Home > Need Help > Need Help On Rookit >.< I Think - Logs Included :D -

Need Help On Rookit >.< I Think - Logs Included :D -

Using the site is easy and fun. This is the only book to discuss reverse engineering for Linux or Windows CE. c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . Discussion in 'Malware Removal Assistance' started by pneuma1985, Aug 22, 2016.

The logs that you post should be pasted directly into the reply. Computerworld's award-winning Web site (Computerworld.com), twice-monthly publication, focused conference series and custom research form the hub of the world's largest global IT media network. uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] gupdate;Google Update Service (gupdate) S?

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged is infected!! . . ((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 ))))))))))))))))))))))))))))))) . . 2011-04-06 16:26 . 2002-07-19 09:50 153088 ----a-w- c:\program files\xerox\nwwia\SpellForce\UNWISE.EXE 2011-04-06 16:18 . 2011-04-06 16:21 -------- d-----w- c:\documents I am the only person that gets on this computer.

NGClient;Symantec Ghost Win32 Client Agent . =============== Created Last 30 ================ . 2011-04-04 14:34:38 40648 ----a-w- c:\windows\avastSS.scr 2011-04-04 14:34:32 -------- d-----w- c:\program files\AVAST Software 2011-04-04 14:34:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software 2011-04-04 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\services.exe [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a

We are working every day to make sure our community is one of the best. c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . GhMon;GhostMountMonitor - Boot Phase Driver S? Please help Trillion thanks Zack PS.

All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs Rootkit Trouble -- I think I'm almost there ...! C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork Thomas (“Tweeks”) Weeks holds a BS-EET/Telecom degree from Texas A& M, has worked for several large government and IT/security contractors in the positions of Test and Integration lab coordinator and general c:\windows\$NtUninstallKB956572_0$\rpcss.dll . [-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . .

I'm hoping someone can take a look at my logs to see if there's anything else I should be getting rid of. I think I may have a Severe Virus, Trojan or Rootkit.. c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . Oh and I believe it is also messing with my Policies and forcing programs to run to get me to click things....

Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close Try the command F:\ComboFix.exe /u Share this post Link to post Share on other sites miekiemoes    Forum Deity Moderators 8,347 posts Location: Belgium ID: 5   Posted July 7, 2009 c:\windows\system32\drivers\null.sys . [-] 2008-06-20 . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . .

AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your As always you are the man thank you. #3 pneuma1985, Aug 23, 2016 (You must log in or sign up to post here.) Show Ignored Content Loading... Select continue or yes.

c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . His work with AT& T included an 8-year run with Bell Laboratories and UNIX System Laboratories, where he worked directly with the developers of the UNIX System V operating system. Do not start a new topic.

So I decided not to zero write the drive out.

EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . He has been working with Rackspace Managed Hosting since 1999 in the roles of Sys-Admin, Corporate Technical Trainer, and has acted as liaison between customer support/security/product/engineering departments. I may take a while to respond im busy at the moment :/. c:\windows\system32\winlogon.exe [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . .

c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump Please help. http://magicnewspaper.com/need-help/need-help-desperately-hjt-logs-included.html A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . .

C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Symantec\Ghost\ngctw32.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Please re-enable javascript to access full functionality. You'd better find out, right? When finished, it will produce a report for you.

c:\windows\system32\netman.dll [-] 2004-08-04 . regards, Elise "Now faith is the substance of things hoped for, the evidence of things not seen." Follow BleepingComputer on: Facebook | Twitter | Google+| lockerdome Malware analyst @