Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacked browsers/denied permission for programs


  • This topic is locked This topic is locked
17 replies to this topic

#1 wolf316

wolf316

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 27 August 2011 - 10:55 AM

Recently my laptop got hit with a virus that hijacks all browsers, taking them to ad pages. Also when I try running programs like MBytes,HJT, and Spybot I get a message saying "cannot locate path, device. you may not have permission". I tried in safe mode, same issue. I also ran Mbytes and Spybot off of usb flash drive but after a few seconds of scanning, they close.(unable to run HJT from usb). Any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 27 August 2011 - 11:02 AM

Hello, Use this fix, when you see a box that states “Windows cannot not access the specified device, path, or file. You may have inappropriate permissions to access the item”.

Download This File
Save it next to mbam.exe (this file is located in the Malwarebytes Anti-malware home folder). Once done, drag and drop mbam.exe into Inherit.exe. Click OK and attempt to run Malwarebytes Anti-malware once again.

Post the MBAM log
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

DO NOT post an HJT log here if needed we will ask for it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 wolf316

wolf316
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 27 August 2011 - 11:33 AM

I added the file. I still got the pop up when trying to load from desktop (mbytes icon is white) but was able to load from start up menu. unfortunately Mbytes closed as soon as I clicked scan. Also my firewall popped up asking to allow/block. I tried the one on usb, same thing. closes once scan begins

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 27 August 2011 - 12:13 PM

Try from Safe mode. Select Safe w Netorking in case you need to download.

How to start Windows in Safe Mode

If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

I may lose power here as I am in the path of Irene.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 wolf316

wolf316
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 27 August 2011 - 12:49 PM

I reinstalled, added file from above. it ran. as soon as scan started, MBAM closed. that seems the biggest issue, is getting it to scan with out closing. Also, while I was on, I noticed a new process with a whole bunch of numbers. it's exe and can't be killed. and np, I can leave laptop off.

here's a screen shot of the process

http://i493.photobucket.com/albums/rr298/mysticwolf613/pcfix1.jpg

also my browser has a toolbar that doesn't show up in add/remove programs. I googled it and it sais its a virus.
It's called white smoke translator toolbar.

thank you

Edited by wolf316, 27 August 2011 - 02:36 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 27 August 2011 - 02:55 PM

Hello again, Try this...
That's definately a malware.

This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.

FixNCR.reg

insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Now try MBAM again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 wolf316

wolf316
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 27 August 2011 - 03:36 PM

I ran TDSSKiller and 3 issues popped up. 1 allowed me to cure the other 2 wouldn't. I instead changed their options to delete upon reboot. After reboot, the issue that was able to set to cure was gone but the other two still remain. This time the one issue, Rootkit.Win32.ZAccess.c gave the option, which I set it to cure, rebooted. Ran scan again and still there. The other issue, is hidden. I'll include a screen shot.

http://i493.photobucket.com/albums/rr298/mysticwolf613/tdsskiller1.jpg

also, here is the TDSSKiller log.

2011/08/27 16:11:45.0593 1156 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/27 16:11:46.0015 1156 ================================================================================
2011/08/27 16:11:46.0015 1156 SystemInfo:
2011/08/27 16:11:46.0015 1156
2011/08/27 16:11:46.0015 1156 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/27 16:11:46.0015 1156 Product type: Workstation
2011/08/27 16:11:46.0015 1156 ComputerName: CUSTOMER-F6F104
2011/08/27 16:11:46.0015 1156 UserName: Customer
2011/08/27 16:11:46.0015 1156 Windows directory: C:\WINDOWS
2011/08/27 16:11:46.0015 1156 System windows directory: C:\WINDOWS
2011/08/27 16:11:46.0015 1156 Processor architecture: Intel x86
2011/08/27 16:11:46.0015 1156 Number of processors: 2
2011/08/27 16:11:46.0015 1156 Page size: 0x1000
2011/08/27 16:11:46.0015 1156 Boot type: Normal boot
2011/08/27 16:11:46.0015 1156 ================================================================================
2011/08/27 16:11:47.0234 1156 Initialize success
2011/08/27 16:11:52.0000 4016 ================================================================================
2011/08/27 16:11:52.0000 4016 Scan started
2011/08/27 16:11:52.0000 4016 Mode: Manual;
2011/08/27 16:11:52.0000 4016 ================================================================================
2011/08/27 16:11:52.0984 4016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/27 16:11:53.0031 4016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/27 16:11:53.0156 4016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/27 16:11:53.0218 4016 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/27 16:11:53.0375 4016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/27 16:11:53.0406 4016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/27 16:11:53.0468 4016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/27 16:11:53.0531 4016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/27 16:11:53.0625 4016 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/08/27 16:11:53.0703 4016 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/27 16:11:53.0750 4016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/27 16:11:53.0812 4016 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/08/27 16:11:53.0843 4016 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/08/27 16:11:53.0890 4016 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/08/27 16:11:53.0968 4016 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/08/27 16:11:54.0000 4016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/27 16:11:54.0093 4016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/27 16:11:54.0140 4016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/27 16:11:54.0171 4016 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/27 16:11:54.0187 4016 Suspicious service (NoAccess): cjaxed
2011/08/27 16:11:54.0265 4016 cjaxed (80c6af4f948d4168fc90da1a6f4b6924) C:\WINDOWS\system32\drivers\cjaxed.sys
2011/08/27 16:11:54.0265 4016 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\cjaxed.sys. md5: 80c6af4f948d4168fc90da1a6f4b6924
2011/08/27 16:11:54.0265 4016 cjaxed - detected LockedService.Multi.Generic (1)
2011/08/27 16:11:54.0296 4016 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/27 16:11:54.0343 4016 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/27 16:11:54.0406 4016 d725594c (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1280910807:685418163.exe
2011/08/27 16:11:56.0656 4016 Suspicious file (Hidden): C:\WINDOWS\1280910807:685418163.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/08/27 16:11:56.0656 4016 d725594c - detected HiddenFile.Multi.Generic (1)
2011/08/27 16:11:56.0812 4016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/27 16:11:56.0875 4016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/27 16:11:56.0921 4016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/27 16:11:56.0953 4016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/27 16:11:56.0984 4016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/27 16:11:57.0046 4016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/27 16:11:57.0093 4016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/27 16:11:57.0125 4016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/27 16:11:57.0265 4016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/27 16:11:57.0281 4016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/27 16:11:57.0328 4016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/27 16:11:57.0375 4016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/27 16:11:57.0406 4016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/27 16:11:57.0437 4016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/27 16:11:57.0484 4016 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
2011/08/27 16:11:57.0515 4016 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/27 16:11:57.0546 4016 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/27 16:11:57.0640 4016 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/08/27 16:11:57.0765 4016 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/08/27 16:11:57.0812 4016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/27 16:11:57.0890 4016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/27 16:11:58.0156 4016 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/27 16:11:58.0406 4016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/27 16:11:58.0500 4016 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/27 16:11:58.0515 4016 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/27 16:11:58.0562 4016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/27 16:11:58.0578 4016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/27 16:11:58.0609 4016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/27 16:11:58.0640 4016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/27 16:11:58.0671 4016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/27 16:11:58.0687 4016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/27 16:11:58.0718 4016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/27 16:11:58.0750 4016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/27 16:11:58.0796 4016 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/27 16:11:58.0859 4016 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/27 16:11:58.0984 4016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/27 16:11:59.0031 4016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/27 16:11:59.0093 4016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/27 16:11:59.0140 4016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/27 16:11:59.0156 4016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/27 16:11:59.0203 4016 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/27 16:11:59.0343 4016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/27 16:11:59.0390 4016 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/27 16:11:59.0546 4016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/27 16:11:59.0578 4016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/27 16:11:59.0609 4016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/27 16:11:59.0640 4016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/27 16:11:59.0671 4016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/27 16:11:59.0718 4016 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/27 16:11:59.0750 4016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/27 16:11:59.0796 4016 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/27 16:11:59.0812 4016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/27 16:11:59.0843 4016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/27 16:11:59.0890 4016 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/27 16:12:00.0031 4016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/27 16:12:00.0062 4016 NetBT (3fd903637554667dc3ef40a9c5bf8a24) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/27 16:12:00.0062 4016 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 3fd903637554667dc3ef40a9c5bf8a24, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
