WiredWX Hobby Weather ToolsLog in

 


Rootkit.access

2 posters

descriptionRootkit.access EmptyRootkit.access20th May 2012, 4:36 am

more_horiz
Hello again, seems like im infected with a rootkit.

Can u help me take it out?

descriptionRootkit.access EmptyRe: Rootkit.access20th May 2012, 6:15 am

more_horiz
Run this tool first please:



  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

    • Download Win32kDiag (Win32kDiag.exe) - #1
    • Download Win32kDiag (Win32kDiag.exe) - #2
    • Download Win32kDiag (Win32kDiag.exe) - #3

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

    • descriptionRootkit.access EmptyRe: Rootkit.access20th May 2012, 9:57 pm

    more_horiz
    Running from: C:\Users\Deborah\Desktop\Win32kDiag.exe

    Log file at : C:\Users\Deborah\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\Windows'...



    Cannot access: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspF645.tmp

    [1] 2010-06-28 05:25:30 81 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspF645.tmp ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

    [1] 2012-05-20 17:18:28 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

    [1] 2012-05-20 17:18:12 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

    [1] 2012-05-20 17:18:21 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

    [1] 2012-05-20 17:18:21 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



    Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl

    [1] 2012-05-20 17:18:17 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl ()





    Finished!

    descriptionRootkit.access EmptyRe: Rootkit.access21st May 2012, 3:11 pm

    more_horiz
    Please visit this webpage for a tutorial on downloading and running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    See the area: Using ComboFix, and when done, post the log back here.

    descriptionRootkit.access EmptyRe: Rootkit.access

    more_horiz
    privacy_tip Permissions in this forum:
    You cannot reply to topics in this forum