pop up and point to an "open" area on the taskbar - screenshots attached). Explorer.exe will crash if you point your mouse in the wrong direction and Kaspersky was killing it (I uninstalled Kaspersky and installed Endpoint hoping for an improvement but no luck). I'm not sure what else to do.

So, that brings me here. I followed the steps in the "Preparation Guide" post and here are the results:

DDS ran and the logs are below and attached (as requested). Most of the GMER options were greyed out so I did not run that (the only boxes available for me to check were Files, Registry, and Services).




DDS (Ver_10-11-09.01) - NTFS_AMD64
Run by Jared at 17:40:16.86 on Tue 11/09/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2521 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Aruba Networks\Persistent Agent\bndaemon.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jared\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CLEANA~1.LNK - C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgent.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
mRun-x64: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-8-31 52856]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 BNPagent;Aruba Persistent Agent Service;C:\Program Files (x86)\Aruba Networks\Persistent Agent\bndaemon.exe [2009-8-31 3026656]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-8 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-4-1 1822296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-8 132656]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2008-7-7 3148288]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-1 135664]
S3 COH_Mon;COH_Mon;C:\Windows\System32\drivers\COH_Mon.sys [2009-12-2 25424]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 rspSanity;rspSanity;C:\Windows\System32\drivers\rspSanity64.sys [2010-11-9 29752]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-09 18:24:46 -------- d-----w- C:\Program Files (x86)\TrayIconsOK
2010-11-09 15:45:26 29752 ----a-w- C:\Windows\System32\drivers\rspSanity64.sys
2010-11-09 15:45:25 -------- d-----w- C:\Program Files\SanityCheck
2010-11-09 02:59:14 -------- d-----w- C:\Users\Jared\AppData\Roaming\SUPERAntiSpyware.com
2010-11-09 02:59:14 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-11-09 02:59:09 -------- d-----w- C:\Users\Jared\AppData\Local\Symantec
2010-11-09 02:58:51 225328 ----a-w- C:\Windows\System32\drivers\wpshelper.sys
2010-11-09 02:56:38 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-11-09 02:56:37 -------- d-----w- C:\Program Files\Symantec
2010-11-09 02:55:49 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-11-09 02:52:54 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-11-09 02:52:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-11-09 01:56:42 -------- d-----w- C:\Users\Jared\AppData\Roaming\Malwarebytes
2010-11-09 01:56:32 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-09 01:56:31 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-09 01:56:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-09 01:56:31 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-09 01:56:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-09 01:56:08 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-09 01:48:15 -------- d-----w- C:\Program Files\CCleaner
2010-10-29 20:41:51 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B35B8C42-5E14-4CCE-83A2-FC70F081AF08}\mpengine.dll
2010-10-29 20:41:17 1927680 ----a-w- C:\Windows\System32\gameux.dll
2010-10-29 20:41:16 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2010-10-29 20:41:10 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-29 20:41:10 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-29 20:41:09 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-29 20:41:09 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-10-13 19:46:07 1915904 ----a-w- C:\Windows\System32\ole32.dll
2010-10-13 19:46:06 408064 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-13 19:46:06 339968 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-13 19:46:06 1316864 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-13 19:45:45 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-13 19:45:45 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-13 19:45:23 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-13 19:45:23 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-13 19:45:03 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-13 19:45:02 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-13 19:43:59 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-13 19:43:57 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-13 19:41:52 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-13 19:41:52 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-13 19:41:52 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-13 19:41:52 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-10-13 19:41:52 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-10-13 19:41:52 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-13 19:41:52 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-13 19:41:52 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-10-13 19:41:23 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-10-13 19:41:23 274944 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-13 19:41:13 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-13 19:41:13 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-12 13:15:13 270720 ------w- C:\Windows\System32\MpSigStub.exe

==================== Find3M ====================

2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe

============= FINISH: 17:41:18.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 street9009

street9009
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 PM

Posted 11 November 2010 - 09:45 PM

Nevermind. I finally had to format the hard drive and restore it to factory defaults. I would still be curious to know what, if anything, someone can tell from the logs I posted but I can provide nothing further as all I have of the hard drive is a complete backup which I'm scanning with Endpoint as we speak.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:27 PM

Posted 17 November 2010 - 07:12 PM

I don't see anything visible from the logs but DDS is really only the first scan and with rootkits, which are prevalent at the moment, they are very hard to spot.

Thanks for letting me know :thumbup2:

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users