2011/08/27 16:12:00.0078 4016 NetBT - detected Rootkit.Win32.ZAccess.c (0)
2011/08/27 16:12:00.0265 4016 NETw5x32 (aa88346ab7849a1cb34bd3424febfece) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/08/27 16:12:00.0468 4016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/27 16:12:00.0515 4016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/27 16:12:00.0562 4016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/27 16:12:00.0593 4016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/27 16:12:00.0625 4016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/27 16:12:00.0656 4016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/27 16:12:00.0671 4016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/27 16:12:00.0718 4016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/27 16:12:00.0734 4016 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/27 16:12:00.0781 4016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/27 16:12:00.0921 4016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/27 16:12:01.0062 4016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/27 16:12:01.0109 4016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/27 16:12:01.0140 4016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/27 16:12:01.0187 4016 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/27 16:12:01.0312 4016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/27 16:12:01.0343 4016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/27 16:12:01.0375 4016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/27 16:12:01.0390 4016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/27 16:12:01.0562 4016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/27 16:12:01.0671 4016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/27 16:12:01.0812 4016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/27 16:12:01.0859 4016 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/27 16:12:01.0890 4016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/27 16:12:01.0953 4016 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/08/27 16:12:02.0000 4016 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/08/27 16:12:02.0062 4016 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/27 16:12:02.0093 4016 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/27 16:12:02.0109 4016 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/27 16:12:02.0171 4016 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/27 16:12:02.0203 4016 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/27 16:12:02.0265 4016 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/27 16:12:02.0437 4016 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/27 16:12:02.0484 4016 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/27 16:12:02.0515 4016 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/27 16:12:02.0593 4016 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/27 16:12:02.0671 4016 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/27 16:12:02.0703 4016 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/27 16:12:02.0718 4016 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/27 16:12:02.0843 4016 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\TERMDD.SYS
2011/08/27 16:12:02.0906 4016 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/27 16:12:03.0000 4016 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/27 16:12:03.0062 4016 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/27 16:12:03.0109 4016 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/27 16:12:03.0140 4016 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/27 16:12:03.0156 4016 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/27 16:12:03.0187 4016 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/27 16:12:03.0390 4016 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/27 16:12:03.0421 4016 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/27 16:12:03.0453 4016 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/27 16:12:03.0531 4016 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/08/27 16:12:03.0593 4016 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/27 16:12:03.0640 4016 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/27 16:12:03.0796 4016 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
2011/08/27 16:12:03.0812 4016 Boot (0x1200) (b9dd8049756813e010d9018cd9b737ad) \Device\Harddisk0\DR0\Partition0
2011/08/27 16:12:03.0812 4016 Boot (0x1200) (c5a3666d4746b8048a13b143a41cbeae) \Device\Harddisk1\DR2\Partition0
2011/08/27 16:12:03.0828 4016 ================================================================================
2011/08/27 16:12:03.0828 4016 Scan finished
2011/08/27 16:12:03.0828 4016 ================================================================================
2011/08/27 16:12:03.0828 4004 Detected object count: 3
2011/08/27 16:12:03.0828 4004 Actual detected object count: 3
2011/08/27 16:13:58.0812 4004 HKLM\SYSTEM\ControlSet001\services\cjaxed - will be deleted after reboot
2011/08/27 16:13:58.0812 4004 HKLM\SYSTEM\ControlSet003\services\cjaxed - will be deleted after reboot
2011/08/27 16:13:58.0812 4004 C:\WINDOWS\system32\drivers\cjaxed.sys - will be deleted after reboot
2011/08/27 16:13:58.0812 4004 LockedService.Multi.Generic(cjaxed) - User select action: Delete
2011/08/27 16:13:58.0812 4004 HKLM\SYSTEM\ControlSet001\services\d725594c - will be deleted after reboot
2011/08/27 16:13:58.0812 4004 HKLM\SYSTEM\ControlSet003\services\d725594c - will be deleted after reboot
2011/08/27 16:13:58.0828 4004 C:\WINDOWS\1280910807:685418163.exe - will be deleted after reboot
2011/08/27 16:13:58.0828 4004 HiddenFile.Multi.Generic(d725594c) - User select action: Delete
2011/08/27 16:13:59.0031 4004 NetBT (3fd903637554667dc3ef40a9c5bf8a24) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/27 16:13:59.0031 4004 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 3fd903637554667dc3ef40a9c5bf8a24, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
2011/08/27 16:14:01.0031 4004 Backup copy found, using it..
2011/08/27 16:14:01.0062 4004 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot
2011/08/27 16:14:01.0062 4004 Rootkit.Win32.ZAccess.c(NetBT) - User select action: Cure
2011/08/27 16:14:10.0328 3040 Deinitialize success

