Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yikes! Possible gnarly rootkit is running rampant on my system.


  • This topic is locked This topic is locked
14 replies to this topic

#1 Laserpewpewpew

Laserpewpewpew

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 19 August 2014 - 01:21 PM

Hey there everyone.  My elderly folks have an old computer which I've been trying to help them with.  I'm reasonably adept at dealing with computer problems for them, but this one is beyond me.  I need to call in the A-team, (you guys). 

Here's what happens.  Whenever an internet service is opened, (chrome, I.E. opera), there is a noticeable lag.  Sometimes it doesn't come up at all untl the program is clicked multiple times. I CTRL+ALT+DEL into task manager to check what programs are running, and I see multiple (browser).exe running.  Even when I click only once on an internet service, I watch the task manager starting to list multiple browser.exe, popping up one after another.  Eventually, after about 5 are open, the browser finally opens.  Another interesting thing of note is that the process lsass.exe begins to hog 50% or more of the available CPU.  There are also about 10 svchost.exe processes running, which I found odd.  The internet also fails at odd times as well, giving DNS errors of some type.  A router restart is necessary to fix this. 

Super Anti-Spyware is already on the computer.  I have run multiple scans, but find nothing.

Bitdefender is already on computer.  I have run multiple scans, but find nothing.

Downloaded Tdsskiller.exe, found nothing.

Downloaded Malwarebytes anti-rootkit, found nothing.

Downloaded Roguekiller.exe and it seems to find an infected process and "kills" it. 

The precise message under processes is a red-highlighted:  KILLED[TERMTHR]    TYPE:Proc.hidden    PID:1124.  No other information given about the process or where it comes from.  After that, roguekiller doesn't seem to detect anything else.  After I close roguekiller.exe and run it over again, it keeps killing the one threatening process except with a different PID, and can't find anything else.  Rinse and repeat ad infinium.

My elderly folk's computer is a mess of special files they don't want to lose.  Everything from baby pictures to church related documents to scrapbooking and quilting.  I talked to them about a fresh install of windows and they hated the idea.  I could port everything over to a fresh install easily, but I don't want to worry them.  If I can fix the virus/issue, that would be prefferable.

Where should I go from here?  Thank you!


Edited by Laserpewpewpew, 19 August 2014 - 01:43 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 AM

Posted 19 August 2014 - 01:41 PM

Hello please repost this with the RogueKiller log in his forum, thanks.

Virus, Trojan, Spyware, and Malware Removal Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kokomodrums

kokomodrums

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:05:59 AM

Posted 19 August 2014 - 02:06 PM

Make sure you backup all their important files ASAP! You can always wipe the hard drive and start fresh, but you can't retake baby photos!


-- Matt


#4 Laserpewpewpew

Laserpewpewpew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 19 August 2014 - 02:10 PM

Make sure you backup all their important files ASAP! You can always wipe the hard drive and start fresh, but you can't retake baby photos!

 

Will do.  Most is already backed up, but my folks don't know much about computers.  "Reinstalling everything" freaks them out, even though when I assure them I can reinstall all the important things from a thumbdrive backup.


Hello please repost this with the RogueKiller log in his forum, thanks.

Virus, Trojan, Spyware, and Malware Removal Logs

I was looking at other posts and saw that roguekiller isn't allowed here.  My apologies, I did not know beforehand. 

Excusing the roguekiller info in the post, is there anything else you might recommend?


Edited by Laserpewpewpew, 19 August 2014 - 02:13 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 AM

Posted 19 August 2014 - 02:16 PM

If you are running anything other than WIN8 add the DDS log from here.... Preparation Guide
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Laserpewpewpew

Laserpewpewpew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 19 August 2014 - 02:22 PM

If you are running anything other than WIN8 add the DDS log from here.... Preparation Guide

My apologies, I am new here.   I will do so.

I'll be right back in a few minutes to post this.



#7 kokomodrums

kokomodrums

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:05:59 AM

Posted 19 August 2014 - 02:27 PM

As far dealing with elderly, non-tech savvy relatives, try explaining to them that the important files on a computer are the pictures, personal documents, etc, and pull up the backup on a different computer to show them that the files are safe (open a few pictures, documents, etc). Also, explain to them that the people who make viruses are constantly coming up with new ways to hide viruses, but (other than very rare cases), the viruses can't survive a hard drive wipe.

 

I find analogies are perfect when working with non tech savvy people. Imagine the computer is a hardwood floor, and a virus is a stain. You can try all sorts of products (antivirus) to remove the stain, but who knows if the stain went under the hardwood into the subfloor? Well, reformatting (wiping) a hard drive would be like ripping up the entire floor and laying down brand new flooring. Is it possible that the stain is on the new flooring? Nope. And that's why many people say the only way to guarantee a system is 100% clean is to wipe the hard drive and start fresh.

 

Well, other than infected USB drives, very rare BIOS infections, hard drive firmware infections, etc.

 

As far as the suspicious behavior, I'm sure the other forum will sort you out, but honestly all the behavior you describe could be a combination of a bad router/poor internet connection quality and a junked up system. Seeing multiple svchosts is completely normal, but also an indicator that there are quite a few processes/services running on the computer. Maybe try uninstalling all the extra programs they aren't using?


Edited by kokomodrums, 19 August 2014 - 02:31 PM.

-- Matt


#8 Laserpewpewpew

Laserpewpewpew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 19 August 2014 - 02:34 PM

I have the two generated reports.   Here is the DDS:
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 11.11.2
Run by Ken at 13:28:48 on 2014-08-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2047.652 [GMT -6:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\SMTrayNotify.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
C:\Program Files (x86)\Opera\launcher.exe
C:\Program Files (x86)\Opera\23.0.1522.77\opera_autoupdate.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0EDC46CE-B2EA-4270-9ACD-690D5D16F806} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2014-8-14 718840]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2014-8-14 121928]
R1 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2014-8-14 148696]
R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-8-14 32912]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2014-8-14 69368]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-8-14 4700872]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-19 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-19 860472]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2014-8-14 82160]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-10-13 61440]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2014-8-14 593144]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-19 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-19 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-19 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-2-28 138568]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-2-28 416072]
S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2013-3-14 88104]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2013-3-14 157288]
S3 bxfcoe;bxfcoe;C:\Windows\System32\drivers\bxfcoe.sys [2013-3-14 178216]
S3 bxois;bxois;C:\Windows\System32\drivers\bxois.sys [2013-3-14 539176]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;C:\Windows\System32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-15 111616]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2013-3-14 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2013-3-14 42192]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-2-27 358456]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-2-27 791608]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-2-27 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-2-27 213504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-23 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-3-23 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-23 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-26 1255736]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-23 411936]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2025-07-26 02:10:30 335360 ----a-w- C:\Windows\System32\msieftp.dll
2025-07-26 02:10:30 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2025-07-26 02:10:29 633856 ----a-w- C:\Windows\System32\comctl32.dll
2025-07-26 02:10:29 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2025-07-26 02:10:24 224256 ----a-w- C:\Windows\System32\wintrust.dll
2025-07-26 02:10:24 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2025-07-26 02:09:39 70144 ----a-w- C:\Windows\System32\appinfo.dll
2025-07-26 02:09:34 -------- d-----w- C:\ProgramData\AVAST Software
2025-07-26 02:07:59 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2025-07-26 02:02:57 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2025-07-26 01:56:50 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2025-07-26 01:56:49 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2025-07-26 01:55:24 751104 ----a-w- C:\Windows\System32\win32spl.dll
2025-07-26 01:55:24 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2025-07-26 01:55:23 404480 ----a-w- C:\Windows\System32\gdi32.dll
2025-07-26 01:55:23 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2025-07-26 01:55:19 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2025-07-26 01:55:19 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2025-07-26 01:54:07 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2025-07-26 01:54:06 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2025-07-26 01:54:06 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2025-07-26 01:54:06 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2025-07-26 01:54:06 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2025-07-26 01:49:15 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2025-07-26 01:49:13 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2025-07-26 01:49:13 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2025-07-26 01:49:11 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2025-07-26 01:49:10 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2025-07-26 01:49:10 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2025-07-26 01:49:10 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2025-07-26 01:49:10 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-08-19 19:15:33 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-19 19:15:33 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-19 19:15:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 18:47:57 -------- d-----w- C:\Windows\pss
2014-08-19 17:52:39 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-19 17:52:25 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-19 17:52:22 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-19 17:51:31 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-19 17:09:42 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
2014-08-19 17:09:36 -------- d-----w- C:\ProgramData\RogueKiller
2014-08-19 15:53:28 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2014-08-19 14:31:06 -------- d--h--w- C:\Windows\msdownld.tmp
2014-08-17 04:25:08 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-17 04:25:08 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-17 04:25:08 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-17 04:25:08 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-17 04:25:04 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-17 04:25:04 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-17 04:24:44 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-17 04:24:44 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-15 06:30:08 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 06:30:08 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-15 06:30:07 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-15 06:30:06 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-14 22:45:14 218113 ----a-w- C:\ProgramData\1408055760.bdinstall.bin
2014-08-14 22:44:39 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2014-08-14 22:44:35 261056 ----a-w- C:\Windows\System32\drivers\SET3B79.tmp
2014-08-14 22:44:32 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2014-08-14 22:44:32 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2014-08-14 22:36:31 -------- d-----w- C:\Program Files\Bitdefender
2014-08-14 22:36:15 148696 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2014-08-14 22:36:14 382536 ----a-w- C:\Windows\System32\drivers\trufos.sys
2014-08-14 22:27:19 2155152 ----a-w- C:\Windows\System32\Incinerator64.dll
2014-08-14 22:27:18 2097984 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2014-08-14 22:27:09 -------- d-----w- C:\ProgramData\ioloGovernor
2014-08-14 22:27:08 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2014-08-14 22:27:08 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe
2014-08-14 22:27:08 26184 ----a-w- C:\Windows\System32\smrgdf.exe
2014-08-14 22:27:06 -------- d-----w- C:\Users\Ken\AppData\Roaming\ioloGovernor
2014-08-14 22:27:05 69000 ----a-w- C:\Windows\System32\offreg.dll
2014-08-14 22:27:05 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
2014-08-14 22:27:04 -------- d-----w- C:\Program Files (x86)\iolo
2014-08-14 22:26:24 32912 ----a-w- C:\Windows\System32\drivers\rawdsk3.sys
2014-08-14 22:26:21 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2014-08-14 22:26:20 -------- d-----w- C:\Users\Ken\AppData\Local\Programs
2014-08-14 22:26:16 -------- d-----w- C:\iolo
2014-08-14 22:19:32 44947 ----a-w- C:\ProgramData\1408054761.bdinstall.bin
2014-08-14 22:18:24 45247 ----a-w- C:\ProgramData\1408054670.bdinstall.bin
2014-08-14 22:17:06 45543 ----a-w- C:\ProgramData\1408054534.bdinstall.bin
2014-08-14 22:15:33 -------- d-----w- C:\Users\Ken\AppData\Roaming\QuickScan
2014-08-14 22:12:39 -------- d-----w- C:\Users\Ken\AppData\Roaming\iolo
2014-08-14 22:12:39 -------- d-----w- C:\ProgramData\iolo
2014-08-14 15:29:41 -------- d-----w- C:\Users\Ken\AppData\Roaming\TeamViewer
2014-08-11 20:18:13 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-03 16:42:52 741480 ------w- C:\Windows\System32\HPDiscoPMBC11.dll
2014-08-03 16:41:13 -------- d-----w- C:\Program Files (x86)\HP
2014-08-03 16:41:04 -------- d-----w- C:\Program Files\HP
2014-08-01 13:57:34 -------- d-----w- C:\Users\Ken\AppData\Local\Diagnostics
2014-07-27 16:31:43 -------- d-----w- C:\Users\Ken\AppData\Local\Microsoft Games
2014-07-27 15:54:07 -------- d-----w- C:\Windows\System32\MRT
2014-07-27 02:38:32 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2014-07-27 01:15:31 -------- d-----w- C:\Users\Ken\AppData\Roaming\AOL
2014-07-27 01:13:56 -------- d-----w- C:\ProgramData\Viewpoint
2014-07-27 01:13:53 -------- d-----w- C:\Program Files (x86)\Viewpoint
2014-07-27 01:13:51 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe
2014-07-27 01:11:09 -------- d-----w- C:\Users\Ken\AppData\Local\AOL
2014-07-27 00:07:05 -------- d-----w- C:\Users\Ken\AppData\Local\ElevatedDiagnostics
2014-07-26 21:22:29 -------- d-----w- C:\Users\Ken\AppData\Roaming\OpenOffice
2014-07-26 21:07:26 -------- d-----w- C:\Users\Ken\AppData\Local\Skype
2014-07-26 20:58:11 -------- d-----w- C:\Users\Ken\AppData\Local\HP
2014-07-26 20:55:50 -------- d-----w- C:\Users\Ken\AppData\Local\Adobe
2014-07-26 20:10:05 -------- d-----w- C:\Users\Ken\AppData\Roaming\SUPERAntiSpyware.com
2014-07-26 20:00:43 -------- d-sh--w- C:\Users\Ken\AppData\Local\EmieUserList
2014-07-26 20:00:43 -------- d-sh--w- C:\Users\Ken\AppData\Local\EmieSiteList
2014-07-26 19:49:54 -------- d-----w- C:\Users\Ken\AppData\Local\Opera Software
2014-07-26 19:49:53 -------- d-----w- C:\Users\Ken\AppData\Roaming\Opera Software
2014-07-26 09:31:40 -------- d-s---w- C:\Windows\System32\CompatTel
2014-07-26 09:29:17 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-07-26 09:29:17 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-07-26 09:29:16 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-07-26 09:29:14 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-07-26 08:40:15 -------- d-----w- C:\Users\Ken\AppData\Local\NVIDIA
2014-07-26 08:40:00 -------- d-----w- C:\Users\Ken\AppData\Local\Google
2014-07-26 07:50:11 -------- d-----w- C:\Windows\SysWow64\Wat
2014-07-26 07:50:11 -------- d-----w- C:\Windows\System32\Wat
2014-07-26 07:38:58 -------- d-----w- C:\Windows\Migration
2014-07-26 07:31:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-07-26 07:31:13 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-07-26 07:31:13 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-07-26 07:31:13 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-07-26 07:31:13 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-07-26 07:31:13 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-07-26 07:30:33 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-07-26 07:30:33 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-07-26 07:17:09 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2014-07-26 07:17:09 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2014-07-26 07:17:02 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2014-07-26 07:17:00 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-07-26 06:45:57 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-07-26 06:44:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2014-07-26 06:42:49 150016 ----a-w- C:\Windows\System32\wshom.ocx
2014-07-26 06:40:55 -------- d-----w- C:\Program Files (x86)\OpenOffice 4
2014-07-26 06:40:17 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-07-26 06:40:17 144384 ----a-w- C:\Windows\System32\cdd.dll
2014-07-26 06:39:30 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2014-07-26 06:39:29 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2014-07-26 06:37:50 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-07-26 06:26:37 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-07-26 05:55:43 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-07-26 05:55:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-07-26 05:45:18 -------- d-----r- C:\Program Files (x86)\Skype
2014-07-23 23:05:10 -------- d-----w- C:\Windows\PCHEALTH
2014-07-23 22:59:37 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-23 22:50:24 -------- d-sh--w- C:\Recovery
2014-07-23 22:35:27 -------- d-----w- C:\ProgramData\Oracle
2014-07-23 22:31:20 -------- d-----w- C:\old data
2014-07-23 22:31:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-23 22:31:18 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-23 22:26:05 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-07-23 22:26:00 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-07-23 22:25:50 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-23 22:25:50 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-23 22:25:50 64968 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-23 22:25:50 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-23 22:25:50 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-23 22:25:50 2558808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-07-23 22:25:28 62408 ----a-w- C:\Windows\System32\OpenCL.dll
2014-07-23 22:25:28 54216 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-07-23 22:25:06 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-07-23 22:24:58 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-07-23 22:13:15 8199504 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-07-23 22:13:12 9311288 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D31B600-103E-4219-92CE-24727F3DCED3}\mpengine.dll
2014-07-23 21:53:57 -------- d-sh--w- C:\Windows\Installer
2014-07-23 21:52:02 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-07-23 21:52:02 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2014-07-23 21:51:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-07-23 21:51:16 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-07-23 21:51:07 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-07-23 21:51:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M  ====================
.
2014-08-05 15:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-02 09:17:39 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-07-02 09:17:39 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 13:30:07.79 ===============


I have the attach file as well.  Instructions were to keep it until asked.  Please let me know if you would like to see it.

 

Edited by Laserpewpewpew, 19 August 2014 - 02:37 PM.


#9 Laserpewpewpew

Laserpewpewpew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 19 August 2014 - 02:36 PM

If you are running anything other than WIN8 add the DDS log from here.... Preparation Guide

Done.



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 AM

Posted 19 August 2014 - 02:37 PM

You need to both the logs in the other forum,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Laserpewpewpew

Laserpewpewpew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 19 August 2014 - 02:41 PM

You need to both the logs in the other forum,thanks.

Ok, heading there now.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 AM

Posted 19 August 2014 - 02:45 PM

Yes both, please. I do not think you actually have a rootkit but need to be certain.. I think these are just device drivers behaving improperly.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Laserpewpewpew

Laserpewpewpew
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 19 August 2014 - 02:47 PM

Yes both, please. I do not think you actually have a rootkit but need to be certain.. I think these are just device drivers behaving improperly.

I see.  That's good news!  Thank you very much for your help.  I apologize if I have posted in the wrong place.

There are other issues with the computer too.  The sound is not operable.  I have wondered for a while if there are other driver issues as well.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 AM

Posted 19 August 2014 - 02:56 PM

Not a problem... That's why I want the deeper look.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 hamluis

hamluis

    Moderator


  • Moderator
  • 55,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:59 AM

Posted 23 August 2014 - 07:08 AM

Reference:  http://www.bleepingcomputer.com/forums/t/544970/yikes-possible-gnarly-rootkit-on-my-system-need-some-help/ .

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users