Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Hijachthis Log

  1. #1

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    Are you still there?

    If you are please follow the instructions in my previous post.

    If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

    Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

    Thanks for understanding

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  4. #4
    Member
    Join Date
    Dec 2011
    Posts
    11
    Points
    0

    Default

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18882
    Run by Veselina Miteva at 15:50:50 on 2011-12-23
    Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.1918.936 [GMT 2:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\ProgramData\GameXN\GameXNGO.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\ProgramData\DatacardService\HWDeviceService.exe
    c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files\VIVACOM 3G USB Modem\VIVACOM 3G USB Modem.exe
    C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Launch Manager\WisLMSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Public\Documents\Symantec\NortonProtectionMemo.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
    C:\Program Files\Opera\Opera.exe
    C:\Users\Veselina Miteva\Pictures\aswMBR.exe
    C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\LiveUpd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://eu.ask.com?o=15161&l=dis
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
    TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [<NO NAME>]
    uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [GameXN (update)] "c:\programdata\gamexn\GameXNGO.exe" /u
    uRun: [GameXN (news)] "c:\programdata\gamexn\GameXNGO.exe" /n
    uRun: [GameXN] "c:\programdata\gamexn\GameXNGO.exe" /silent
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [LaunchAp] c:\program files\launch manager\LaunchAp.exe
    mRun: [HotkeyApp] c:\program files\launch manager\HotkeyApp.exe
    mRun: [LMgrVolOSD] c:\program files\launch manager\OSD.exe
    mRun: [LMgrOSD] c:\program files\launch manager\OSDCtrl.exe
    mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
    mRun: [CtrlVol] c:\program files\launch manager\CtrlVol.exe
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\veseli~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{EBDB80F2-06B3-411D-8271-F971527B06B0} : NameServer = 212.39.90.42 212.39.90.43
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: ccc-core-static - msiexec /fums {019749A1-F9BC-476C-2614-58D9ED0A6F40} /qb
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20100224.001\IDSvix86.sys [2010-2-26 286768]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-7 66616]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-8-7 90368]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-8-7 73216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-14 22216]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-8-3 38448]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-16 102448]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-8-7 102784]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2007-4-19 218112]
    .
    =============== File Associations ===============
    .
    vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    jsefile\shell\open2\command=c:\windows\system32\CScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-12-20 15:24:27 -------- d-----w- c:\windows\system32\EventProviders
    2011-12-18 12:23:23 -------- d-----w- c:\programdata\Wizard101(UK)
    2011-12-18 12:13:59 3609159 ----a-w- c:\users\veselina miteva\Wizard101_UK_20111011_3297.exe
    2011-12-18 12:10:24 338815 ----a-w- c:\users\veselina miteva\Downloader_Wizard101_uk.exe
    2011-12-18 09:43:56 365230920 ----a-w- c:\users\veselina miteva\Windows6.0-KB948465-X86.exe
    2011-12-18 09:43:36 453424 ----a-w- c:\users\veselina miteva\IE9-WindowsVista-x86-enu.exe
    2011-12-17 14:25:50 -------- d-----w- c:\programdata\SUPERSetup
    2011-12-17 11:08:10 -------- d-----w- c:\program files\ESET
    2011-12-17 11:03:59 2322184 ----a-w- c:\users\veselina miteva\esetsmartinstaller_enu.exe
    2011-12-14 13:53:49 13521328 ----a-w- c:\users\veselina miteva\SUPERAntiSpyware.exe
    2011-12-14 11:33:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-12-14 11:33:57 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-12-14 10:35:03 -------- d-----w- c:\users\veselina miteva\appdata\roaming\Malwarebytes
    2011-12-14 10:34:13 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-14 10:33:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-14 10:33:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-14 10:25:32 388096 ----a-r- c:\users\veselina miteva\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-12-14 10:25:24 -------- d-----w- c:\program files\Trend Micro
    2011-12-14 10:08:19 879649 ----a-w- c:\users\veselina miteva\SecurityCheck.exe
    2011-12-14 10:07:43 1402880 ----a-w- c:\users\veselina miteva\HiJackThis.msi
    2011-12-13 14:18:13 9852544 ----a-w- c:\users\veselina miteva\mbam-setup-1.51.2.1300.exe
    2011-12-13 14:16:05 13521488 ----a-w- c:\users\veselina miteva\SUPERAntiSpywarePro.exe
    .
    ==================== Find3M ====================
    .
    2011-11-30 15:45:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 02:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 15:53:40,10 ===============

  5. #5
    Member
    Join Date
    Dec 2011
    Posts
    11
    Points
    0

    Default

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    .
    Motherboard: FUJITSU SIEMENS | | AMILO Li 1718
    Processor: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz | U23 | 1600/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 49 GiB total, 6,77 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 0,219 GiB free.
    E: is CDROM (CDFS)
    H: is CDROM (CDFS)
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8
    AGEIA PhysX v7.03.21
    AppCore
    ATI Catalyst Install Manager
    ATI Uninstaller
    µTorrent

