Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help with a computer hijack please


  • Please log in to reply
1 reply to this topic

#1 ryanuts

ryanuts

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:san diego
  • Local time:07:50 AM

Posted 15 January 2016 - 10:09 PM

ok SO i want to find out who did this to me and then i want to fix the issue. I caught some kind of trojan and in the course of trying to fix the issue i found out my OS had been replaced with a windows shell program and i was looking at a virtual machine lol. I have all kinds of log files i can link if i could link the damn files. can anyone help me with this and set me in the right direction? I have invested days into fixing this issue and i don't want to let this person get away with this. I really hope that they are in the US. I think it is something similar to rigin programs. If someone is interested in this please let me know and help me.

THanks 


Edited by ryanuts, 16 January 2016 - 02:34 AM.


BC AdBot (Login to Remove)

 


#2 ryanuts

ryanuts
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:san diego
  • Local time:07:50 AM

Posted 15 January 2016 - 10:18 PM

What follows are all of the hidden folders this guy has installed on my computer...
 
 
 
Please be patient while your hard drives are scanned.
 
Scanning the C:\ drive
 
 * C:\$RECYCLE.BIN
 * C:\$RECYCLE.BIN\S-1-5-21-4104006186-3185093197-983865636-1000
 * C:\Program Files\Uninstall Information
 * C:\Program Files (x86)\Uninstall Information
 * C:\ProgramData\Common Files
 * C:\ProgramData\Microsoft\DRM\Server
 * C:\ProgramData\Microsoft\PlayReady\Cache
 * C:\ProgramData\Microsoft\Windows\DRM
 * C:\ProgramData\Microsoft\Windows\DRM\Cache
 * C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
 * C:\ProgramData\Microsoft\WwanSvc
 * C:\ProgramData\Microsoft\WwanSvc\Profiles
 * C:\Recovery\6223cc0b-d46a-11e2-832b-8357c073c700
 * C:\System Volume Information
 * C:\System Volume Information\SPP
 * C:\System Volume Information\SPP\OnlineMetadataCache
 * C:\System Volume Information\SPP\SppCbsHiveStore
 * C:\System Volume Information\SPP\SppGroupCache
 * C:\Users\All Users\Common Files
 * C:\Users\All Users\Microsoft\DRM\Server
 * C:\Users\All Users\Microsoft\PlayReady\Cache
 * C:\Users\All Users\Microsoft\Windows\DRM
 * C:\Users\All Users\Microsoft\Windows\DRM\Cache
 * C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
 * C:\Users\All Users\Microsoft\WwanSvc
 * C:\Users\All Users\Microsoft\WwanSvc\Profiles
 * C:\Users\Default
 * C:\Users\Default\AppData
 * C:\Users\LilBastard\AppData
 * C:\Users\LilBastard\AppData\Local\EmieBrowserModeList
 * C:\Users\LilBastard\AppData\Local\EmieSiteList
 * C:\Users\LilBastard\AppData\Local\EmieUserList
 * C:\Users\LilBastard\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds Cache\02RDHM32
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds Cache\41TDNN3M
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds Cache\624QTQPV
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds Cache\I1GSE2XT
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds Cache\KOGU54VE
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds Cache\M82LTLMF
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds Cache\ODBRJ144
 * C:\Users\LilBastard\AppData\Local\Microsoft\Feeds Cache\XLJ3LRYJ
 * C:\Users\LilBastard\AppData\Local\Microsoft\Internet Explorer\DOMStore
 * C:\Users\LilBastard\AppData\Local\Microsoft\Internet Explorer\DOMStore\36D4G3U3
 * C:\Users\LilBastard\AppData\Local\Microsoft\Internet Explorer\DOMStore\3F1QUY9V
 * C:\Users\LilBastard\AppData\Local\Microsoft\Internet Explorer\DOMStore\C0590R29
 * C:\Users\LilBastard\AppData\Local\Microsoft\Internet Explorer\DOMStore\NNYJNA1C
 * C:\Users\LilBastard\AppData\Local\Microsoft\Internet Explorer\EmieBrowserModeList
 * C:\Users\LilBastard\AppData\Local\Microsoft\Internet Explorer\EmieSiteList
 * C:\Users\LilBastard\AppData\Local\Microsoft\Internet Explorer\EmieUserList
 * C:\Users\LilBastard\AppData\Local\Microsoft\Media Player\Art Cache
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\AppCache
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\AppCache\8JPU0BXJ
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\AppCache\YKPMXX1A
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\AppCache\YPTHO2TJ
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\History
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016010420160111
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016011120160112
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016011220160113
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016011320160114
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016011420160115
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016011520160116
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012013061320130614
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QG124BWZ
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QKA0HHPE
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWD3FHLL
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY34U5Y6
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D8HB9JSD
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N3U70QMO
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TPACTYQB
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZP25UXX0
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\LilBastard\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\LilBastard\AppData\LocalLow\EmieBrowserModeList
 * C:\Users\LilBastard\AppData\LocalLow\EmieSiteList
 * C:\Users\LilBastard\AppData\LocalLow\EmieUserList
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4GNTAXHE
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5RYNLSY8
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7NDSLTZE
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CMWJBJTF
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\LUVI98W0
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OTE29CMQ
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Q3CZIRW1
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WQA45IN4
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\EmieBrowserModeList
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache\4RP408AK
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache\5YKG6FOX
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache\F6KPE8JH
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache\G5N0BY8G
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache\HKN7NZ6Y
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache\HYW7PYU4
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache\K7E25JHN
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache\PRT0DZXR
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache\PYWDR9NZ
 * C:\Users\LilBastard\AppData\LocalLow\Microsoft\Windows\AppCache\XS7VBPNC
 * C:\Users\LilBastard\AppData\LocalLow\PlayReady\Cache
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\DNTException
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\DNTException\Low
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\LilBastard\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\Public\Desktop
 * C:\Users\Public\Favorites
 * C:\Users\Public\Libraries
 * C:\Users\Public\Recorded TV\TempRec
 * C:\Users\Public\Recorded TV\TempRec\TempSBE
 * C:\Windows\Globalization\MCT
 * C:\Windows\Installer
 * C:\Windows\Installer\$PatchCache$
 * C:\Windows\Installer\$PatchCache$\Managed
 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B
 * C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319
 * C:\Windows\ServiceProfiles\LocalService\AppData
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\180DRY4T
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SMESVJN
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1NEG840
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJATWWIL
 * C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\ServiceProfiles\NetworkService\AppData
 * C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA
 * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\winsxs\Temp\PendingDeletes
 
Finished scanning the C:\ drive. 164 hidden items found.
 
Scanning the E:\ drive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users