Home > Need Help > Need Help On Rookit >.< I Think - Logs Included :D -

Need Help On Rookit >.< I Think - Logs Included :D -

The power of accurate observation is commonly called cynicism by those who haven't got it.--George Bernard Shaw Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) A cofounder of Winternals, he joined Microsoft when the company was acquired in 2006. If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump http://apksoftware.com/need-help/need-help-hjt-logs-included.html

c:\windows\system32\winlogon.exe [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a So I decided not to zero write the drive out. It's often scary, and never comforting.

I recently obtained a 2tb backup plus seagate drive off a friend I formatted it, but I didn't DBAN it so it could potentially be infected given what HMPA shows and I'm not exactly sure how HMPA exploit mitigation works whether it embeds itself into the kernel or what. Share this post Link to post Share on other sites miekiemoes    Forum Deity Moderators 8,347 posts Location: Belgium ID: 4   Posted June 25, 2009 I already see now...Running from:

so, this Topic is closed.If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. To keep your computer safe, only click links and downloads from sites that you trust. Once again thank you very very very very much - your help is greatly appreciated. c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . .

Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. Newer Than: Search this thread only Search this forum only Display results as threads More... Sign in to follow this Followers 0 Rootkit Trouble -- I think I'm almost there ...! You'd better find out, right?

c:\windows\$NtServicePackUninstall$\winlogon.exe . [-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\system32\comres.dll [-] 2004-08-04 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . Sign in to follow this Followers 0 Go To Topic Listing Resolved Malware Removal Logs Recently Browsing 0 members No registered users viewing this page. Steps taken in order to remove the infection: Umm none so far I was waiting on the specialist to help me remove the possible rootkit b/c I'm not even sure it

Run the scan, enable your A/V and reconnect to the internet. c:\windows\$NtServicePackUninstall$\comres.dll . [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . In doing so, the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented. This book covers more topics, in greater depth, than any other currently available.

Error code: 2S136/C Contact Us Existing user? this contact form Service C:\WINDOWS\System32\svchost (*** hidden *** ) [MANUAL] TermService <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- ALL HELP WILL BE GREATLY APPRECIATED AND A TRILLION THANKS FOR ALL WHO HELP It is essential we always use the latest version. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your

Preview this book » What people are saying-Write a reviewWe haven't found any reviews in the usual places.Selected pagesTitle PageReferencesOther editions - View allRogue Code: A Jeff Aiken NovelMark RussinovichNo preview c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . Discussion in 'Malware Removal Assistance' started by pneuma1985, Aug 22, 2016. http://apksoftware.com/need-help/need-help-logs-included.html c:\windows\$NtServicePackUninstall$\atapi.sys . [-] 2008-04-13 .

c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . Also these things on Hijackthis seem to not go away when I fix them Could this be linked with the Malware, Thanks ill check back in 30 Minutes Logfile of Trend c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [-] 2008-04-14 .

c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . .

c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . Accused of grand larceny, he must find and expose the criminals behind the theft, not just to prove his innocence but to stop a multibillion-dollar heist that could upend the U.S. c:\windows\system32\drivers\beep.sys . [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe [-] 2008-04-14 .

It seems like no matter what I do or search on this computer I run into A LOT of "remote access this, remote access that" kind of items. Please tell us if it has cured the problems or if there are any outstanding issues dvk01, Apr 4, 2011 #2 BANGYOWDED Thread Starter Joined: Dec 12, 2010 Messages: 13 is infected!! . . ((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 ))))))))))))))))))))))))))))))) . . 2011-04-06 16:26 . 2002-07-19 09:50 153088 ----a-w- c:\program files\xerox\nwwia\SpellForce\UNWISE.EXE 2011-04-06 16:18 . 2011-04-06 16:21 -------- d-----w- c:\documents Check This Out c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-04 .

Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes He has spent the last 10 years performing R & D on enterprise middleware, implementing distributed computing software, and working with security protocols. regards, Elise "Now faith is the substance of things hoped for, the evidence of things not seen." Follow BleepingComputer on: Facebook | Twitter | Google+| lockerdome Malware analyst @ NGClient;Symantec Ghost Win32 Client Agent . =============== Created Last 30 ================ . 2011-04-04 14:34:38 40648 ----a-w- c:\windows\avastSS.scr 2011-04-04 14:34:32 -------- d-----w- c:\program files\AVAST Software 2011-04-04 14:34:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software 2011-04-04

Thomas (“Tweeks”) Weeks holds a BS-EET/Telecom degree from Texas A& M, has worked for several large government and IT/security contractors in the positions of Test and Integration lab coordinator and general Sign Up now, and get free malware removal support. c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . .

c:\windows\system32\bits\qmgr.dll [-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . mWinlogon: Userinit=userinit.exe uRun: [Google Update] "C:\Users\V\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun uPolicies-explorer: NoInplaceSharing = 1 (0x1) mPolicies-explorer: NoActiveDesktop Yet for some reason, they have allowed the hackers to steal millions of dollars from accounts without trying to stop the theft.When Jeff uncovers the crime, the NYSE suddenly turns on I posted a new Topic here "http://www.bleepingcomputer.com/forums/topic416085.html/page__pid__2385553#entry2385553" for the computer that I currently have and having issues with as well.

c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . I don't see anything suspicious in your logs anymore.* Go to start > run and copy and paste next command in the field:ComboFix /uMake sure there's a space between Combofix and c:\windows\$NtUninstallKB2296011$\comctl32.dll [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . .

Using the site is easy and fun. c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . Helpful Links Meet the Staff Team Our Community Guidelines We Use Cookies Trophies And Levels Open the Quick Navigation Need Malware Removal Help? c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . .

A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver R? DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 17:18:31.45 on 04/04/2011 Internet Explorer: 8.0.6001.18702 . ============== Running Processes =============== .