  6. #6
    Member
    Join Date
    Dec 2011
    Posts
    11
    Points
    0

    Default

    aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-23 11:02:20
    -----------------------------
    11:02:20.422 OS Version: Windows 6.0.6000
    11:02:20.422 Number of processors: 1 586 0xF06
    11:02:20.611 ComputerName: VESELINAMITE-PC UserName: Veselina Miteva
    11:03:38.182 Initialize success
    15:49:06.313 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:49:06.395 Disk 0 Vendor: FUJITSU_MHW2080BH 0000001C Size: 76319MB BusType: 3
    15:49:08.420 Disk 0 MBR read successfully
    15:49:08.632 Disk 0 MBR scan
    15:49:08.649 Disk 0 Windows VISTA default MBR code
    15:49:08.683 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
    15:49:08.764 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 50642 MB offset 24578048
    15:49:08.964 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11675 MB offset 128292864
    15:49:09.088 Disk 0 scanning sectors +152203264
    15:49:09.317 Disk 0 scanning C:\Windows\system32\drivers
    15:49:50.657 Service scanning
    15:50:00.944 Modules scanning
    15:51:39.408 Disk 0 trace - called modules:
    15:51:39.440 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    15:51:39.440 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x841f7790]
    15:51:39.440 3 ntoskrnl.exe[81ca80af] -> nt!IofCallDriver -> [0x83786c20]
    15:51:39.440 5 acpi.sys[8047532a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x837a88b8]
    15:51:39.440 Scan finished successfully
    17:30:14.153 Disk 0 MBR has been saved successfully to "C:\Users\Veselina Miteva\Documents\MBR.dat"
    17:30:14.211 The log file has been saved successfully to "C:\Users\Veselina Miteva\Documents\aswMBR.txt"

  7. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Can you please tell me how I can help you? Are you having malware or spyware problems?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  8. #8
    Member
    Join Date
    Dec 2011
    Posts
    11
    Points
    0

    Default

    I found registration of a website from someone else in my computer.

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    Could you please also tell me the website that you are talking about in your previous post?

    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member
    Join Date
    Dec 2011
    Posts
    11
    Points
    0

    Default

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2011-12-26 13:13:36
    Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2080BH rev.0000001C
    Running: 4ur0qguq.exe; Driver: C:\Users\VESELI~1\AppData\Local\Temp\kwxdipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 85920B68 ZwAlertResumeThread
    SSDT 85942050 ZwAlertThread
    SSDT 85731E48 ZwAllocateVirtualMemory
    SSDT 8C422EC4 ZwClose
    SSDT 857ADD40 ZwConnectPort
    SSDT 859208B8 ZwCreateMutant
    SSDT 8C422ECE ZwCreateSection
    SSDT 85938240 ZwCreateThread
    SSDT 8C422EBF ZwDuplicateObject
    SSDT 85731810 ZwFreeVirtualMemory
    SSDT 859209A8 ZwImpersonateAnonymousToken
    SSDT 85920A88 ZwImpersonateThread
    SSDT 85938968 ZwMapViewOfSection
    SSDT 859207D8 ZwOpenEvent
    SSDT 8C422E60 ZwOpenProcess
    SSDT 8533F668 ZwOpenProcessToken
    SSDT 8C422E65 ZwOpenThread
    SSDT 85942008 ZwOpenThreadToken
    SSDT 85658B60 ZwResumeThread
    SSDT 8C422ED3 ZwSetContextThread
    SSDT 85938810 ZwSetInformationProcess
    SSDT 859422F8 ZwSetInformationThread
    SSDT 859206F8 ZwSuspendProcess
    SSDT 85942158 ZwSuspendThread
    SSDT 8C422E6F ZwTerminateProcess
    SSDT 85942238 ZwTerminateThread
    SSDT 85938090 ZwUnmapViewOfSection
    SSDT 857318E0 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_alloca_probe + 60 81C55DD0 8 Bytes [68, 0B, 92, 85, 50, 20, 94, ...]
    .text ntoskrnl.exe!_alloca_probe + 74 81C55DE4 4 Bytes [48, 1E, 73, 85] {DEC EAX; PUSH DS; JAE 0xffffffffffffff89}
    .text ntoskrnl.exe!_alloca_probe + EC 81C55E5C 4 Bytes [C4, 2E, 42, 8C]
    .text ntoskrnl.exe!_alloca_probe + 104 81C55E74 4 Bytes [40, DD, 7A, 85] {INC EAX; FNSTSW [EDX-0x7b]}
    .text ntoskrnl.exe!_alloca_probe + 138 81C55EA8 4 Bytes [B8, 08, 92, 85]
    .text ...

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

Page 1 of 2 12 LastLast