Home > Possible Rootkit > Possible Rootkit Kbdclass.sys

Possible Rootkit Kbdclass.sys

File not found SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: Lavasoft Ad-Aware http://forum.emsisoft.com/Default.aspx?g=posts&t=1914 I have dealt with this before. Click here to Register a free account now! Live\MsgPlusLive.dll (Messenger Plus! http://scvanet.org/possible-rootkit/possible-rootkit-not-exactly-sure-atm.html

Please re-enable javascript to access full functionality. It has done this 1 time(s). 8/25/2010 8:15:08 PM, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. I am a bit worried that i have a rootkit, ive scanned for malware and removed a bit; earlier on i was hit by a variant of the RBOT worm, and Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Continued

Note if it tells you it found a locked service with this name > fxmjzjg have it delete it.========Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Here's MBR: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000003c Kernel Drivers (total 129): 0x804D7000 On reboot, Win7 did a BSOD just after login every time it started. I found clean copies of both kbdclass.sys and atapi.sys.

  • The following corrective action will be taken in 5000 milliseconds: Restart the service. 8/25/2010 8:15:15 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly.
  • Let me know what you decide to do.If you still want to clean it please do the following===================Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted,
  • However, every time I try to download an EXE file from the web, I get the message "xxx.exe contained a virus and was deleted" where xxx was the name of the
  • Live\MsgPlusLive.dll (Messenger Plus!
  • c:\program files\real\realplayer\rpshell.dll + SmartFTP ContextMenu SmartFTP Shell Tools (Verified) SmartSoft Ltd c:\program files\smartftp client\sfshelltools.dll + SmartFTP Drop Handler SmartFTP FTP Shell Namespace Extension (Verified) SmartSoft Ltd c:\program files\smartftp client\sfftpshellextension.dll + SmartFTP
  • Thank you in advance to anyone who can offer any help!
  • TechSpot Account Sign up for free, it takes 30 seconds.
  • Live\MsgPlusLive.dll (Messenger Plus!
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: Aug 25, 2010 #8 KaptainKristi TS Rookie Topic Starter Help!

MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-20 35272] S3 MfeRKDK;McAfee Inc. If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. Please include the C:\ComboFix.txt in your next reply. Login now.

Also try Autoruns If you can, post a report. But no extras.txt. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. https://forums.malwarebytes.org/topic/65566-possible-rootkit/ Antivirus Manages and implements avast!

Share this post Link to post Share on other sites paulds    New Member Topic Starter Members 20 posts ID: 3   Posted October 23, 2010 Hello pauldsWelcome to Malwarebytes.=====================One or CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). If yours is not listed and you don't know how to disable it, please ask. c:\windows\system32\sfrem01.exe + StarWindServiceAE Enables network access to local burners via iSCSI protocol. (Not verified) Rocket Division Software c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe + StyleXPService StyleXPService Module c:\program files\tgtsoft\stylexp\stylexpservice.exe + VMAuthdService Authorization

Press O.K. Continued Thanks, IDWL Back to top #4 idwl idwl Topic Starter Members 20 posts OFFLINE Local time:01:56 AM Posted 06 July 2011 - 05:36 AM Hi ST,Here we go...Thanks,IDWLRkU Version: 3.8.389.593, c:\windows\stsystra.exe + SunJavaUpdateSched Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. Join thousands of tech enthusiasts and participate.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. his comment is here Live Add-On/Yuna Software).text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3072] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since Sometimes it may be nescessary for a complete log to track down problems.

Possible rootkit infection Started by idwl , Jul 01 2011 08:05 AM Page 1 of 2 1 2 Next This topic is locked 22 replies to this topic #1 idwl idwl coconut Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 05 January 2007 Status: Offline Points: 557 Post Options Post Reply Quotecoconut Report Post scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fxmjzjg]"ServiceDll"="c:\windows\system32\tnpmg.dll".Completion time: 2010-10-22 17:31:03ComboFix-quarantined-files.txt 2010-10-23 00:30Pre-Run: 32,782,598,144 bytes freePost-Run: 32,982,982,656 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect this contact form Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password?

I'm prepared to wipe my hard drive entirely if I have to. If Combofix asks you to update the program, always do so. Open notepad and copy/paste the text in the codebox below into it:http://forums.malwarebytes.org/index.php?showtopic=65566Collect::c:\windows\system32\tnpmg.dllDriver::fxmjzjgNetSvc::fxmjzjg2.

It is these entries that are sometimes pointing to malware.

c:\program files\apple software update\softwareupdate.exe HKLM\System\CurrentControlSet\Services + Apple Mobile Device Provides the interface to Apple mobile devices. (Not verified) Apple, Inc. DDS (Ver_11-03-05.01) - NTFSx86 Run by ilake at 12:17:17.54 on 01/07/2011 Internet Explorer: 9.0.8112.16421 Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3036.1449 [GMT 1:00] . NOTE 2. Yes, my password is: Forgot your password?

service GUI component (Verified) ALWIL Software c:\program files\alwil software\avast4\ashdisp.exe + COMODO Firewall Pro (Verified) Comodo CA Limited c:\program files\comodo\firewall\cfp.exe + HP Software Update Hewlett-Packard Product Assistant (Not verified) Hewlett-Packard Development In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator! Safe mode did the same, but safe mode with command line was fine. navigate here Double click on combofix.exe & follow the prompts.

If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. c:\windows\system32\drivers\tmcomm.sys + vmkbd VMware Keyboard Driver (Verified) VMware, Inc. The following error occurred: The operation was canceled by the user. . Already have an account?

Here are my logs from Malware Bytes, GMER, and DDS. I know something is wrong since I use Google Chrome. DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! mini-filter driver (aswFsBlk) (Verified) ALWIL Software c:\windows\system32\drivers\aswfsblk.sys + aswMon2 avast!