Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IRP Rootkit Hooks will not go away.


  • This topic is locked This topic is locked
3 replies to this topic

#1 voidwalker

voidwalker

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 08 February 2013 - 09:50 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 2/8/2013 9:22:43 PM
System Uptime: 2/8/2013 9:04:28 PM (0 hours ago)
.
Motherboard: LENOVO |  | Emerald Lake
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz | CPU | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 254 GiB total, 222.841 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 27.367 GiB free.
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP4: 2/8/2013 6:33:58 PM - Windows Update
RP5: 2/8/2013 6:38:02 PM - DCInstallRestorePoint
RP6: 2/8/2013 7:05:17 PM - Installed AVG 2013
RP7: 2/8/2013 7:05:47 PM - Installed AVG 2013
RP8: 2/8/2013 7:26:47 PM - Installed Steam
RP3: 2/8/2013 9:26:08 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
Atheros Client Installation Program
AVG 2013
Best Buy pc app
BioExcess
CyberLink YouCam
D3DX10
EgisTec ES603 WDM Driver
Energy Management
ES603 WDM Driver
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Junk Mail filter update
Lenovo EasyCamera
Lenovo EE Boot Optimizer
Lenovo OneKey Recovery
Lenovo Security Suite
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
Port Locker
Power2Go
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Shared C Run-time for x64
Skype™ 6.1
Steam
SUPERAntiSpyware
Synaptics Pointing Device Driver
VeriFace
Visual Studio 2010 x64 Redistributables
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
2/8/2013 9:05:20 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
2/8/2013 9:05:14 PM, Error: Service Control Manager [7000]  - The McAfee Boot Delay Start Service service failed to start due to the following error:  The system cannot find the file specified.
2/8/2013 7:31:44 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
2/8/2013 7:31:44 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/8/2013 6:34:46 PM, Error: Service Control Manager [7000]  - The McAfee Boot Delay Start Service service failed to start due to the following error:  The executable program that this service is configured to run in does not implement the service.
.
==== End Of File ===========================
 
My computer seems fine when it restarts, the RAM says that it is at around 1.70 gb when I start it up, but eventually the RAM begins to climb up. Also, when I check my resources, it says that my dwm.exe has climbed up along with my explorer. This is when I know that Rootkits are starting to dig into my computer. I have had a serious conflict with these things and I am afraid of what will happen. I first initially noticed that my computer had rootkits because I stumbled upon them when AVG free was running it's normal scheduale scan. It said that it was loacted in a driver, after that my mouse had stopped working. I used the touchpad  and just removed the threats and rebooted the computer. The mouse still didn't work, but when I pugged it into a different USB port it installed the driver for the mouse correctly. Now here lately, my computer has gotten several rootkits in numerous areas(this was after my one key recovery. Before this my computer started acting sluggish, and when I wanted to change my password for my account, it said that it couldn't do it.. I also believe that when I used Firefox the bookmarks bar had several of my bookmarks that I had not attached to it on there. Which was really strange. I ask, please help...

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 PM

Posted 10 February 2013 - 02:31 PM

Hello and welcome to BleepingComputer! :)
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate another DDS log (download it from here if you haven't already) and post it in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 PM

Posted 13 February 2013 - 01:30 AM

Hi there,

 

 

Do you still need help? It has been a while since you last replied.

 

 

 

 

Elle


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:15 PM

Posted 15 February 2013 - 07:42 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users