Jump to content

sidevans

Members
  • Posts

    2
  • Joined

  • Last visited

Posts posted by sidevans

  1. Cheers MrC!

    RogueKiller V7.3.2 [03/20/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6000 ) 32 bits version

    Started in : Normal mode

    User: Ed [Admin rights]

    Mode: Scan -- Date: 03/27/2012 23:34:39

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 4 ¤¤¤

    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    [FAKED] smb.sys : c:\windows\system32\drivers\smb.sys --> CANNOT FIX

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK1237GSX ATA Device +++++

    --- User ---

    [MBR] aaf5e8a7888cc009a12e220fd1b550b2

    [bSP] 496b87a12bfa3d67876a0c24eba3e81c : Windows Vista MBR Code

    Partition table:

    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 57154 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 120125440 | Size: 55814 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>

    RKreport[1].txt

  2. Merged post

    Hi there

    Long time malwarebytes user and fan, first time poster on here! From doing some browsing on this forum it seems that quite a few people are suffering from the same virus/malware problem as me, so forgive me for repeating the theme.

    Malwarebytes seems to be having trouble removing 2 files from the system, both called rootkit.0access... and like others it orders a restart, but doesn't clear the problem on restart. I'd be very grateful if someone could help me with the problem!

    The malwarebytes log is as follows:

    Malwarebytes Anti-Malware 1.60.1.1000

    www.malwarebytes.org

    Database version: v2012.03.25.01

    Windows Vista x86 NTFS

    Internet Explorer 7.0.6000.17037

    Ed :: ED-PC [administrator]

    25/03/2012 21:51:33

    mbam-log-2012-03-25 (21-51-33).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 182517

    Time elapsed: 6 minute(s), 33 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 1

    C:\Windows\System32\dlacdbhm.dll (RootKit.0Access.H) -> Delete on reboot.

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 1

    C:\Windows\System32\dlacdbhm.dll (RootKit.0Access.H) -> Delete on reboot.

    (end)

    dds info:

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 7.0.6000.17037

    Run by Ed at 20:40:21 on 2012-03-26

    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.759 [GMT 1:00]

    .

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

    C:\Windows\system32\TODDSrv.exe

    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Synaptics\SynTP\SynTPStart.exe

    C:\Windows\RtHDVCpl.exe

    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

    C:\Program Files\Logitech\QuickCam\Quickcam.exe

    C:\Program Files\Real\RealPlayer\Update\realsched.exe

    C:\Program Files\Epson Software\Event Manager\EEventManager.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Internet Explorer\ieuser.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Synaptics\SynTP\SynToshiba.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

    C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

    C:\Windows\system32\wuauclt.exe

    \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs

    C:\Windows\TEMP\vxlaxh\setup.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.co.uk

    uDefault_Page_URL = hxxp://www.google.co.uk

    mDefault_Page_URL = hxxp://www.google.co.uk

    uInternet Settings,ProxyOverride = *.local

    uURLSearchHooks: H - No File

    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll

    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

    TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

    uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [EPSON SX235 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatihle.exe /fu "c:\users\ed\appdata\local\temp\E_S6FF2.tmp" /EF "HKCU"

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    uRun: [WH7V8J9F2XYC1EVGGDUZJK] c:\gwerwqqeg55\F95C1CC1A52.exe /q

    mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [NDSTray.exe] NDSTray.exe

    mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup

    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

    mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

    mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe

    mRun: [symLnch] "f:\support\symlnch\symlnch.exe" "f:\Setup.exe" "/REALUPREBOOT"

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

    StartupFolder: c:\users\ed\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

    IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4

    IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

    LSP: mswsock.dll

    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

    TCP: DhcpNameServer = 192.168.1.254

    TCP: Interfaces\{E513DDF1-3DCD-497D-A84A-243CEEAD8CB5} : DhcpNameServer = 192.168.1.254

    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

    Notify: igfxcui - igfxdev.dll

    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    .

    ============= SERVICES / DRIVERS ===============

    .

    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-9-19 7168]

    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-9-19 252416]

    S2 AMService;AMService;c:\windows\temp\vxlaxh\setup.exe run --> c:\windows\temp\vxlaxh\setup.exe run [?]

    S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2007-6-19 81832]

    S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2007-6-19 13864]

    S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2007-6-19 107304]

    .

    =============== Created Last 30 ================

    .

    2012-03-24 13:58:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-03-24 13:58:35 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

    2012-03-23 14:16:21 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2252fa74-02a1-4de1-ae0f-2007c681ccd7}\mpengine.dll

    2012-03-05 10:20:31 -------- d-----w- c:\programdata\Minitab

    2012-03-03 22:00:15 -------- d-----w- c:\program files\SUStats

    2012-03-03 21:52:34 -------- d-----w- c:\program files\Minitab

    2012-03-03 21:51:05 -------- d-----w- c:\program files\common files\Minitab Shared

    2012-03-03 20:32:19 -------- d-----w- c:\users\ed\appdata\roaming\SUPERAntiSpyware.com

    2012-03-03 20:31:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

    .

    ==================== Find3M ====================

    .

    2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

    2012-01-21 07:21:34 111960 ----a-w- c:\windows\dxsdkuninst.exe

    .

    ============= FINISH: 20:41:45.88 ===============

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.