Jump to content

Search the Community

Showing results for tags '0Access.H'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 1 result

  1. Hello, Yesterday I managed to come down with an ugly mass of malware including Smart Fortress 2012. I downloaded MalwareBytes which thankfully got my computer running again, but is still giving me repeated warnings about blocking Rootkit 0Access.H. Everytime I scan, I find another bunch of the rootkits. Here are my DDS logs: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Sophia at 23:37:53 on 2012-04-30 Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1015.80 [GMT -7:00] . AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\windows\system32\Dwm.exe C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe C:\windows\Explorer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\WindowsMobile\wmdc.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe C:\windows\System32\spoolsv.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ASUS\Eee Docking\Eee Docking.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE C:\Windows\System32\AsusService.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\EeePC\HotkeyService\HotkeyService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\windows\system32\svchost.exe -k bthsvcs C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\taskhost.exe C:\Users\Sophia\AppData\Roaming\Google\Google Talk\googletalk.exe C:\windows\system32\conhost.exe C:\Program Files\Opera\opera.exe C:\windows\system32\conhost.exe C:\windows\system32\msiexec.exe C:\windows\System32\svchost.exe -k swprv C:\windows\system32\NOTEPAD.EXE C:\windows\system32\conhost.exe C:\windows\System32\svchost.exe -k WerSvcGroup C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com uDefault_Page_URL = hxxp://asus.msn.com uWinlogon: Shell=c:\program files\oceanis\systemsetting\WallPaperAgent.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe uRun: [googletalk] c:\users\sophia\appdata\roaming\google\google talk\googletalk.exe /autostart uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe mRun: [superHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [Conime] %windir%\system32\conime.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript StartupFolder: c:\users\sophia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotkey~1.lnk - c:\program files\eeepc\hotkeyservice\HotKeyMon.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{b8a2256e-6225-4d9e-b1c9-c26ca1e22feb}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmchlang.lnk - c:\program files\trend micro\internet security\TmChLang.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134 TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD} : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134 TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\24C454E4A502552434 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\742796E646 : DhcpNameServer = 192.168.1.1 64.59.150.134 TCP: Interfaces\{30241194-5E19-4930-8815-E2BA8533BFFD}\751667563734F666665656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{853186AB-46C4-45FE-B101-4168BC3608D6} : DhcpNameServer = 64.71.255.198 64.71.255.253 TCP: Interfaces\{F3DE0D00-0A55-4134-BAD8-1F1FA770FF7B} : DhcpNameServer = 192.168.0.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-5 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-5 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-5 53328] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-6 29472] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] . =============== Created Last 30 ================ . 2012-05-01 06:32:29 388096 ----a-r- c:\users\sophia\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-05-01 06:32:28 -------- d-----w- c:\program files\Trend Micro 2012-05-01 06:22:15 54016 ----a-w- c:\windows\system32\drivers\jxgc.sys 2012-04-30 15:53:45 -------- d-----w- c:\users\sophia\appdata\local\{F86687B7-AB8A-4FD4-9535-43E43B885297} 2012-04-30 15:52:36 -------- d-----w- c:\users\sophia\appdata\local\{55A5E1F2-E45A-4C22-9824-DDB986C07951} 2012-04-30 06:37:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-30 06:29:43 -------- d-----w- c:\users\sophia\appdata\local\{C2D573D6-F57C-45A5-AA3B-FC96F238D57E} 2012-04-30 05:54:23 -------- d-----w- c:\users\sophia\appdata\roaming\Malwarebytes 2012-04-30 05:53:57 -------- d-----w- c:\programdata\Malwarebytes 2012-04-30 05:53:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 05:53:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-30 04:19:54 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-04-30 04:19:53 -------- d-----w- c:\program files\common files\PC Tools 2012-04-30 04:19:50 -------- d-----w- c:\program files\PC Tools 2012-04-30 04:15:21 -------- d-----w- c:\programdata\PC Tools 2012-04-30 04:15:12 -------- d-----w- c:\users\sophia\appdata\roaming\TestApp 2012-04-30 04:10:29 87552 ----a-w- c:\programdata\JByNm7Ot.exe 2012-04-30 03:50:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-04-30 03:49:43 -------- d-----w- c:\program files\common files\Media 2012-04-30 03:49:37 -------- d-----w- c:\programdata\F4D55F0200049ADC0021DE69A60145BE 2012-04-27 21:01:17 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38bc171e-8ac5-4f99-8e67-a1c16fba402c}\mpengine.dll 2012-04-12 13:42:42 -------- d-----w- c:\users\sophia\appdata\local\{4790FD7E-E933-47BB-A5ED-236E5AB64449} 2012-04-11 14:13:43 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 14:13:42 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 14:13:42 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 14:13:41 158720 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 14:12:45 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 14:12:40 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-06 20:48:23 -------- d-----w- c:\users\sophia\appdata\roaming\OpenOffice.org . ==================== Find3M ==================== . 2012-04-30 06:37:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-05 04:39:54 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 00:00:00 197120 ----a-w- c:\windows\system32\bzpdf.dll 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-23 17:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-02-07 18:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 23:41:04.07 =============== Thank you very much! Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.