Jump to content

cheeks

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, I ran combo-fix uninstall successfully. I was able to use my computer in normal mode. After going to a few internet sites, I ran another scan and did not find anything. Could this be the end of this mess?? If so, thank you very much for helping out a computer novice. Unfortunately, I have to get working on my projects again. Thanks again.........
  2. Please find below the combo fix and HJT files. Note, I had to run this in safe mode. Thanks ComboFix 09-08-26.05 - 08/26/2009 21:14.1.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.365 [GMT -4:00] Running from: c:\documents and settings\anthony.SWAN-NT\Desktop\Combo-Fix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\anthony.SWAN-NT\Application Data\Google\T-Scan c:\documents and settings\anthony.SWAN-NT\Application Data\Google\T-Scan\n.gif c:\documents and settings\anthony.SWAN-NT\Application Data\Google\T-Scan\t.gif c:\documents and settings\anthony.SWAN-NT\Application Data\Google\T-Scan\y.gif c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\Downloaded Program Files\setup.dll c:\windows\Installer\10044a5.msp c:\windows\Installer\49e53.msp c:\windows\Installer\7e4ad.msp c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk c:\windows\system32\drivers\fad.sys c:\windows\system32\drivers\hjgruixufjqaee.sys c:\windows\system32\drivers\str.sys c:\windows\system32\drivers\ykccjn.sys c:\windows\system32\Drivers\zsuqpwf.sys c:\windows\system32\hjgruilctwkcxd.dat c:\windows\system32\hjgruimqyqcbna.dll c:\windows\system32\hjgruinvstipyy.dll c:\windows\system32\hjgruiqtnnbmus.dat c:\windows\system32\wjmjmwe.dll ----- BITS: Possible infected sites ----- hxxp://swdist.mcquay.com hxxp://swanserver:8530 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruikamrmjxo -------\Legacy_hjgruikamrmjxo -------\Legacy_ZAPCGUXZWSXRPGQ -------\Service_zapcguxzwsxrpgq ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 ))))))))))))))))))))))))))))))) . 2009-08-01 02:45 . 2009-08-01 02:45 -------- d-----w- C:\002c6733f2f637be8a 2009-08-01 02:23 . 2009-08-01 02:23 -------- d-----w- C:\913e755aa2159139b4aa . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-27 00:49 . 2007-10-31 20:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-26 01:14 . 2006-10-05 16:42 -------- d-----w- c:\program files\Spyware Doctor 2009-08-26 00:30 . 2008-12-08 22:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-26 00:30 . 2009-03-30 03:50 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-03 17:36 . 2008-12-08 22:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 17:36 . 2008-12-08 22:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-11 01:33 . 2004-12-12 07:30 94424 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2007-02-22 16:01 . 2007-02-22 16:01 458752 -c--a-w- c:\program files\mqljob2.mdb . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-01 68856] "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2009-08-03 2115728] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-12-12 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "NcpBudget"="c:\program files\WatchGuard\Mobile VPN\ncpbudgt.exe" [2008-01-17 401920] "NcpPopup"="c:\program files\WatchGuard\Mobile VPN\ncppopup.exe" [2007-11-07 535040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2009-08-03 2115728] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4060681539-3463340923-3655354263-1114\Scripts\Logon\0\0] "Script"=HP Plotter.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4060681539-3463340923-3655354263-1114\Scripts\Logon\1\0] "Script"=Color Copier.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4060681539-3463340923-3655354263-1114\Scripts\Logon\2\0] "Script"=B&W Copier.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4060681539-3463340923-3655354263-1114\Scripts\Logon\3\0] "Script"=FolderRedirect.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4060681539-3463340923-3655354263-1114\Scripts\Logon\4\0] "Script"=mcquay.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4060681539-3463340923-3655354263-1114\Scripts\Logon\5\0] "Script"=swan.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4060681539-3463340923-3655354263-1163\Scripts\Logon\0\0] "Script"=drives.bat [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\WatchGuard\\Mobile VPN\\NCPMON.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 NcpFiltMP;NcpFiltMP;c:\windows\SYSTEM32\DRIVERS\ncpvaxp.sys [11/3/2008 11:06 AM 80040] S2 ncpclcfg;ncpclcfg;c:\program files\WatchGuard\Mobile VPN\ncpclcfg.exe [11/3/2008 11:06 AM 81920] S2 ncprwsnt;ncprwsnt;c:\program files\WatchGuard\Mobile VPN\NCPRWSNT.EXE [11/3/2008 11:06 AM 1036296] S2 NcpSec;NcpSec;c:\program files\WatchGuard\Mobile VPN\NCPSEC.EXE [11/3/2008 11:06 AM 45056] S2 rwsrsu;RwsRsu;c:\program files\WatchGuard\Mobile VPN\rwsrsu.exe [11/3/2008 11:06 AM 266240] S3 NcpFilt;Ncp Filter Service;c:\windows\SYSTEM32\DRIVERS\ncpvaxp.sys [11/3/2008 11:06 AM 80040] S3 ncpvaxp;NCP Secure Client Virtual Adapter Driver;c:\windows\SYSTEM32\DRIVERS\ncpvaxp.sys [11/3/2008 11:06 AM 80040] S3 OnePointDomainAdminService;Active Directory Migration Agent;c:\program files\OnePointDomainAgent\DCTAgentService.exe --> c:\program files\OnePointDomainAgent\DCTAgentService.exe [?] . Contents of the 'Scheduled Tasks' folder 2004-12-17 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 10:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/mywaybiz mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: CProjects.com Trusted Zone: jobs2bid.com Trusted Zone: Secure.jobs2bid.com Trusted Zone: www.CProjects.com Trusted Zone: www.jobs2bid.com Trusted Zone: www.secure.jobs2bid.com TCP: {97F769BD-5C5E-4AA9-8F32-EC56F811EC9F} = 192.168.1.250,66.6.65.5 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-26 21:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????0???????????????X:?????? ???????????x????????:??x???????????????????x???? ??x??????????????????|????????x??????? ???????4???????x???p?????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-27 21:27 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-27 01:27 Pre-Run: 1,818,324,992 bytes free Post-Run: 1,679,540,224 bytes free 150 --- E O F --- 2009-07-28 03:59 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:35:54 PM, on 8/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NcpBudget] "C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe" O4 - HKLM\..\Run: [NcpPopup] "C:\Program Files\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.CProjects.com O15 - Trusted Zone: http://*.jobs2bid.com O15 - Trusted Zone: http://*.Secure.jobs2bid.com O15 - Trusted Zone: http://*.www.CProjects.com O15 - Trusted Zone: http://*.www.jobs2bid.com O15 - Trusted Zone: http://*.www.secure.jobs2bid.com O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://pol.cprojects.com/POLApp/Viewer/msxml4.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Swan.loc O17 - HKLM\Software\..\Telephony: DomainName = Swan.loc O17 - HKLM\System\CCS\Services\Tcpip\..\{97F769BD-5C5E-4AA9-8F32-EC56F811EC9F}: NameServer = 192.168.1.250,66.6.65.5 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Swan.loc O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: ncpclcfg - NCP engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe O23 - Service: NcpSec - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Active Directory Migration Agent (OnePointDomainAdminService) - Unknown owner - C:\Program Files\OnePointDomainAgent\DCTAgentService.exe (file missing) O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe -- End of file - 7920 bytes
  3. I double checked the version which version of Malwarebytes I was using and uoadted it to the latest. I ended up w/ 21 items. I ran it again and again. It seems like rootkit and TDSS are the two ietsm I can't get rid of. Please see log below. Note, I had to run this in safe mode because I was unable to complete a scan in normal. Malwarebytes' Anti-Malware 1.40 Database version: 2697 Windows 5.1.2600 Service Pack 3 (Safe Mode) 8/25/2009 9:59:56 PM mbam-log-2009-08-25 (21-59-43).txt Scan type: Quick Scan Objects scanned: 129113 Time elapsed: 4 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: \\?\globalroot\systemroot\SYSTEM32\hjgruinvstipyy.dll (Trojan.TDSS) -> No action taken. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: \\?\globalroot\systemroot\SYSTEM32\hjgruinvstipyy.dll (Trojan.TDSS) -> No action taken. C:\WINDOWS\SYSTEM32\DRIVERS\str.sys (Rootkit.Agent) -> No action taken. Thanks for your help....
  4. I have run malwarebytes in safe mode and found rootkit.agent. It appeared removed. I ran a second quick scan in safe mode and everything came up clean. I rebooted and switced to normal operations and the desktop either never loaded or was very, very, very slow. When I ran malwarebytes in normal mode it stopped. I went back to safe mode and rediscovered the rootkit.agent. Please help. I have a project to complete and the laptop has all the programs and info. Thanks....
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.