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 27 August 2011 - 09:18 PM

Ok, Reboot and rerun . Cure the Access and skip the other and post the log. Try MBAm again after that.

Edited by boopme, 27 August 2011 - 09:18 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 wolf316

wolf316
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 28 August 2011 - 05:51 AM

hey :)

I clicked cure, and skipped the hidden. Rebooted and it is still there. MBAM still closes after it begins to scan. I've tried it a third time, and same issue. For some reason, TDSSKill isn't curing it.

heres new log.

2011/08/27 16:20:45.0562 0252 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/27 16:20:45.0921 0252 ================================================================================
2011/08/27 16:20:45.0921 0252 SystemInfo:
2011/08/27 16:20:45.0921 0252
2011/08/27 16:20:45.0921 0252 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/27 16:20:45.0921 0252 Product type: Workstation
2011/08/27 16:20:45.0921 0252 ComputerName: CUSTOMER-F6F104
2011/08/27 16:20:45.0921 0252 UserName: Customer
2011/08/27 16:20:45.0921 0252 Windows directory: C:\WINDOWS
2011/08/27 16:20:45.0921 0252 System windows directory: C:\WINDOWS
2011/08/27 16:20:45.0921 0252 Processor architecture: Intel x86
2011/08/27 16:20:45.0921 0252 Number of processors: 2
2011/08/27 16:20:45.0921 0252 Page size: 0x1000
2011/08/27 16:20:45.0921 0252 Boot type: Normal boot
2011/08/27 16:20:45.0921 0252 ================================================================================
2011/08/27 16:20:47.0062 0252 Initialize success
2011/08/27 16:20:49.0656 2416 ================================================================================
2011/08/27 16:20:49.0656 2416 Scan started
2011/08/27 16:20:49.0656 2416 Mode: Manual;
2011/08/27 16:20:49.0656 2416 ================================================================================
2011/08/27 16:20:50.0562 2416 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/27 16:20:50.0609 2416 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/27 16:20:50.0656 2416 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/27 16:20:50.0703 2416 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/27 16:20:50.0890 2416 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/27 16:20:50.0921 2416 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/27 16:20:50.0968 2416 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/27 16:20:51.0015 2416 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/27 16:20:51.0062 2416 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/08/27 16:20:51.0218 2416 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/27 16:20:51.0265 2416 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/27 16:20:51.0328 2416 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/08/27 16:20:51.0359 2416 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/08/27 16:20:51.0421 2416 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/08/27 16:20:51.0484 2416 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/08/27 16:20:51.0531 2416 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/27 16:20:51.0593 2416 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/27 16:20:51.0640 2416 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/27 16:20:51.0671 2416 Cdrom (ce12b7a74531bde26b7533ac43bd16fa) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/27 16:20:51.0671 2416 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: ce12b7a74531bde26b7533ac43bd16fa, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2011/08/27 16:20:51.0671 2416 Cdrom - detected Rootkit.Win32.ZAccess.c (0)
2011/08/27 16:20:51.0718 2416 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/27 16:20:51.0750 2416 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/27 16:20:51.0828 2416 d725594c (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1280910807:685418163.exe
2011/08/27 16:20:51.0828 2416 Suspicious file (Hidden): C:\WINDOWS\1280910807:685418163.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/08/27 16:20:51.0828 2416 d725594c - detected HiddenFile.Multi.Generic (1)
2011/08/27 16:20:51.0890 2416 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/27 16:20:52.0109 2416 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/27 16:20:52.0453 2416 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/27 16:20:52.0500 2416 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/27 16:20:52.0531 2416 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/27 16:20:52.0578 2416 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/27 16:20:52.0625 2416 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/27 16:20:52.0640 2416 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/27 16:20:52.0671 2416 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/27 16:20:52.0687 2416 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/27 16:20:52.0734 2416 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/27 16:20:52.0765 2416 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/27 16:20:52.0812 2416 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/27 16:20:52.0968 2416 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/27 16:20:53.0015 2416 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
2011/08/27 16:20:53.0046 2416 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/27 16:20:53.0078 2416 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/27 16:20:53.0171 2416 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/08/27 16:20:53.0234 2416 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/08/27 16:20:53.0281 2416 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/27 16:20:53.0437 2416 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/27 16:20:53.0671 2416 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/27 16:20:53.0906 2416 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/27 16:20:54.0000 2416 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/27 16:20:54.0015 2416 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/27 16:20:54.0062 2416 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/27 16:20:54.0093 2416 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/27 16:20:54.0109 2416 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/27 16:20:54.0140 2416 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/27 16:20:54.0171 2416 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/27 16:20:54.0203 2416 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/27 16:20:54.0234 2416 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/27 16:20:54.0265 2416 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/27 16:20:54.0312 2416 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/27 16:20:54.0421 2416 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/27 16:20:54.0531 2416 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/27 16:20:54.0578 2416 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/27 16:20:54.0625 2416 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/27 16:20:54.0656 2416 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/27 16:20:54.0703 2416 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/27 16:20:54.0734 2416 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/27 16:20:54.0765 2416 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/27 16:20:54.0890 2416 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/27 16:20:55.0046 2416 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/27 16:20:55.0109 2416 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/27 16:20:55.0140 2416 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/27 16:20:55.0171 2416 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/27 16:20:55.0203 2416 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/27 16:20:55.0234 2416 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/27 16:20:55.0281 2416 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/27 16:20:55.0328 2416 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/27 16:20:55.0359 2416 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/27 16:20:55.0484 2416 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/27 16:20:55.0500 2416 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/27 16:20:55.0546 2416 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/27 16:20:55.0609 2416 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/27 16:20:55.0625 2416 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/27 16:20:55.0828 2416 NETw5x32 (aa88346ab7849a1cb34bd3424febfece) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/08/27 16:20:56.0031 2416 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/27 16:20:56.0078 2416 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/27 16:20:56.0125 2416 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/27 16:20:56.0156 2416 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/27 16:20:56.0187 2416 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/27 16:20:56.0218 2416 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/27 16:20:56.0234 2416 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/27 16:20:56.0281 2416 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/27 16:20:56.0296 2416 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/27 16:20:56.0343 2416 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/27 16:20:56.0484 2416 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/27 16:20:56.0625 2416 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/27 16:20:56.0671 2416 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/27 16:20:56.0703 2416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/27 16:20:56.0750 2416 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/27 16:20:56.0843 2416 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/27 16:20:56.0890 2416 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/27 16:20:56.0906 2416 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/27 16:20:56.0921 2416 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/27 16:20:56.0953 2416 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/27 16:20:56.0984 2416 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/27 16:20:57.0015 2416 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/27 16:20:57.0062 2416 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/27 16:20:57.0218 2416 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/27 16:20:57.0265 2416 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/08/27 16:20:57.0328 2416 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/08/27 16:20:57.0375 2416 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/27 16:20:57.0406 2416 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/27 16:20:57.0437 2416 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/27 16:20:57.0500 2416 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/27 16:20:57.0531 2416 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/27 16:20:57.0578 2416 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/27 16:20:57.0734 2416 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/08/27 16:20:57.0812 2416 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/27 16:20:57.0843 2416 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/27 16:20:57.0937 2416 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/27 16:20:58.0015 2416 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/27 16:20:58.0093 2416 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/27 16:20:58.0125 2416 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/27 16:20:58.0156 2416 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\TERMDD.SYS
2011/08/27 16:20:58.0218 2416 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/27 16:20:58.0296 2416 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/27 16:20:58.0375 2416 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/27 16:20:58.0437 2416 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/27 16:20:58.0453 2416 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/27 16:20:58.0484 2416 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/27 16:20:58.0515 2416 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/27 16:20:58.0625 2416 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/27 16:20:58.0656 2416 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/27 16:20:58.0687 2416 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/27 16:20:58.0812 2416 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/08/27 16:20:59.0078 2416 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/27 16:20:59.0140 2416 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/27 16:20:59.0296 2416 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
2011/08/27 16:20:59.0312 2416 Boot (0x1200) (b9dd8049756813e010d9018cd9b737ad) \Device\Harddisk0\DR0\Partition0
2011/08/27 16:20:59.0312 2416 Boot (0x1200) (c5a3666d4746b8048a13b143a41cbeae) \Device\Harddisk1\DR2\Partition0
2011/08/27 16:20:59.0328 2416 ================================================================================
2011/08/27 16:20:59.0328 2416 Scan finished
2011/08/27 16:20:59.0328 2416 ================================================================================
2011/08/27 16:20:59.0328 2412 Detected object count: 2
2011/08/27 16:20:59.0328 2412 Actual detected object count: 2
2011/08/27 16:21:19.0265 2412 Cdrom (ce12b7a74531bde26b7533ac43bd16fa) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/27 16:21:19.0265 2412 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: ce12b7a74531bde26b7533ac43bd16fa, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2011/08/27 16:21:21.0078 2412 Backup copy found, using it..
2011/08/27 16:21:21.0093 2412 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured after reboot
2011/08/27 16:21:21.0093 2412 Rootkit.Win32.ZAccess.c(Cdrom) - User select action: Cure
2011/08/27 16:21:21.0093 2412 HiddenFile.Multi.Generic(d725594c) - User select action: Skip
2011/08/27 16:21:28.0015 1224 Deinitialize success

