CaptainBones Posted January 12, 2014 ID:776938 Share Posted January 12, 2014 Hey guys! I'm a bit new here and this will hopefully not be my only post, but i believe i have a nasty rootkit of some sort which is causing my computer to restart for some reasons. Just recently, i got minimized during a game of PAYDAY 2 from a message from windows that looked a bit like this Now, the first thing i did was Windows Key + R and typed shutdown -a to prevent the shutdown from happening, but at this point strange things were happening. I couldn't open progams up, such as Event Viewer and various things. The error i would get would seem that the shortcut to that program was corrupt or the file location no longer existed, which at this moment i knew something was going on. So, i exited PAYDAY 2, restarted my computer and googled around a bit. Apparently, i found this tool called "RogueKiller" in which i used and have a log of what it detected.(I will post this log on my next post) Also, this isn't the only time Windows will shutdown. Sometimes i will get errors about Plug and Play unexpectedly terminating and the same with the DCOM server. Please try not to consider reformatting, as i have lost the essentials to reformat my hard drive and this is a custom built computer! Only suggest when everything else has failed!! Link to post Share on other sites More sharing options...
CaptainBones Posted January 12, 2014 Author ID:776939 Share Posted January 12, 2014 RogueKiller V8.8.0 [Dec 27 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Austin [Admin rights]Mode : Scan -- Date : 01/12/2014 03:36:52| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Austin\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM003-1CH162 ATA Device +++++--- User ---[MBR] 7898cbe9fdb2fe2a3630d499c3b9fc75[bSP] 2fd3cad7c9e31f42f4daad189966a8f6 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_01122014_033652.txt >> P.S. Just trying to post this i suffered another reset due to the Power Service. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 21, 2014 Staff ID:780961 Share Posted January 21, 2014 Hello CaptainBones I would like to welcome you to the Malware Removal section of the forum. Around here they call me Gringo and I will be glad to help you with your malware problems. Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.+ Sorry we did not get to you but by replying to your own topic it made it look like someone was already helping you I would like you to run this program for me. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 24, 2014 Staff ID:782237 Share Posted January 24, 2014 Hello 48 Hour bump It has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 27, 2014 Staff ID:783358 Share Posted January 27, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts