cds777 Posted October 5, 2011 ID:482474 Share Posted October 5, 2011 Windows Vista Home Premium 32 bitI am running as the adminlet me know if you have any other questionsOk, I have used Malwarebytes for years on multiple PCs. This is a newer computer and I did already have it installed when this problem started. I have uninstalled and reinstalled it multiple times and this does not help the issue at all.When i try to open malwarebytes i get a windows error "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."When i first reinstall it will let me open it and check for updates. (which it always says there is not any) then start the quick scan, the scan lasts for 20 seconds or less and then the whole program closes. When I try to reopen the program I am back to where i started with the same error message. Tried safe mode with networking, Downloaded fineWhen it opens it let me check for updates and told me that it was the most current version. Then I went to quick scan and it started scanning for about 20 seconds and closed. When i try to reopen it I get the same error I got before: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.I tried to rename the file and I get a box that says: " You need permission to perform this action" and gives me a "try again" option over and over and over... I hate vista...When I tried rkill and all of its other forms, i get error istallation failed. Then i get a comand promp that sits there for about a min, then a notepad that tells me nothing was closed. When I downloaded the random installer for mbam it gives the same error as the regular install.I get the same error when i try to open mbam.exe through the run promp but the error flashes quickly and goes away.exeHelper did nothing...I downloaded GMER Rootkit Scanner and it opened and started scanning for about 3 mins then closed and now gives the the same error that i get when i try to open malwarebytes.Here is my DDS txt. GMER closed before I could get anything and I cant reopen it without reinstalling it and it will most likely close out before finishing again. And, I cannot open Mbam so i cannot get that log for you either . I attached a zip copy of the "attach" file as the instructions indicated..DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_26Run by larry at 2:06:34 on 2011-10-05Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3069.1575 [GMT -6:00]..============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\1778141748:3417637782.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeC:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exeC:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Ask.com\Updater\Updater.exeC:\Windows\ehome\ehtray.exeC:\Windows\System32\ctfmon.exeC:\Program Files\Belkin\F7D4101\V1\PBN.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exeC:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exeC:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\Program Files\Intel\IntelDH\CCU\AlertService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exeC:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exeC:\Windows\system32\STacSV.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Belkin\F7D4101\V1\wlansrv.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Windows\system32\DRIVERS\xaudio.exeC:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exeC:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exeC:\Windows\system32\WerCon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exeC:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exeC:\Windows\System32\mobsync.exeC:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exeC:\Windows\system32\svchost.exe -k WindowsMobileC:\Windows\system32\taskeng.exeC:\Windows\ehome\ehsched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exeC:\Windows\ehome\ehRecvr.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110701&user_guid=FACC10C83C85457094A600704241B918&machine_id=e09ae9034e9d9d9f46c6f8d8375cfc0a&browser=IE&os=win&os_version=6.0-x86-SP0uWindow Title = Internet Explorer provided by DellmDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071204uInternet Settings,ProxyOverride = *.localuURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dlluURLSearchHooks: H - No FileBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dllBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllTB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dlluRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenteruRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silentuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hidemRun: [ECenter] c:\dell\e-center\EULALauncher.exemRun: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIModemRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exemRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exemRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startupmRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"mRun: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exemRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"mRun: [NWEReboot] mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f7d4101\v1\PBN.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exemPolicies-system: EnableLUA = 0 (0x0)IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dllIE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dllLSP: mswsock.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{0204C2B8-7B6B-4A67-BA22-B0379F2E906F} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{3A9E2B08-F26B-431B-BB96-07E82BA0C481} : DhcpNameServer = 192.168.1.1.================= FIREFOX ===================.FF - ProfilePath - c:\users\larry\appdata\roaming\mozilla\firefox\profiles\2oj3mzkj.default\FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll.============= SERVICES / DRIVERS ===============.R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]R2 NMSCore;Intel® NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]R2 QualityManager;Intel® Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]R2 WLANBelkinService;Belkin WLAN service;c:\program files\belkin\f7d4101\v1\wlansrv.exe [2009-12-28 36864]R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2009-11-6 699896]R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-12-4 1030784]R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-12-4 5632]R3 LazerUsb;Lumanate Lazer USB;c:\windows\system32\drivers\LazerUsb.sys [2007-12-4 5734400]S3 DHTRACE;Intel® DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-5-3 24576].=============== Created Last 30 ================.2011-10-05 08:04:54 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0682d972-7d22-48f6-97ca-f3e3ab952a8f}\offreg.dll2011-10-05 07:31:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-05 07:31:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-10-05 06:55:48 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0682d972-7d22-48f6-97ca-f3e3ab952a8f}\mpengine.dll2011-10-05 06:37:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-10-05 06:36:54 -------- d-----w- c:\users\larry\appdata\roaming\Malwarebytes2011-10-05 06:36:51 -------- d-----w- c:\programdata\Malwarebytes2011-09-11 07:43:13 -------- d-----w- C:\MTV_OUTPUT.==================== Find3M ====================.2011-08-02 00:24:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl.============= FINISH: 2:07:46.77 ===============attach.zip Link to post Share on other sites More sharing options...
LDTate Posted October 7, 2011 ID:483159 Share Posted October 7, 2011 Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.Consider what other private information could possibly have been taken from your computer and take appropriate stepsThis infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.Please post back to let me know how you wish to proceed. Link to post Share on other sites More sharing options...
LDTate Posted October 11, 2011 ID:484650 Share Posted October 11, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts