Home > Possible Rootkit > Possible Rootkit Kbdclass.sys

Possible Rootkit Kbdclass.sys

Inc.)O3 - HKU\S-1-5-21-1060284298-1229272821-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.O3 - HKU\S-1-5-21-1060284298-1229272821-725345543-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1060284298-1229272821-725345543-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - Ask a question and give support. Live\MsgPlusLive.dll (Messenger Plus! Base Kernel-Mode Device Driver for Windows NT/2000/XP (Verified) ALWIL Software c:\windows\system32\drivers\aavmker4.sys + aswFsBlk avast! navigate here

MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-20 34248] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2010-3-5 227600] S3 netw5v32;Intel Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Had to email in utilities from another PC as I could not download them on infected PC. Live Add-On/Yuna Software).text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3072] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Discover More

Highlight and click Export as.. c:\program files\breakpoint software\hex workshop 4.2\hwext.dll + NBShellHook Class Nero BackItUp (Verified) Nero AG c:\program files\nero\nero8\nero backitup\nbshell.dll + SASContextMenu Class SUPERAntiSpyware Context Menu Extension (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll + SmartFTP SmartFTP Share this post Link to post Share on other sites paulds    New Member Topic Starter Members 20 posts ID: 5   Posted October 23, 2010 Here is the next ComboFix I now have no keyboard problems and I assume, maybe wrongly, that the disk system is no longer hooked.From this point on I will do nothing unless told.First time I ran

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of Thanks, IDWL Back to top #4 idwl idwl Topic Starter Members 20 posts OFFLINE Local time:01:56 AM Posted 06 July 2011 - 05:36 AM Hi ST,Here we go...Thanks,IDWLRkU Version: 3.8.389.593, Started by paulds, October 22, 2010 39 posts in this topic Prev 1 2 Next Page 1 of 2 paulds    New Member Topic Starter Members 20 posts ID: 1 It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal

The following corrective action will be taken in 5000 milliseconds: Restart the service. 8/25/2010 8:15:15 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. Login now. A scan run from this tab would have provided a better overall picture, including Drivers, Files, and Processes. https://forums.malwarebytes.org/topic/65566-possible-rootkit/ Logs follow GMER still running.DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 16:25:06.07 on 10/05/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2559.1841 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning

Is there anything I can do to remove whatever this malware is? or read our Welcome Guide to learn how to use this site. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. Any help gratefully received. .

Live Add-On/Yuna Software).text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3072] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 28003C60 C:\Program Files\Messenger Plus! https://forums.spybot.info/archive/index.php/t-61033.html Note if it tells you it found a locked service with this name > fxmjzjg have it delete it.========Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! A log file should appear. I Am Not A Malware Expert For Other Queries Use **1*' AverageJoe Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 27 June 2008 Status: Offline

Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List http://ircdhelp.org/possible-rootkit/possible-rootkit-on-win7x64.php Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state Live Add-On/Yuna Software).text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3072] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! So I have pasted the otl.txt below.OTL logfile created on: 13/05/2010 02:07:34 - Run 3OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Owner\DesktopWindows XP Home Edition Service Pack 3

Please note that your topic was not intentionally overlooked. To view information on SF FrontLine drivers, or to uninstall drivers manually, visit http://www.star-force.com/protection/users/. (Verified) Protection Technology, Ltd. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged his comment is here It has done this 1 time(s). 8/25/2010 8:15:06 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly.

Live\MsgPlusLive.dll (Messenger Plus! Photo Story 2 LE Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Modem Helper Mozilla ActiveX c:\program files\itunes\ituneshelper.exe + nwiz NVIDIA nView Wizard, Version 111.17 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe + SigmatelSysTrayApp Sigmatel Audio system tray application (Not verified) SigmaTel, Inc.

Similar Topics Internet Explorer pop ups Dec 8, 2010 Possible Malware?

The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date! Very Important! Let me know what you decide to do.If you still want to clean it please do the following===================Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, This includes the resident protection, the virus chest and the scheduler. (Verified) ALWIL Software c:\program files\alwil software\avast4\ashserv.exe + BlueSoleilCS Manages bluetooth hardware and provides bluetooth functions.

Ran MBam and it found some items which I cleaned but problem still persists. Double Click autoruns.exe 2. Please do not use the Attachment feature for any log file. weblink Please don't send help request via PM, unless I am already helping you.

So then I altered all the registry keys for kbdclass.sys to kbdclass2.sys after copying the clean copy into system32\drivers. I am going to stick with you until ALL malware is gone from your system. Live\MsgPlusLive.dll (Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus!

Sometimes it may be nescessary for a complete log to track down problems. I could then also copy the clean atapi.sys. Live Add-On/Yuna Software).text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3072] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 2800A240 C:\Program Files\Messenger Plus! These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP. (Verified) Nero AG c:\program files\nero\nero8\nero backitup\nbservice.exe + Pml Driver HPZ12 PML

Let me know what you decide to do.If you still want to clean it please do the following===================Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, Enter 'Y' and hit ENTER for more options, or 'N' to exit: Aug 25, 2010 #8 KaptainKristi TS Rookie Topic Starter Help! No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If you could, post at least a File scan log from RootRepeal.

If you'd like to assist in the fight against malware, click here The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing SHA1: 528D76AF92636551CD15423543A72AE085CACA37 Found non-standard or infected MBR. Live Add-On/Yuna Software)---- Devices - GMER 1.0.15 ----AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys Live Add-On/Yuna Software).text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3072] USER32.dll!SetWindowRgn 7E42E528 7 Bytes JMP 28005F50 C:\Program Files\Messenger Plus!

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html Make sure, you disable "word wrap" in Notepad, because your logs will be hard to read. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Live Add-On/Yuna Software).text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3072] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 2800A170 C:\Program Files\Messenger Plus! In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!

Be prepared to back up your data. Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe + aswUpdSv Provides automatic updating for the avast! c:\windows\system32\drivers\cercsr6.sys + cmdGuard COMODO Firewall Pro Sandbox Driver (Verified) Comodo CA Limited c:\windows\system32\drivers\cmdguard.sys + cmdHlp COMODO Firewall Pro Helper Driver (Verified) Comodo CA Limited c:\windows\system32\drivers\cmdhlp.sys + ENTECH (Verified) EnTech Taiwan