Edited by wolf316, 28 August 2011 - 08:21 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 29 August 2011 - 09:25 AM

How is it running now?

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 wolf316

wolf316
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 29 August 2011 - 10:19 AM

hey boopme.

just finished the scan and theres quite abit that was found. the 2 virus from TDDSKill didn't show up on the list. heres the scan log anyway.


C:\Documents and Settings\Customer\Application Data\4AABFCFCE54A2F79697EF1558DE8B210\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Customer\Local Settings\Application Data\{AE5BCCD1-E3FA-4327-A947-D43A50F4D482}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan cleaned by deleting - quarantined
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\CyberLink\Shared Files\RichVideo.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Intel\WiFi\bin\EvtEng.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN trojan error while cleaning
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP0\A0002007.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP0\A0002008.ini Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP1\A0002050.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP2\A0002067.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP2\A0002068.ini Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP2\A0002077.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP2\A0002078.ini Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002099.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002100.ini Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002113.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002114.ini Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002154.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002155.ini Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002163.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002164.ini Win32/Sirefef.CH trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002181.exe a variant of Win32/Adware.WinPump.U application cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002182.exe a variant of Win32/Adware.WinPump.U application cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002208.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002210.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002217.sys a variant of Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE2CC947-838E-4360-96D6-B05E98155553}\RP3\A0002218.ini Win32/Sirefef.CH trojan cleaned by deleting - quarantined

thanks again :)

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 29 August 2011 - 11:13 AM

Good, Update ad rerun MBAM then run ESET again and see if it cleans these now.

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\CyberLink\Shared Files\RichVideo.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Intel\WiFi\bin\EvtEng.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN trojan error while cleaning
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 wolf316

wolf316
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 29 August 2011 - 11:21 AM

nope, MBAM still closes as soon as the scan begins. I ran it from my USB cause for some reason, even after using the inherit.exe file in the MBAM folder, after the laptop resets, MBAM no longer is accessible, its icons turn white on desktop. Also, if this helps the Rootkit.Win32.ZAccess.c and hidden file that showed up in TDSSkiller are still on the computer.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 29 August 2011 - 01:53 PM

Hmm, I think we should get a deeper look.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include this link to this topic.

http://www.bleepingcomputer.com/forums/topic416290.html/page__pid__2389473#entry2389473

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 wolf316

wolf316
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 29 August 2011 - 03:02 PM

hey boopme, thanx again for all the help :)

I ran DDS but it stops scanning and hangs. It sais on the program it shouldn't take longer then 3 minutes, but after about 5 its still at same spot.

Edited by wolf316, 29 August 2011 - 03:02 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users