Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

key logged? hacked?


  • This topic is locked This topic is locked
8 replies to this topic

#1 dnap

dnap

  • Members
  • 262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 PM

Posted 28 April 2012 - 08:31 PM

hello everyone. well to make a short story shorter, i play runescape, been playing a long long time. anyways, i was playing last night, and logged out for the night, and come home from work today and signed in, only to find out my character had been hacked. no one i know plays the game, no one knows my password, so the only thing i could think of would be that i was key logged, but even then, i have no idea how that could have happened...

anyways, now i am concerned that someone is watching my every key stroke, or that my computer safety is compromised. what can i do to make sure i am safe, or prevent this from happening again?

CPU - AMD FX-8350 Black Edition

Motherboard -MSI 990FXA-GD80

Ram - G.SKILL Ripjaws X Series 8GB (2 x 4GB)

Video Card - MSI Radeon R9 280

Storage - Western Digital Velociraptor 300GB 10k RPM

Power Supply - hec XP1080 800W

Case - Antec DF-35


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:34 PM

Posted 28 April 2012 - 09:16 PM

Hello, perhaps someone just guessed your password if it was simple enough. Lets check for malware...In case somethos is on here.
Are you using a router (wired)?
What is your Antivirus?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dnap

dnap
  • Topic Starter

  • Members
  • 262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 PM

Posted 28 April 2012 - 10:10 PM

thank you for your reply. yes i am using a router, and it is wired.

as far as someone guessing my password, i suppose it is possible, but i highly doubt that, it isn't something someone could easily guess.

and as far as antivirus, i use avast! and spybot. i scanned them earlier and both found nothing.

-----------------------------------------------------------------------------
MiniToolBox by Farbar Version: 18-01-2012
Ran by Administrator (administrator) on 28-04-2012 at 22:19:06
Microsoft® Windows® XP Professional x64 Edition Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15218 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection 2 (Disconnected)
1394 Net Adapter = 1394 Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dominic

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 8C-89-A5-30-C1-DB

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.76.76

75.75.75.75

Lease Obtained. . . . . . . . . . : Saturday, April 28, 2012 9:28:17 PM

Lease Expires . . . . . . . . . . : Saturday, April 28, 2012 11:28:17 PM

Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 74.125.226.206, 74.125.226.192, 74.125.226.197, 74.125.226.200
74.125.226.199, 74.125.226.195, 74.125.226.196, 74.125.226.201, 74.125.226.193
74.125.226.198, 74.125.226.194



Pinging google.com [173.194.43.0] with 32 bytes of data:



Reply from 173.194.43.0: bytes=32 time=19ms TTL=55

Reply from 173.194.43.0: bytes=32 time=17ms TTL=55



Ping statistics for 173.194.43.0:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 19ms, Average = 18ms

Server: cdns02.comcast.net
Address: 75.75.76.76

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=161ms TTL=47

Reply from 72.30.38.140: bytes=32 time=99ms TTL=47



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 99ms, Maximum = 161ms, Average = 130ms

Server: cdns02.comcast.net
Address: 75.75.76.76

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms


IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...8c 89 a5 30 c1 db ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [233472] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [17408] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [233472] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [233472] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [233472] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [233472] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [233472] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [233472] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog5 02 C:\Windows\System32\winrnr.dll [File Not found] ()
x64-Catalog5 03 C:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/22/2012 09:06:44 PM) (Source: Application Hang) (User: )
Description: Fault bucket 337816799.

Error: (04/22/2012 09:06:42 PM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/27/2012 10:09:24 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1064412873.

Error: (03/27/2012 10:09:20 PM) (Source: Application Hang) (User: )
Description: Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/17/2012 07:57:31 PM) (Source: Application Error) (User: )
Description: Fault bucket -1453440884.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (02/17/2012 07:57:27 PM) (Source: Application Error) (User: )
Description: Faulting application mmloaddrv.exe, version 2.0.0.0, faulting module ntdll.dll, version 5.2.3790.4937, fault address 0x00020dee.
Processing media-specific event for [mmloaddrv.exe!ws!]

Error: (02/14/2012 08:44:52 PM) (Source: VSS) (User: )
Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

Error: (11/06/2011 09:29:01 PM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: Product: Apple Mobile Device Support -- Apple Mobile Device Support requires that your computer is running Windows XP SP2 or newer.

Error: (11/06/2011 09:28:50 PM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: Product: Apple Mobile Device Support -- Apple Mobile Device Support requires that your computer is running Windows XP SP2 or newer.

Error: (11/06/2011 08:55:07 PM) (Source: MsiInstaller) (User: Administrator)Administrator
Description: Product: Apple Mobile Device Support -- Apple Mobile Device Support requires that your computer is running Windows XP SP2 or newer.


System errors:
=============
Error: (03/11/2012 10:19:41 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 8C89A530C1DB has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (03/02/2012 11:29:59 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\DR0

Error: (02/24/2012 08:17:36 AM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/14/2012 09:09:25 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\ATI\CIM\Bin64\SetACL64.exe.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (02/14/2012 09:09:25 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFC.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (02/14/2012 09:09:25 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (02/14/2012 08:45:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
AmdPPM64
aswRdr
aswSP
aswTdi
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
speedfan
Tcpip

Error: (02/14/2012 08:45:56 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (02/14/2012 08:45:56 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (02/14/2012 08:45:56 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (04/22/2012 09:06:44 PM) (Source: Application Hang)(User: )
Description: 337816799

Error: (04/22/2012 09:06:42 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe11.0.5721.5145hungapp0.0.0.000000000

Error: (03/27/2012 10:09:24 PM) (Source: Application Hang)(User: )
Description: 1064412873

Error: (03/27/2012 10:09:20 PM) (Source: Application Hang)(User: )
Description: SDUpdate.exe1.6.0.12hungapp0.0.0.000000000

Error: (02/17/2012 07:57:31 PM) (Source: Application Error)(User: )
Description: -1453440884

Error: (02/17/2012 07:57:27 PM) (Source: Application Error)(User: )
Description: mmloaddrv.exe2.0.0.0ntdll.dll5.2.3790.493700020dee

Error: (02/14/2012 08:44:52 PM) (Source: VSS)(User: )
Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

Error: (11/06/2011 09:29:01 PM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: Product: Apple Mobile Device Support -- Apple Mobile Device Support requires that your computer is running Windows XP SP2 or newer.(NULL)(NULL)(NULL)

Error: (11/06/2011 09:28:50 PM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: Product: Apple Mobile Device Support -- Apple Mobile Device Support requires that your computer is running Windows XP SP2 or newer.(NULL)(NULL)(NULL)

Error: (11/06/2011 08:55:07 PM) (Source: MsiInstaller)(User: Administrator)Administrator
Description: Product: Apple Mobile Device Support -- Apple Mobile Device Support requires that your computer is running Windows XP SP2 or newer.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.233)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 3.0.859.0)
ATI Problem Report Wizard (Version: 3.0.812.0)
Canon iP2600 series
ccc-utility64 (Version: 2011.1205.2146.38999)
CPUID CPU-Z 1.58
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows x64 (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
MotioninJoy ds3 driver version 0.6.0001 (Version: 0.5.0001)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2388210) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690-v2) (Version: 2)
Update for Windows XP (KB927891) (Version: 5)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2 (Version: 20070217.000042)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 8190.87 MB
Available physical RAM: 5833.36 MB
Total Pagefile: 20033.75 MB
Available Pagefile: 18007.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3999.75 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:279.45 GB) (Free:215.45 GB) NTFS
2 Drive d: () (Fixed) (Total:232.88 GB) (Free:223.15 GB) NTFS

========================= Users: ========================================

User accounts for \\DOMINIC

Administrator Guest SUPPORT_388945a0


**** End of log ****
------------------------------------------------------------------------------

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\28\fb33cdc-6291101a multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\3\14a27f03-6aafc3cc multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\36\655c97e4-116c5d3b a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\54\4cfd1ab6-287b8ecc a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\My Documents\3ds.max.key.2008..rar a variant of Win32/Keygen.BT application deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\My Documents\inventor-pro-2008-keygen.exe a variant of Win32/Keygen.BT application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\EvID4226Patch.exe Win32/Tool.EvID4226 application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\EvID4226Patch223d-en.zip Win32/Tool.EvID4226 application deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\winzip155.exe Win32/OpenCandy application deleted - quarantined
C:\System Volume Information\_restore{D94229EB-AF65-417F-865E-9C18F90D64AF}\RP245\A0052931.exe a variant of Win32/Keygen.BT application cleaned by deleting - quarantined

CPU - AMD FX-8350 Black Edition

Motherboard -MSI 990FXA-GD80

Ram - G.SKILL Ripjaws X Series 8GB (2 x 4GB)

Video Card - MSI Radeon R9 280

Storage - Western Digital Velociraptor 300GB 10k RPM

Power Supply - hec XP1080 800W

Case - Antec DF-35


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:34 PM

Posted 28 April 2012 - 10:50 PM

Hello, appears you have let a Zaccess rootkit in thru a torrent download. It is accesing your machine.

To remove it we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dnap

dnap
  • Topic Starter

  • Members
  • 262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 PM

Posted 28 April 2012 - 10:52 PM

those torrent downloads are old, actually from my last computer build, i just saved/copied my hard drive once i built this new computer in august, and don't even have those programs installed on this computer now, but i will do as you say and reply back, thank you.

CPU - AMD FX-8350 Black Edition

Motherboard -MSI 990FXA-GD80

Ram - G.SKILL Ripjaws X Series 8GB (2 x 4GB)

Video Card - MSI Radeon R9 280

Storage - Western Digital Velociraptor 300GB 10k RPM

Power Supply - hec XP1080 800W

Case - Antec DF-35


#6 dnap

dnap
  • Topic Starter

  • Members
  • 262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 PM

Posted 28 April 2012 - 10:55 PM

oooh, we seem to have a bit of a problem, step 7 "Download and Run DDS which will create a log of programs running on your computer." it doesn't work in xp 64bit...

CPU - AMD FX-8350 Black Edition

Motherboard -MSI 990FXA-GD80

Ram - G.SKILL Ripjaws X Series 8GB (2 x 4GB)

Video Card - MSI Radeon R9 280

Storage - Western Digital Velociraptor 300GB 10k RPM

Power Supply - hec XP1080 800W

Case - Antec DF-35


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:34 PM

Posted 28 April 2012 - 10:57 PM

If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 dnap

dnap
  • Topic Starter

  • Members
  • 262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 PM

Posted 28 April 2012 - 11:26 PM

OTL ran fine, but GMER wouldn't let me choose what boxes to unselect and it said to skip it if i was on 64bit anyways. but i posted a thread in the other forum like you suggested, http://www.bleepingcomputer.com/forums/topic451850.html

CPU - AMD FX-8350 Black Edition

Motherboard -MSI 990FXA-GD80

Ram - G.SKILL Ripjaws X Series 8GB (2 x 4GB)

Video Card - MSI Radeon R9 280

Storage - Western Digital Velociraptor 300GB 10k RPM

Power Supply - hec XP1080 800W

Case - Antec DF-35


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:34 PM

Posted 29 April 2012 - 07:23 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users