Am I Infected? DDS And RogueKiller Logs
I do NOT use Lavasoft Ad-Aware and do NOT work for Lavasoft. Let me see if I can make this easier for future reference and less confusion by building a tool that hosts the links so there not easily confused. R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-7-2 84536] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-7-2 66616] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792] R1 If so, please attach that. http://avissoft.net/am-i/am-i-infected-dds-logs.php
Inspecting partition table: This drive is a GPT Drive. Covered by US Patent. Copy and paste the contents of that log in your next reply to this topic. I will check with Secunias Software Inspector for older versions of programs. http://www.bleepingcomputer.com/forums/t/539822/am-i-infected-dds-and-roguekiller-logs/
Thanks to both, younghv and Russell_venable, on the tag team effort. After reboot, TDSSKiller will run again. Good that it deleted all that things.
Please post the contents of that logfile with your next reply. Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights. I am thinking, rebuild another business profile on a different PC and see what happens. At this moment - no y9y9 file.
When the scan is finished and no malware has been found select "Exit". Click here to Register a free account now! In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed Any ideas?
Its still happening. It wanted to open everything! RKreport.txt could also be found on your desktop. He wanted me to run DDS. --------------------------------------------------------------------------------------------------------------------------------------------- Update 08.02.2013-10:58 a.m.
After the second MBAR scan, see if HJT still shows the Funmoods entry, if it does, I would get it fix. http://newwikipost.org/topic/TYGGuIT0a02RI4GW4pBnNHG9OgWZ5YTm/RogueKiller-scan-need-help.html But, the file would come back immediately during a reboot. ZoneAlarm Antivir + Firewall: Running activly SuperAntiSpyware: Running activly (Is this bad? The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Nuance Communications, Inc.)
Join our community for more solutions or to ask questions. http://avissoft.net/am-i/am-i-am-infected.php Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1882524988 GPT Header CurrentLba = 1 BackupLba 250069679 GPT To learn more and to read the lawsuit, click here. Click on Scan button.
If you are experiencing a similar issue, please ask a related question Suggested Solutions Title # Comments Views Activity Do I need an antivirus program in addition to Malwarebytes endpoint security except mouse and keyboard. You can not delete the file - it has a lock from some application I can't ID. check my blog Quick Tip Without meaning to, you may click a link that installs malware on your computer.
I stoped the scan because he kept scanning and scanning because i choosed to scan every single file not only .exe and .com and all files bigger than 4.MB. I attached that the Malwarebytes log from safemode. If you do need help please continue with Step 2 below. ***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply"
KO! --- LL2 --- [MBR] 6379ebb38c7d269c35494a7f021b1cdd [BSP] 59b4b0e6e755a64743055dbf20e77851 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 226125824 | Size: 300 MB ============================================
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x] R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - EraserUtilDrv11220 I don't want to infect a business network on a hint that I might have an infections via a file that seems to do nothing. Even if your computer appears to act better, it may still be infected. What is it?
Bear Attached Files attach.txt 16.25KB 165 downloads dds.txt 7.58KB 187 downloads Back to top #2 CeciliaB CeciliaB Volunteer Moderator 9646 posts Posted 08 January 2013 - 01:18 PM Hi Bear, 1. do you plan to have? I am sure you can understand my concern. http://avissoft.net/am-i/am-i-infected-help.php This will help boost your browsing experience as well.
When the scan has finished click on Clean button. It would be good to see another report of roguekiller, if you would. Double-click to run it. Any help would be greatly appreciated.
Note: You need to run the version compatibale with your system. So he used Combofix to resolve that problem because he said its caused by a trojan virus (didnt mention wich) So my question is? It appears that the hooks are still resident even though Norton AV is offline. It might be related to the laserjet Laserjet 1200 temporary files left behind.
My intentions are to not only help resolve the issue, but to help optimize the machine if at all possible. Close all open programs and internet browsers. MBAR will start.