cherrybella

Ok, here are the results: Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 6 Update 31 Java version out of Date! Adobe Flash Player 11.4.402.278 Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

hello, sorry for the slow reply, everythings running great now and malware bytes not flagging anything up, thanks so much for the help!!

thank you for the reply! Did as you said, here's my new log: RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Tess [Admin rights] Mode : Scan -- Date : 09/30/2012 01:35:44 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++ --- User --- [MBR] f53b6b2c81a0f03f7aabc5a801a23773 [bSP] 5b7703d846c706d0fdd870def80bf09d : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13801 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28268544 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28473344 | Size: 463037 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SD / MMC Card +++++ --- User --- [MBR] a01d0af9fd801c08dba6a1398b6e1032 [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 1937 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

and here is a Rogue Killer report: RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Tess [Admin rights] Mode : Scan -- Date : 09/29/2012 23:11:14 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\Windows\Installer\{6d3d9910-efd7-b01f-349f-ba0d329c51c5}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Windows\Installer\{6d3d9910-efd7-b01f-349f-ba0d329c51c5}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{6d3d9910-efd7-b01f-349f-ba0d329c51c5}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND [susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++ --- User --- [MBR] f53b6b2c81a0f03f7aabc5a801a23773 [bSP] 5b7703d846c706d0fdd870def80bf09d : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13801 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28268544 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28473344 | Size: 463037 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SD / MMC Card +++++ --- User --- [MBR] a01d0af9fd801c08dba6a1398b6e1032 [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 1937 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt

Hey there, I discovered that my laptop has a rootkit trojan through MBAM - tried removing the files several times only to reboot and find them still there. I've tried running tdsskiller but it keeps coming back with "there is unprocessed malware" and going no further. I've tried to follow instructions from other threads but to no avail - any help would be greatly appreciated, I need this laptop for my work! This trojan is causing popups, google redirects, Microsoft Word 2010 crashes, MSE isn't working properly either. I've attached the MBAM log. Thank you for any help! Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.29.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tess :: TESS-VAIO [administrator] 29/09/2012 21:55:19 mbam-log-2012-09-29 (22-55-51).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 329264 Time elapsed: 58 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 20 C:\TDSSKiller_Quarantine\29.09.2012_20.43.46\zasubsys0000\file0000\tsk0000.dta (Rootkit.0Access) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_20.43.46\zasubsys0000\zafs0000\tsk0006.dta (Trojan.Dropper.BCMiner) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_20.43.46\zasubsys0000\zafs0000\tsk0007.dta (Rootkit.0Access) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_20.43.46\zasubsys0000\zafs0000\tsk0008.dta (Rootkit.0Access.64) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_20.43.46\zasubsys0001\file0000\tsk0000.dta (Rootkit.0Access) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_20.43.46\zasubsys0001\zafs0000\tsk0006.dta (Trojan.Dropper.BCMiner) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_20.43.46\zasubsys0001\zafs0000\tsk0007.dta (Rootkit.0Access) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_20.43.46\zasubsys0001\zafs0000\tsk0008.dta (Rootkit.0Access.64) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.27.15\zasubsys0000\file0000\tsk0000.dta (Rootkit.0Access) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.27.15\zasubsys0000\zafs0000\tsk0006.dta (Trojan.Dropper.BCMiner) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.27.15\zasubsys0000\zafs0000\tsk0007.dta (Rootkit.0Access) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.27.15\zasubsys0000\zafs0000\tsk0008.dta (Rootkit.0Access.64) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.30.30\zasubsys0000\file0000\tsk0000.dta (Rootkit.0Access) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.30.30\zasubsys0000\zafs0000\tsk0006.dta (Trojan.Dropper.BCMiner) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.30.30\zasubsys0000\zafs0000\tsk0007.dta (Rootkit.0Access) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.30.30\zasubsys0000\zafs0000\tsk0008.dta (Rootkit.0Access.64) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.37.44\zasubsys0000\file0000\tsk0000.dta (Rootkit.0Access) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.37.44\zasubsys0000\zafs0000\tsk0006.dta (Trojan.Dropper.BCMiner) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.37.44\zasubsys0000\zafs0000\tsk0007.dta (Rootkit.0Access) -> No action taken. C:\TDSSKiller_Quarantine\29.09.2012_21.37.44\zasubsys0000\zafs0000\tsk0008.dta (Rootkit.0Access.64) -> No action taken. (end)