Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run rkill or malwarebytes


  • This topic is locked This topic is locked
12 replies to this topic

#1 emartin

emartin

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 02 March 2012 - 01:54 PM

Hi, New here and not very good with computers. I seem to have a virus called system check that has shut down my computer. It will not let me run either rkill or malwarebytes. Any help will be very much appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:10 AM

Posted 02 March 2012 - 03:13 PM

Hello is this XP,Vista W7??
Have you tried all of these and are you using windows booted to Safe Mode with Networking.


Please follow our Removal Guide here Remove System Check .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 emartin

emartin
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 03 March 2012 - 10:37 AM

Thank you for the reply. I have XP and am running in safe mode with networking. I am posting from a different computer. I have done the steps in the link you provided but when I try to run rkill I get a line in the black window that says "Access denied" and then in the log it says:
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

rkill was run on 03/03/2012 at 9:21:16.
Operating system: Microsoft Windows XP

Processes terminated by rkill or while it was running:

rkill completed on 03/03/19.

I have tried running rkill with various file names with the same results all the time. When I try and run malwarebytes I get "installation failed".

What is my next step?

#4 emartin

emartin
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 03 March 2012 - 11:54 AM

I opened the C/ drive folder and I see 3 files in there with suspicious names. They are:
5e198190ea72915e272d3ebc9f4a
925f47a9e8dbbdefb4a2e8
446240a50fba2fd548c8a58e43

I don't know if they are .exe files. There was one file with a similar name that aappeared when I did the earlier steps and I renamed it.

The log for the root directory is:
TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
23:31:42.0562 0600 ============================================================
23:31:42.0562 0600 Current date / time: 2012/03/01 23:31:42.0562
23:31:42.0562 0600 SystemInfo:
23:31:42.0562 0600
23:31:42.0562 0600 OS Version: 5.1.2600 ServicePack: 2.0
23:31:42.0562 0600 Product type: Workstation
23:31:42.0562 0600 ComputerName: FRONTDESK
23:31:42.0562 0600 UserName: HP_Owner
23:31:42.0562 0600 Windows directory: C:\WINDOWS
23:31:42.0562 0600 System windows directory: C:\WINDOWS
23:31:42.0562 0600 Processor architecture: Intel x86
23:31:42.0562 0600 Number of processors: 1
23:31:42.0562 0600 Page size: 0x1000
23:31:42.0562 0600 Boot type: Normal boot
23:31:42.0562 0600 ============================================================
23:31:45.0046 0600 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
23:31:45.0234 0600 \Device\Harddisk0\DR0:
23:31:45.0234 0600 MBR used
23:31:45.0234 0600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF1931
23:31:45.0234 0600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDF1970, BlocksNum 0x166A8590
23:31:45.0265 0600 Initialize success
23:31:45.0265 0600 ============================================================
23:31:52.0281 4008 ============================================================
23:31:52.0281 4008 Scan started
23:31:52.0281 4008 Mode: Manual;
23:31:52.0281 4008 ============================================================
23:31:52.0750 4008 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:31:52.0750 4008 Aavmker4 - ok
23:31:52.0796 4008 Abiosdsk - ok
23:31:52.0828 4008 abp480n5 - ok
23:31:52.0953 4008 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:31:52.0953 4008 ACPI - ok
23:31:53.0015 4008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:31:53.0015 4008 ACPIEC - ok
23:31:53.0078 4008 adpu160m - ok
23:31:53.0140 4008 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
23:31:53.0140 4008 aec - ok
23:31:53.0250 4008 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
23:31:53.0281 4008 AFD - ok
23:31:53.0359 4008 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23:31:53.0421 4008 AgereSoftModem - ok
23:31:53.0515 4008 Aha154x - ok
23:31:53.0718 4008 aic78u2 - ok
23:31:53.0781 4008 aic78xx - ok
23:31:53.0843 4008 AliIde - ok
23:31:53.0875 4008 amsint - ok
23:31:53.0921 4008 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:31:53.0921 4008 Arp1394 - ok
23:31:53.0968 4008 asc - ok
23:31:54.0000 4008 asc3350p - ok
23:31:54.0046 4008 asc3550 - ok
23:31:54.0125 4008 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:31:54.0125 4008 aswFsBlk - ok
23:31:54.0203 4008 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
23:31:54.0203 4008 aswMon2 - ok
23:31:54.0250 4008 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
23:31:54.0250 4008 aswRdr - ok
23:31:54.0359 4008 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
23:31:54.0359 4008 aswSnx - ok
23:31:54.0421 4008 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
23:31:54.0421 4008 aswSP - ok
23:31:54.0640 4008 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
23:31:54.0640 4008 aswTdi - ok
23:31:54.0875 4008 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:31:54.0875 4008 AsyncMac - ok
23:31:54.0937 4008 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:31:54.0937 4008 atapi - ok
23:31:54.0984 4008 Atdisk - ok
23:31:55.0015 4008 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:31:55.0015 4008 Atmarpc - ok
23:31:55.0062 4008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:31:55.0062 4008 audstub - ok
23:31:55.0125 4008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:31:55.0125 4008 Beep - ok
23:31:55.0171 4008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:31:55.0171 4008 cbidf2k - ok
23:31:55.0218 4008 cd20xrnt - ok
23:31:55.0250 4008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:31:55.0250 4008 Cdaudio - ok
23:31:55.0312 4008 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:31:55.0312 4008 Cdfs - ok
23:31:55.0359 4008 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:31:55.0359 4008 Cdrom - ok
23:31:55.0390 4008 Changer - ok
23:31:55.0453 4008 CmdIde - ok
23:31:55.0546 4008 Cpqarray - ok
23:31:55.0593 4008 dac2w2k - ok
23:31:55.0625 4008 dac960nt - ok
23:31:55.0671 4008 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:31:55.0687 4008 Disk - ok
23:31:55.0765 4008 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:31:55.0796 4008 dmboot - ok
23:31:55.0859 4008 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
23:31:55.0859 4008 dmio - ok
23:31:55.0890 4008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:31:55.0890 4008 dmload - ok
23:31:55.0953 4008 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:31:55.0953 4008 DMusic - ok
23:31:56.0000 4008 dpti2o - ok
23:31:56.0187 4008 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:31:56.0187 4008 drmkaud - ok
23:31:56.0343 4008 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:31:56.0343 4008 Fastfat - ok
23:31:56.0390 4008 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
23:31:56.0390 4008 fasttx2k - ok
23:31:56.0437 4008 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:31:56.0437 4008 Fdc - ok
23:31:56.0546 4008 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:31:56.0546 4008 Fips - ok
23:31:56.0593 4008 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:31:56.0593 4008 Flpydisk - ok
23:31:56.0640 4008 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:31:56.0640 4008 FltMgr - ok
23:31:56.0703 4008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:31:56.0703 4008 Fs_Rec - ok
23:31:56.0734 4008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:31:56.0734 4008 Ftdisk - ok
23:31:56.0781 4008 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:31:56.0781 4008 GEARAspiWDM - ok
23:31:56.0828 4008 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:31:56.0828 4008 Gpc - ok
23:31:56.0906 4008 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
23:31:56.0906 4008 HdAudAddService - ok
23:31:57.0078 4008 HDAudBus (cbbb304dc69e0b56f789852f6455f7ec) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:31:57.0078 4008 HDAudBus - ok
23:31:57.0187 4008 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:31:57.0203 4008 HidUsb - ok
23:31:57.0234 4008 hpn - ok
23:31:57.0312 4008 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:31:57.0312 4008 HPZid412 - ok
23:31:57.0375 4008 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:31:57.0375 4008 HPZipr12 - ok
23:31:57.0421 4008 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:31:57.0421 4008 HPZius12 - ok
23:31:57.0593 4008 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
23:31:57.0609 4008 HTTP - ok
23:31:57.0656 4008 i2omgmt - ok
23:31:57.0703 4008 i2omp - ok
23:31:57.0812 4008 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:31:57.0812 4008 i8042prt - ok
23:31:58.0078 4008 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:31:58.0109 4008 ialm - ok
23:31:58.0203 4008 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:31:58.0203 4008 Imapi - ok
23:31:58.0265 4008 ini910u - ok
23:31:58.0453 4008 IntcAzAudAddService (44792ccbc7b41b42ec068c6416d17de1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:31:58.0468 4008 IntcAzAudAddService - ok
23:31:58.0546 4008 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:31:58.0546 4008 IntelIde - ok
23:31:58.0578 4008 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:31:58.0578 4008 intelppm - ok
23:31:58.0640 4008 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:31:58.0640 4008 Ip6Fw - ok
23:31:58.0703 4008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:31:58.0703 4008 IpFilterDriver - ok
23:31:58.0750 4008 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:31:58.0750 4008 IpInIp - ok
23:31:58.0796 4008 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:31:58.0812 4008 IpNat - ok
23:31:58.0859 4008 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:31:58.0859 4008 IPSec - ok
23:31:59.0046 4008 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:31:59.0046 4008 IRENUM - ok
23:31:59.0125 4008 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:31:59.0125 4008 isapnp - ok
23:31:59.0234 4008 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:31:59.0234 4008 Kbdclass - ok
23:31:59.0328 4008 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:31:59.0328 4008 kbdhid - ok
23:31:59.0390 4008 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:31:59.0390 4008 kmixer - ok
23:31:59.0515 4008 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
23:31:59.0515 4008 KSecDD - ok
23:31:59.0562 4008 lbrtfdc - ok
23:31:59.0812 4008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:31:59.0812 4008 mnmdd - ok
23:31:59.0890 4008 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:31:59.0890 4008 Modem - ok
23:31:59.0937 4008 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:31:59.0937 4008 Mouclass - ok
23:32:00.0031 4008 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:32:00.0031 4008 mouhid - ok
23:32:00.0078 4008 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:32:00.0078 4008 MountMgr - ok
23:32:00.0109 4008 mraid35x - ok
23:32:00.0156 4008 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:32:00.0171 4008 MRxDAV - ok
23:32:00.0281 4008 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:32:00.0296 4008 MRxSmb - ok
23:32:00.0562 4008 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:32:00.0578 4008 Msfs - ok
23:32:00.0656 4008 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:32:00.0671 4008 MSKSSRV - ok
23:32:00.0718 4008 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:32:00.0718 4008 MSPCLOCK - ok
23:32:00.0765 4008 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:32:00.0765 4008 MSPQM - ok
23:32:00.0812 4008 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:32:00.0812 4008 mssmbios - ok
23:32:00.0890 4008 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:32:00.0890 4008 Mup - ok
23:32:00.0968 4008 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:32:00.0984 4008 NDIS - ok
23:32:01.0015 4008 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:32:01.0031 4008 NdisTapi - ok
23:32:01.0062 4008 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:32:01.0078 4008 Ndisuio - ok
23:32:01.0109 4008 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:32:01.0125 4008 NdisWan - ok
23:32:01.0296 4008 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:32:01.0296 4008 NDProxy - ok
23:32:01.0359 4008 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:32:01.0359 4008 NetBIOS - ok
23:32:01.0468 4008 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:32:01.0468 4008 NetBT - ok
23:32:01.0562 4008 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:32:01.0562 4008 NIC1394 - ok
23:32:01.0640 4008 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:32:01.0640 4008 Npfs - ok
23:32:01.0734 4008 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:32:01.0765 4008 Ntfs - ok
23:32:01.0812 4008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:32:01.0812 4008 Null - ok
23:32:02.0015 4008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:32:02.0015 4008 NwlnkFlt - ok
23:32:02.0109 4008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:32:02.0109 4008 NwlnkFwd - ok
23:32:02.0171 4008 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:32:02.0171 4008 ohci1394 - ok
23:32:02.0234 4008 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
23:32:02.0234 4008 Parport - ok
23:32:02.0281 4008 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:32:02.0281 4008 PartMgr - ok
23:32:02.0312 4008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:32:02.0312 4008 ParVdm - ok
23:32:02.0359 4008 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:32:02.0359 4008 PCI - ok
23:32:02.0406 4008 PCIDump - ok
