Home > Need Help > Need Help Removing Ntrootkit-j [moved From XP]

Need Help Removing Ntrootkit-j [moved From XP]

Disconnect all network cables, printer and USB cables. I guess this could just the be the keyboard itself. SpyBot seemed to have a lot of pop ups that said there was a change in the registry where I clicked OK. HitmanPro and TDSSKiller didn't seem to find anything. navigate here

WC 0 LVL 48 Overall: Level 48 Windows XP 23 System Utilities 9 Message Active today Expert Comment by:dbrunton ID: 348279662011-02-06 Get rid of it - White Smoke Toolbar - If so, type "chkdsk /f /r", hit Y and reboot..... thisismytear, Jun 16, 2005 #10 Sponsor This thread has been Locked and is not open to further replies. Please try the request again.

I have always had AntiVir installed and I just downloaded Malwarebytes and SpyBot which I have used on other machines. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) RESULTS for COMBOFIX - Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\BearShare MediaBar\MediaBar.dll O3 - Toolbar: MSN Search

SO let me try some of these things and I will get back to everyone. WC 0 Message Active 1 day ago Author Comment by:wchirnside ID: 347827492011-02-02 NOW this message has changed to ------- Generic Host Process four Win32 services Generic Host Process four Win32 scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\j:\everest ultimate v4.20.1180\kerneld.wnt" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2674989338-2984048177-1604048373-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes Klahn LVL 24 Windows XP8 System Utilities2 shadowmantx LVL 5 now2010 paddygreenhood 103 Comments LVL 5 Overall: Level 5 Message Expert Comment by:shadowmantx ID: 347685302011-02-01 System Restore will revert the

Should I scan with Malwarebytes again at this point? Also, this site can help you ensure that your drives are configured ok, and not in PIO mode...... That was the one that complained about White Smoke. 0 Message Active 1 day ago Author Comment by:wchirnside ID: 348281202011-02-06 I am still having trouble inputting type into fields - Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Ran Malwarebytes again and three quarters through the scan a window popped up and said that it has found TR/Spy.53248.226. c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll . ((((((((((((((((((((((((( Files Created from 2011-01-07 to 2011-02-07 ))))))))))))))))))))))))))))))) . 2011-02-07 00:07 . 2011-02-07 00:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HP 2011-02-07 00:07 . 2011-02-07 is in "classic start menu". problems[moved from xp] This is a discussion on problems[moved from xp] within the Inactive Malware Help Topics forums, part of the Tech Support Forum category.

Post those too. 0 Message Active 1 day ago Author Comment by:wchirnside ID: 348259292011-02-06 Did Control-V into MS Paint and nothing showed up. That seems to be responsible for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) 0 Message Active 1 day ago Author Comment by:wchirnside ID: 348279172011-02-06 I put the IAHide5 file If you are using Daylight Saving time, the displayed time will be exactly one hour earlier. I couldn't get the machine to shut down so I unplugged it.

Yes, my password is: Forgot your password? check over here If it finds stuff note the file and folder it is in and post here. AV: Avira AntiVir PersonalEdition Classic v 6.38.1.13 (Avira GmbH) AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Outdated AV: Avira AntiVir PersonalEdition v 6.39.0.116 (Avira GmbH) Disabled AV: Avira AntiVir PersonalEdition Using the site is easy and fun.

See what that does. 0 LVL 11 Overall: Level 11 Windows XP 9 System Utilities 2 Message Expert Comment by:ocanada_techguy ID: 348115642011-02-04 Oh, you might want to be using a Could very well be the reason why you are running this slow, as you dont have enough resources..... AutoRuns http://live.sysinternals.com/autoruns.exe Run through this, and save it, as a .arn file, and attach here please..... his comment is here Ran TDSS Killer again.

This functionality can be set by tweaking the registry for all version of Windows.11. Perform the following steps in safe mode: * Now run Ewido: * Click on scanner * Put a check by the following before you scan: o Binder o Crypter o Archives WC 0 Message Active 1 day ago Author Comment by:wchirnside ID: 347808902011-02-02 Also, just so everyone out there knows, I do not pay any attention to the "hoaxes" so I

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop

It does no good if your AV is not always up-to-date. Back to top #5 maverick143 maverick143 Topic Starter Members 4 posts OFFLINE Local time:10:50 AM Posted 06 July 2006 - 11:57 AM now the popup is not coming does this At the bottom of the MFU list is the More Programs menu, which displays other programs that are installed. c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\windows\eHome\ehmsas.exe

You should download Malwarebytes and scan with the latest update. It just sat there and was ready to use as an extra which is what we are doing now. Additional selections include specifying the items to display on the Start menu, setting submenus to open when the mouse is paused on them, and clearing the list of recently used programs, weblink One anti-virus doesn't necessarily get all of the bugs.

The McAfee VirusScan window keeps popping up and I can't seem to get rid of it. Therefore the shortcut is removed from the Start menu for all users, and the new shortcut is accessible only for the user who originally moved it.Warning: Windows XP Creates a Folder Thanks, WC 0 LVL 48 Overall: Level 48 Windows XP 23 System Utilities 9 Message Active today Expert Comment by:dbrunton ID: 348262232011-02-06 Ignore Spybot's results. have hijack this fix this one to.

In addition, when making changes by editing the registry directly, you might need to log off and log on again, restart an applicable service, or restart Windows.a. You can also perfrom this procedure from Windows Recovery Console. How to boot to safe mode http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam How to show hidden files in Windows http://service1.symantec.com/SUPPOR...Virus Corporate Edition&ver=8.x&osv=&osv_lvl= Because XP will not always show you hidden files and folders by default, Go How do you change/add/delete program groups in the Start/Programs list on his Dell??Dell adds it's own functions to the XP OS.

You'll want to create your folders that you are going to sort shortcuts into from your actual Start Menu (the one that opens when you click the start button) here.Now... I don't know if that is the actual virus or if it is a necessary program for my computer that I shouldn't delete. Generated Mon, 16 Jan 2017 15:49:18 GMT by s_hp81 (squid/3.5.20) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.10/ Connection Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?

Unless the message window is from the AV and NOT a "browser" window, and believe me the bad guys do try their best to make those pop-ups "look" authentic so have Manually restoring infected drivers To manually restore an infected driver it is necessary to restart the computer and run the Windows Recovery Console. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee