Jump to content

rodolfolongo1

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by rodolfolongo1

  1. rodolfolongo1
    Thank you for helping me out I appreciate it, RogueKiller V7.5.4 [06/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: WaRtuGz [Admin rights] Mode: Scan -- Date: 06/23/2012 12:11:40 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS541616J9AT00 ATA Device +++++ --- User --- [MBR] 8931158ab24de45dbc7cc9921e7c8b85 [bSP] 881bfb169e7f864a5cfe8328e90427f2 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10009 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20498940 | Size: 142616 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  2. rodolfolongo1
    Here is the attached file i had to attach on the previous post also Here is a log of the malwarebytes scan. A trojan agent file keeps returning every time i restart my computer, malware claims to delete it but the same trojan keeps reappearing with every time i scan the computer ( past 8 days in a row ) my computer seems unaffected by the agent and working perfectly fine, however I dont want this trojan in my computer for the reason that I dont want to begin to affect my computer later, any help would be greatly appreciated. Thanks Malwarebytes Anti-Malware (Trial) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.27.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Admin Protection: Enabled 1/27/2012 9:57:24 PM mbam-log-2012-01-27 (21-57-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 192777 Time elapsed: 7 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully. Files Detected: 1 C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. (end) Attach2.txt
  3. rodolfolongo1
    . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6002.18005 Run by WaRtuGz at 16:37:18 on 2012-06-22 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.957.242 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.manheim.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 10.71.0.1 TCP: Interfaces\{B67D023E-AF61-4861-853B-AA1AAE26FCA9} : DhcpNameServer = 10.71.0.1 TCP: Interfaces\{C229C3FF-579E-4494-AB88-F239A30B903C} : DhcpNameServer = 10.71.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-11 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-11 337880] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-11 20696] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-11 57688] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-11 44768] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-27 654408] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-8-15 1526080] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-27 22344] R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-2-10 10064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-11 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-11 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-20 02:04:03 5120 ----a-w- c:\windows\system32\wmi.dll 2012-06-20 02:04:03 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-06-20 02:04:03 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-06-20 02:04:02 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-06-20 01:49:57 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{648ae08e-592c-45c9-9af6-b6b26d212573}\mpengine.dll 2012-06-20 01:11:00 66560 ----a-w- c:\windows\system32\packager.dll 2012-06-20 01:09:39 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2012-06-20 01:09:39 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-06-20 01:09:32 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL 2012-06-20 01:09:30 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll 2012-06-20 01:09:30 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll 2012-06-20 01:09:29 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll 2012-06-20 01:09:29 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2012-06-20 01:09:28 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe 2012-06-20 01:09:17 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-20 01:09:17 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-20 01:09:17 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-20 01:08:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2012-06-20 01:08:23 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2012-06-20 01:08:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-06-20 01:08:16 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-06-20 01:08:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2012-06-20 01:08:12 293376 ----a-w- c:\windows\system32\psisdecd.dll 2012-06-20 01:08:11 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-06-20 01:08:11 217088 ----a-w- c:\windows\system32\psisrndr.ax 2012-06-20 01:08:10 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-06-20 01:08:08 1205064 ----a-w- c:\windows\system32\ntdll.dll 2012-06-20 01:08:06 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-06-20 01:08:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-06-20 01:06:14 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-20 01:06:11 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-06-20 01:06:05 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-20 01:06:04 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-06-20 01:05:33 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2012-06-20 01:05:33 238080 ----a-w- c:\windows\system32\oleacc.dll 2012-06-20 01:05:32 563712 ----a-w- c:\windows\system32\oleaut32.dll 2012-06-20 01:05:32 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2012-06-20 01:04:46 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-20 00:55:13 707584 ----a-w- c:\program files\common files\system\wab32.dll 2012-06-19 03:05:04 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 03:04:31 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 03:03:41 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 03:03:41 171904 ----a-w- c:\windows\system32\wuwebv.dll . ==================== Find3M ==================== . 2012-05-15 22:04:50 834048 ----a-w- c:\windows\system32\wininet.dll 2012-04-19 14:18:04 389632 ----a-w- c:\windows\system32\html.iec 2012-04-19 13:53:00 1383424 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 16:37:55.40 ===============
  4. rodolfolongo1
    Here is a log of the malwarebytes scan. A trojan agent file keeps returning every time i restart my computer, malware claims to delete it but the same trojan keeps reappearing with every time i scan the computer ( past 8 days in a row ) my computer seems unaffected by the agent and working perfectly fine, however I dont want this trojan in my computer for the reason that I dont want to begin to affect my computer later, any help would be greatly appreciated. Thanks Malwarebytes Anti-Malware (Trial) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.27.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Admin Protection: Enabled 1/27/2012 9:57:24 PM mbam-log-2012-01-27 (21-57-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 192777 Time elapsed: 7 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully. Files Detected: 1 C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.