Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicks, beeps and pop-ups... it's bad!


  • Please log in to reply
7 replies to this topic

#1 low98gmc

low98gmc

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 10 August 2011 - 05:47 PM

About a week ago my laptop running WinXP Media Center had an issue with 'Blank Window2 Hello4' - I was not able to run any programs or get onto the internet. Unfortunately not knowing what I know now, I ran ComboFix without any guidance. At this point the computer does run a few programs and I can get on the internet.

I've run Malware in all modes and can't seem to fix my issues. At this point I'm getting clicking sounds, beeps and pop-ups from IE. During shut down, I am prompted with ending 'Hello4' as well still.

Can anyone please help me with this issue? Thanks in advance!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:55 PM

Posted 10 August 2011 - 08:18 PM

Hello and welcome.


Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


>>>
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 low98gmc

low98gmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 10 August 2011 - 10:56 PM

Thanks for the help! I've downloaded and run TDSSKiller, attached you'll find the log.

However at this point I'm not able to run MBAM - an error message pops up "Windows can not access the path... you do not have permission"

2011/08/10 22:38:48.0625 3240	TDSS rootkit removing tool 2.5.14.0 Aug  5 2011 16:09:29
2011/08/10 22:38:48.0984 3240	================================================================================
2011/08/10 22:38:48.0984 3240	SystemInfo:
2011/08/10 22:38:48.0984 3240	
2011/08/10 22:38:48.0984 3240	OS Version: 5.1.2600 ServicePack: 2.0
2011/08/10 22:38:48.0984 3240	Product type: Workstation
2011/08/10 22:38:48.0984 3240	ComputerName: LAPPY
2011/08/10 22:38:48.0984 3240	UserName: Owner
2011/08/10 22:38:48.0984 3240	Windows directory: C:\WINDOWS
2011/08/10 22:38:48.0984 3240	System windows directory: C:\WINDOWS
2011/08/10 22:38:48.0984 3240	Processor architecture: Intel x86
2011/08/10 22:38:48.0984 3240	Number of processors: 2
2011/08/10 22:38:48.0984 3240	Page size: 0x1000
2011/08/10 22:38:48.0984 3240	Boot type: Normal boot
2011/08/10 22:38:48.0984 3240	================================================================================
2011/08/10 22:38:51.0062 3240	Initialize success
2011/08/10 22:38:52.0546 3348	================================================================================
2011/08/10 22:38:52.0546 3348	Scan started
2011/08/10 22:38:52.0546 3348	Mode: Manual; 
2011/08/10 22:38:52.0546 3348	================================================================================
2011/08/10 22:38:54.0015 3348	435b45a9        (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\2839894851:3164912214.exe
2011/08/10 22:38:54.0500 3348	Suspicious file (Hidden): C:\WINDOWS\2839894851:3164912214.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/08/10 22:38:54.0531 3348	435b45a9 - detected HiddenFile.Multi.Generic (1)
2011/08/10 22:38:54.0765 3348	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/10 22:38:54.0828 3348	ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/10 22:38:54.0859 3348	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/10 22:38:54.0906 3348	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/10 22:38:55.0000 3348	aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/08/10 22:38:55.0093 3348	AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/08/10 22:38:55.0218 3348	agp440          (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/10 22:38:55.0250 3348	agpCPQ          (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/10 22:38:55.0328 3348	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/10 22:38:55.0390 3348	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/10 22:38:55.0421 3348	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/10 22:38:55.0484 3348	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/10 22:38:55.0515 3348	alim1541        (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/10 22:38:55.0546 3348	amdagp          (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/10 22:38:55.0625 3348	AmdK8           (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/10 22:38:55.0640 3348	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/10 22:38:55.0687 3348	Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/10 22:38:55.0953 3348	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/10 22:38:56.0125 3348	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/10 22:38:56.0171 3348	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/10 22:38:56.0328 3348	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/10 22:38:56.0359 3348	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/10 22:38:56.0531 3348	ati2mtag        (dd222ce49e79f15d2312a5e1f42e716e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/10 22:38:56.0593 3348	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/10 22:38:56.0640 3348	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/10 22:38:56.0750 3348	BCM43XX         (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/10 22:38:56.0812 3348	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/10 22:38:57.0125 3348	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/10 22:38:57.0171 3348	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/10 22:38:57.0203 3348	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/10 22:38:57.0218 3348	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/10 22:38:57.0265 3348	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/10 22:38:57.0328 3348	Cdr4_xp         (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/08/10 22:38:57.0359 3348	Cdralw2k        (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/08/10 22:38:57.0390 3348	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/10 22:38:57.0484 3348	CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/10 22:38:57.0515 3348	CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/10 22:38:57.0546 3348	Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/10 22:38:57.0609 3348	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/10 22:38:57.0656 3348	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/10 22:38:57.0703 3348	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/10 22:38:57.0734 3348	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/10 22:38:57.0796 3348	dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/10 22:38:57.0906 3348	dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/10 22:38:57.0953 3348	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/10 22:38:58.0062 3348	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/10 22:38:58.0140 3348	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/10 22:38:58.0156 3348	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/10 22:38:58.0218 3348	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/10 22:38:58.0265 3348	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/10 22:38:58.0296 3348	Fips            (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/10 22:38:58.0312 3348	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/10 22:38:58.0390 3348	FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/10 22:38:58.0437 3348	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/10 22:38:58.0468 3348	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/10 22:38:58.0546 3348	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/10 22:38:58.0593 3348	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/10 22:38:58.0640 3348	HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/10 22:38:58.0703 3348	HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/10 22:38:58.0765 3348	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/10 22:38:58.0828 3348	HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/10 22:38:58.0921 3348	HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/10 22:38:58.0984 3348	HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/10 22:38:59.0078 3348	HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/10 22:38:59.0171 3348	i2omgmt         (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/10 22:38:59.0218 3348	i2omp           (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/10 22:38:59.0296 3348	i8042prt        (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/10 22:38:59.0421 3348	iaStor          (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
2011/08/10 22:38:59.0515 3348	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/10 22:38:59.0562 3348	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/10 22:38:59.0609 3348	IntelIde        (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/10 22:38:59.0671 3348	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/10 22:38:59.0750 3348	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/10 22:38:59.0781 3348	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/10 22:38:59.0843 3348	IpNat           (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/10 22:38:59.0875 3348	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/10 22:38:59.0937 3348	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/10 22:38:59.0968 3348	isapnp          (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/10 22:39:00.0015 3348	Kbdclass        (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/10 22:39:00.0093 3348	kbdhid          (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/10 22:39:00.0171 3348	kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/10 22:39:00.0250 3348	KSecDD          (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/10 22:39:00.0406 3348	MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/08/10 22:39:00.0468 3348	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/10 22:39:00.0500 3348	Modem           (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/10 22:39:00.0546 3348	Mouclass        (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/10 22:39:00.0609 3348	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/10 22:39:00.0625 3348	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/10 22:39:00.0671 3348	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/10 22:39:00.0718 3348	MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/10 22:39:00.0828 3348	MRxSmb          (66bfbc684a3e53d4b39af28cf9366395) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/10 22:39:00.0843 3348	MRxSmb - detected Rootkit.Win32.ZAccess.c (0)
2011/08/10 22:39:00.0859 3348	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/10 22:39:01.0015 3348	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/10 22:39:01.0078 3348	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/10 22:39:01.0109 3348	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/10 22:39:01.0156 3348	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/10 22:39:01.0187 3348	Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/10 22:39:01.0234 3348	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/10 22:39:01.0265 3348	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/10 22:39:01.0328 3348	Ndisuio         (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/10 22:39:01.0421 3348	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/10 22:39:01.0468 3348	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/10 22:39:01.0531 3348	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/10 22:39:01.0578 3348	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/10 22:39:01.0718 3348	NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/10 22:39:01.0765 3348	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/10 22:39:01.0890 3348	Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/10 22:39:02.0062 3348	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/10 22:39:02.0109 3348	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/10 22:39:02.0156 3348	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/10 22:39:02.0187 3348	ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/10 22:39:02.0265 3348	Parport         (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/10 22:39:02.0296 3348	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/10 22:39:02.0359 3348	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/10 22:39:02.0390 3348	PCI             (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/10 22:39:02.0453 3348	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/10 22:39:02.0484 3348	Pcmcia          (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/10 22:39:02.0578 3348	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/10 22:39:02.0593 3348	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/10 22:39:02.0671 3348	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/10 22:39:02.0718 3348	Processor       (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/10 22:39:02.0734 3348	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/10 22:39:02.0765 3348	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/10 22:39:02.0828 3348	PxHelp20        (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/10 22:39:02.0968 3348	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/10 22:39:03.0000 3348	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/10 22:39:03.0015 3348	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/10 22:39:03.0031 3348	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/10 22:39:03.0093 3348	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/10 22:39:03.0156 3348	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/10 22:39:03.0203 3348	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/10 22:39:03.0250 3348	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/10 22:39:03.0265 3348	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/10 22:39:03.0296 3348	Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/10 22:39:03.0328 3348	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/10 22:39:03.0375 3348	rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/10 22:39:03.0437 3348	RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/10 22:39:03.0578 3348	redbook         (a206ad651a6ee59abae178736d314edc) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/10 22:39:03.0578 3348	redbook - detected Rootkit.Win32.ZAccess.c (0)
2011/08/10 22:39:03.0703 3348	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/10 22:39:03.0718 3348	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/10 22:39:03.0796 3348	sdbus           (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/10 22:39:03.0843 3348	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/10 22:39:03.0890 3348	Serial          (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/10 22:39:04.0046 3348	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/10 22:39:04.0140 3348	sisagp          (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/10 22:39:04.0296 3348	smserial        (78da3038965de2b3834303dfb0578326) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/08/10 22:39:04.0500 3348	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/10 22:39:04.0546 3348	splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/10 22:39:04.0593 3348	sr              (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/10 22:39:04.0687 3348	Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/10 22:39:04.0875 3348	STHDA           (3b24ada55d3bdfdc0e6679d15fa668d8) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/10 22:39:05.0062 3348	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/10 22:39:05.0156 3348	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/10 22:39:05.0218 3348	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/10 22:39:05.0250 3348	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/10 22:39:05.0281 3348	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/10 22:39:05.0312 3348	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/10 22:39:05.0453 3348	SynTP           (b769710846d690adb6d25ed9329d5db7) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/10 22:39:05.0578 3348	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/10 22:39:05.0687 3348	Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/10 22:39:05.0734 3348	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/10 22:39:05.0750 3348	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/10 22:39:05.0796 3348	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/10 22:39:05.0812 3348	tifm21          (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/08/10 22:39:05.0859 3348	TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/10 22:39:05.0890 3348	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/10 22:39:05.0906 3348	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/10 22:39:05.0984 3348	Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/10 22:39:06.0046 3348	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/10 22:39:06.0171 3348	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/10 22:39:06.0234 3348	usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/10 22:39:06.0281 3348	usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/10 22:39:06.0359 3348	usbohci         (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/10 22:39:06.0406 3348	usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/10 22:39:06.0484 3348	usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/10 22:39:06.0578 3348	usbstor         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/10 22:39:06.0671 3348	usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/10 22:39:06.0718 3348	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/10 22:39:06.0750 3348	viaagp          (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/10 22:39:06.0765 3348	ViaIde          (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/10 22:39:06.0796 3348	VolSnap         (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/10 22:39:06.0843 3348	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/10 22:39:06.0906 3348	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/08/10 22:39:07.0031 3348	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/10 22:39:07.0218 3348	wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/10 22:39:07.0359 3348	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/10 22:39:07.0406 3348	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/10 22:39:07.0531 3348	yukonwxp        (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/08/10 22:39:07.0578 3348	MBR (0x1B8)     (a2a0c6ca4dfd2fb81772487aa7e9c2e8) \Device\Harddisk0\DR0
2011/08/10 22:39:07.0578 3348	\Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/10 22:39:07.0609 3348	Boot (0x1200)   (b2b9e6acc904b4d2cea2641828407a19) \Device\Harddisk0\DR0\Partition0
2011/08/10 22:39:07.0625 3348	Boot (0x1200)   (ac47426309139cad20d4afae9fc4c87a) \Device\Harddisk0\DR0\Partition1
2011/08/10 22:39:07.0625 3348	================================================================================
2011/08/10 22:39:07.0625 3348	Scan finished
2011/08/10 22:39:07.0625 3348	================================================================================
2011/08/10 22:39:07.0656 2080	Detected object count: 4
2011/08/10 22:39:07.0656 2080	Actual detected object count: 4
2011/08/10 22:39:29.0500 2080	HiddenFile.Multi.Generic(435b45a9) - User select action: Skip 
2011/08/10 22:39:29.0687 2080	MRxSmb          (66bfbc684a3e53d4b39af28cf9366395) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/10 22:39:29.0687 2080	VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\mrxsmb.sys) error 1813
2011/08/10 22:39:31.0234 2080	Backup copy found, using it..
2011/08/10 22:39:31.0265 2080	C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured after reboot
2011/08/10 22:39:31.0265 2080	Rootkit.Win32.ZAccess.c(MRxSmb) - User select action: Cure 
2011/08/10 22:39:31.0406 2080	redbook         (a206ad651a6ee59abae178736d314edc) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/10 22:39:31.0406 2080	VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813
2011/08/10 22:39:33.0953 2080	Backup copy found, using it..
2011/08/10 22:39:33.0984 2080	C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot
2011/08/10 22:39:33.0984 2080	Rootkit.Win32.ZAccess.c(redbook) - User select action: Cure 
2011/08/10 22:39:34.0015 2080	\Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/10 22:39:34.0015 2080	\Device\Harddisk0\DR0 - ok
2011/08/10 22:39:34.0015 2080	Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:55 PM