23:32:02.0468 4008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:32:02.0468 4008 PCIIde - ok
23:32:02.0578 4008 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:32:02.0578 4008 Pcmcia - ok
23:32:02.0640 4008 PDCOMP - ok
23:32:02.0687 4008 PDFRAME - ok
23:32:02.0718 4008 PDRELI - ok
23:32:02.0765 4008 PDRFRAME - ok
23:32:02.0812 4008 perc2 - ok
23:32:02.0843 4008 perc2hib - ok
23:32:02.0921 4008 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:32:02.0921 4008 PptpMiniport - ok
23:32:03.0125 4008 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
23:32:03.0125 4008 Ps2 - ok
23:32:03.0218 4008 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:32:03.0218 4008 PSched - ok
23:32:03.0296 4008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:32:03.0296 4008 Ptilink - ok
23:32:03.0390 4008 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:32:03.0390 4008 PxHelp20 - ok
23:32:03.0437 4008 ql1080 - ok
23:32:03.0546 4008 Ql10wnt - ok
23:32:03.0578 4008 ql12160 - ok
23:32:03.0625 4008 ql1240 - ok
23:32:03.0671 4008 ql1280 - ok
23:32:03.0718 4008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:32:03.0718 4008 RasAcd - ok
23:32:03.0828 4008 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:32:03.0828 4008 Rasl2tp - ok
23:32:04.0000 4008 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:32:04.0000 4008 RasPppoe - ok
23:32:04.0046 4008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:32:04.0046 4008 Raspti - ok
23:32:04.0093 4008 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:32:04.0109 4008 Rdbss - ok
23:32:04.0140 4008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:32:04.0140 4008 RDPCDD - ok
23:32:04.0203 4008 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
23:32:04.0218 4008 RDPWD - ok
23:32:04.0343 4008 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:32:04.0343 4008 redbook - ok
23:32:04.0406 4008 RTL8023xp (1a2a445e8968b2019e75e08f3a1344fc) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:32:04.0421 4008 RTL8023xp - ok
23:32:04.0500 4008 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:32:04.0500 4008 rtl8139 - ok
23:32:04.0562 4008 SBRE - ok
23:32:04.0859 4008 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:32:04.0859 4008 Secdrv - ok
23:32:04.0984 4008 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
23:32:04.0984 4008 Serial - ok
23:32:05.0062 4008 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:32:05.0062 4008 Sfloppy - ok
23:32:05.0109 4008 Simbad - ok
23:32:05.0171 4008 Sparrow - ok
23:32:05.0218 4008 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:32:05.0218 4008 splitter - ok
23:32:05.0468 4008 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:32:05.0468 4008 sr - ok
23:32:05.0625 4008 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
23:32:05.0640 4008 Srv - ok
23:32:05.0687 4008 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:32:05.0703 4008 swenum - ok
23:32:05.0734 4008 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:32:05.0734 4008 swmidi - ok
23:32:05.0781 4008 symc810 - ok
23:32:05.0828 4008 symc8xx - ok
23:32:05.0859 4008 sym_hi - ok
23:32:05.0906 4008 sym_u3 - ok
23:32:05.0953 4008 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:32:05.0953 4008 sysaudio - ok
23:32:06.0078 4008 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:32:06.0093 4008 Tcpip - ok
23:32:06.0171 4008 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:32:06.0171 4008 TDPIPE - ok
23:32:06.0359 4008 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:32:06.0375 4008 TDTCP - ok
23:32:06.0437 4008 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:32:06.0453 4008 TermDD - ok
23:32:06.0531 4008 TosIde - ok
23:32:06.0609 4008 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:32:06.0609 4008 Udfs - ok
23:32:06.0671 4008 ultra - ok
23:32:06.0718 4008 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:32:06.0718 4008 Update - ok
23:32:06.0843 4008 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:32:06.0843 4008 usbccgp - ok
23:32:06.0906 4008 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:32:06.0906 4008 usbehci - ok
23:32:06.0953 4008 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:32:06.0953 4008 usbhub - ok
23:32:07.0140 4008 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:32:07.0156 4008 usbprint - ok
23:32:07.0250 4008 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:32:07.0250 4008 usbscan - ok
23:32:07.0375 4008 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:32:07.0375 4008 USBSTOR - ok
23:32:07.0484 4008 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:32:07.0484 4008 usbuhci - ok
23:32:07.0578 4008 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:32:07.0578 4008 VgaSave - ok
23:32:07.0640 4008 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:32:07.0640 4008 ViaIde - ok
23:32:07.0796 4008 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:32:07.0796 4008 VolSnap - ok
23:32:07.0906 4008 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:32:07.0906 4008 Wanarp - ok
23:32:07.0953 4008 WDICA - ok
23:32:08.0000 4008 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:32:08.0000 4008 wdmaud - ok
23:32:08.0125 4008 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
23:32:08.0187 4008 \Device\Harddisk0\DR0 - ok
23:32:08.0187 4008 Boot (0x1200) (55e971ebd4acbb1c60cf298812fb4352) \Device\Harddisk0\DR0\Partition0
23:32:08.0187 4008 \Device\Harddisk0\DR0\Partition0 - ok
23:32:08.0203 4008 Boot (0x1200) (a98ed00b16d446e84be2ebcdf9f82e2b) \Device\Harddisk0\DR0\Partition1
23:32:08.0203 4008 \Device\Harddisk0\DR0\Partition1 - ok
23:32:08.0203 4008 ============================================================
23:32:08.0203 4008 Scan finished
23:32:08.0203 4008 ============================================================
23:32:08.0218 4000 Detected object count: 0
23:32:08.0218 4000 Actual detected object count: 0
23:32:25.0640 2676 Deinitialize success

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:10 AM

Posted 03 March 2012 - 08:41 PM

Hello, they look like malware.
If possible,lets' upload those file for a second opinion on what they actually are..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 emartin

emartin
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 04 March 2012 - 03:39 PM

How do I get the suspect files uploaded to the Jotti site? When I click the browse button a window opens that has the tittle "Choose File to Upload" but when I navigate to the files and click on one of them and then click open it does not upload. What am I doing wrong?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:10 AM

Posted 04 March 2012 - 08:57 PM

Are you clicking only the file?
Where is it located?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 emartin

emartin
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 04 March 2012 - 10:24 PM

Yes, I am just clicking on the file. The suspect files are located on my C: drive. I believe they are actually folders so maybe that is the problem? They appear when I click Start-My Computer-and then the C: drive icon.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:10 AM

Posted 04 March 2012 - 10:33 PM

OK, the safest thing then is get a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 emartin

emartin
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 05 March 2012 - 10:25 AM

OK But while attempting to do the D.D.S. scan I seem to have a problem. The scan started and the black window opened. The scan continued until I have a row of the # symbol approximately 2/3 of the way across the window and then it stopped and there is a flashing cursor at the far left below this row. The logs have not appeared. Now what?

#11 emartin

emartin
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 05 March 2012 - 10:28 AM

I attempted to close the window to restart the scan but I get "Not Responding" in the title bar of the box.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:10 AM

Posted 05 March 2012 - 12:24 PM

If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:10 AM

Posted 05 March 2012 - 03:38 PM

I have moved (split away) your log(s) to the Virus, Trojan, Spyware, and Malware Removal Logs forum as they are not permitted in this forum.

Please go here, click on the Watch Topic button in the upper right corner and select Immediate Notification to subscribe to that topic so you are notified when a helper replies.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable. If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users