Jump to content

Help me :(

cds777

By cds777
in Resolved Malware Removal Logs

 Share

Recommended Posts

cds777

cds777

Posted
Posted

Windows Vista Home Premium 32 bit

I am running as the admin

let me know if you have any other questions

Ok, I have used Malwarebytes for years on multiple PCs. This is a newer computer and I did already have it installed when this problem started. I have uninstalled and reinstalled it multiple times and this does not help the issue at all.

When i try to open malwarebytes i get a windows error "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

When i first reinstall it will let me open it and check for updates. (which it always says there is not any) then start the quick scan, the scan lasts for 20 seconds or less and then the whole program closes. When I try to reopen the program I am back to where i started with the same error message.

Tried safe mode with networking, Downloaded fine

When it opens it let me check for updates and told me that it was the most current version. Then I went to quick scan and it started scanning for about 20 seconds and closed. When i try to reopen it I get the same error I got before: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

I tried to rename the file and I get a box that says: " You need permission to perform this action" and gives me a "try again" option over and over and over... I hate vista...

When I tried rkill and all of its other forms, i get error istallation failed. Then i get a comand promp that sits there for about a min, then a notepad that tells me nothing was closed.

When I downloaded the random installer for mbam it gives the same error as the regular install.

I get the same error when i try to open mbam.exe through the run promp but the error flashes quickly and goes away.

exeHelper did nothing...

I downloaded GMER Rootkit Scanner and it opened and started scanning for about 3 mins then closed and now gives the the same error that i get when i try to open malwarebytes.

Here is my DDS txt. GMER closed before I could get anything and I cant reopen it without reinstalling it and it will most likely close out before finishing again. And, I cannot open Mbam so i cannot get that log for you either :(. I attached a zip copy of the "attach" file as the instructions indicated.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_26

Run by larry at 2:06:34 on 2011-10-05

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3069.1575 [GMT -6:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\1778141748:3417637782.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\ctfmon.exe

C:\Program Files\Belkin\F7D4101\V1\PBN.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

C:\Windows\system32\WerCon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\taskeng.exe

C:\Windows\ehome\ehsched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe

C:\Windows\ehome\ehRecvr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://lf.startnow.com/?

src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&to

olbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110701&user_guid=FACC10C83C85457094A600704241B918&machin

e_id=e09ae9034e9d9d9f46c6f8d8375cfc0a&browser=IE&os=win&os_version=6.0-x86-SP0

uWindow Title = Internet Explorer provided by Dell

mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071204

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode

mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup

mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"

mRun: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [NWEReboot]

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f7d4101\v1

\PBN.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth

software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line

detect\DLG.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0204C2B8-7B6B-4A67-BA22-B0379F2E906F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3A9E2B08-F26B-431B-BB96-07E82BA0C481} : DhcpNameServer = 192.168.1.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\larry\appdata\roaming\mozilla\firefox\profiles\2oj3mzkj.default\

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12

208896]

R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe

[2007-6-27 157912]

R2 NMSCore;Intel® NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]

R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]

R2 QualityManager;Intel® Quality Manager;c:\program files\intel\inteldh\intel media server\media

server\bin\QualityManager.exe [2007-6-27 272600]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow

toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]

R2 WLANBelkinService;Belkin WLAN service;c:\program files\belkin\f7d4101\v1\wlansrv.exe [2009-12-28 36864]

R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2009-11-6 699896]

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-12-4 1030784]

R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-12-4 5632]

R3 LazerUsb;Lumanate Lazer USB;c:\windows\system32\drivers\LazerUsb.sys [2007-12-4 5734400]

S3 DHTRACE;Intel® DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27

39640]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-5-3 24576]

.

=============== Created Last 30 ================

.

2011-10-05 08:04:54 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0682d972-7d22-

48f6-97ca-f3e3ab952a8f}\offreg.dll

2011-10-05 07:31:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-05 07:31:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-05 06:55:48 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0682d972-7d22-

48f6-97ca-f3e3ab952a8f}\mpengine.dll

2011-10-05 06:37:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-05 06:36:54 -------- d-----w- c:\users\larry\appdata\roaming\Malwarebytes

2011-10-05 06:36:51 -------- d-----w- c:\programdata\Malwarebytes

2011-09-11 07:43:13 -------- d-----w- C:\MTV_OUTPUT

.

==================== Find3M ====================

.

2011-08-02 00:24:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 2:07:46.77 ===============

attach.zip

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.