Posted 11 August 2011 - 11:41 AM

Download This File
Save it next to mbam.exe (this file is located in the Malwarebytes Anti-malware home folder). Once done, drag and drop mbam.exe into Inherit.exe. Click OK and attempt to run Malwarebytes Anti-malware once again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 low98gmc

low98gmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 11 August 2011 - 06:08 PM

Thanks for the continued help.

After dropping mbam.exe into Inherit.exe, MBAM does run after this, however it only runs for 5 seconds before it closes down..

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:55 PM

Posted 11 August 2011 - 06:44 PM

You're welcome..

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 low98gmc

low98gmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 11 August 2011 - 10:33 PM

Once again MBAM would only run for 5 or so seconds before closing down.

I went ahead and ran ESET regardless, attached is the log from that.

C:\Documents and Settings\All Users\Application Data\VT1BPG33.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Owner.Lappy\Local Settings\temp\hki161.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Owner.Lappy\Local Settings\temp\hki169.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Owner.Lappy\Local Settings\temp\hki170.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Owner.Lappy\My Documents\Downloads\winzip155.exe	Win32/OpenCandy application	deleted - quarantined
C:\Documents and Settings\Owner.Lappy\My Documents\My Music\music files\Black Kids - Hurricane Jane.wma	WMA/TrojanDownloader.GetCodec.B trojan	cleaned by deleting - quarantined
C:\Documents and Settings\Owner.Lappy\My Documents\My Music\music files\Hilltop Hoods - An Audience with the Devil.mp3	a variant of WMA/TrojanDownloader.GetCodec.gen trojan	cleaned - quarantined
C:\Program Files\Bonjour\mDNSResponder.exe	Win32/Patched.HN trojan	error while cleaning
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe	Win32/Patched.HN trojan	error while cleaning
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS	Win32/Patched.HN trojan	error while cleaning
C:\Program Files\Internet Explorer\iexplore.exe	Win32/Patched.HN trojan	cleaned - quarantined
C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe	Win32/Patched.HN trojan	error while cleaning
C:\Qoobox\Quarantine\C\Documents and Settings\Owner.Lappy\Local Settings\Application Data\mbi.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\ATI Technologies\ATI.ACE\cli.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Google\Google Desktop Search\GoogleDesktop.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Lexmark Pro200-S500 Series\ezprint.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Malwarebytes' Anti-Malware\mbam.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Motorola\SMSERIAL\sm56hlpr.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Synaptics\SynTP\SynTPEnh.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Synaptics\SynTP\SynTPLpr.exe.vir	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP49\A0030978.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP49\A0030981.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP49\A0030982.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP49\A0030983.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP49\A0030984.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP49\A0030985.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP49\A0030986.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP49\A0030987.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP50\A0031164.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP50\A0031165.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP50\A0031166.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP50\A0031167.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP50\A0031168.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP50\A0031262.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP51\A0032259.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0034258.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0035272.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0035284.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0035285.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0035299.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0035300.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0036299.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0036300.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0036306.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0037299.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0037300.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0037305.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0037309.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0037310.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0038309.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0038310.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0038311.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0039309.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0039310.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0041320.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0041321.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0041322.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0042320.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0042321.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0043320.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0043321.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP52\A0043341.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0043365.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0043366.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0043371.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0043375.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0043376.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0043383.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0043384.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0043385.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0044383.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0044384.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0044402.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0044403.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0044413.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0044414.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0044421.sys	a variant of Win32/Sirefef.CO trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0044422.ini	a variant of Win32/Sirefef.CH trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0044428.exe	a variant of Win32/Kryptik.QGA trojan	cleaned by deleting - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP53\A0044429.exe	Win32/Patched.HN trojan	cleaned - quarantined



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:55 PM

Posted 12 August 2011 - 08:38 AM

Hello, there are some issues removing malware I see and I think ComboFix killed MBAM.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include your ComboFix log as it is needed.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users