Jump to content

MomRules

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by MomRules

  1. I was following instructions under Hellow and welcome to Malwarebytes (having read oher posts involving Rootkit problems). Two issues - one my zip file ability seems non-existant. Second, and more important, I get the following virus scan alert when trying to dowload GMER Rootkit Scanner - Virus Scan ALert - detected as Artemis!CE48AA2EABAE - detection type Trojan. Now what do I do. My computer has been looked at by Central IT - they say that all was cleaned. Still Malware bytes keeps showing Rootkit file infection every time I run a scan (three in one day). I need to get this computer functional - but now seem stuck in the instructions provided on this forum. By the way, here is the DDS text scan... *have attached the attach text as a regular file). Thanks!!!! DDS (Ver_09-11-29.01) - NTFSx86 Run by Deb Lennington at 12:07:37.75 on Sun 11/29/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1282 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Deb Lennington\Desktop\dds.com ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = hxxp://www.bus.umich.edu/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRun: [calc] rundll32.exe c:\docume~1\locals~1\ntuser.dll,_IWMPEvents@0 mPolicies-system: EnableLUA = 0 (0x0) IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: facebook.com\login Trusted Zone: facebook.com\www Trusted Zone: k12.mi.us\pschool.aaps Trusted Zone: malwarebytes.org\www Trusted Zone: umich.edu\exchange Trusted Zone: umich.edu\weblogin DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127424699421 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: timiyesa.dll c:\windows\system32\zunujedu.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: {75b5e617-75e9-463a-88a2-da07bced9bef} - No File SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli msnedav.dll lonuyemu.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\deblen~1\applic~1\mozilla\firefox\profiles\u4fzhivg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://search.liveinfopro.com/?s= FF - component: c:\program files\mozilla firefox\components\Scriptff.dll FF - plugin: c:\documents and settings\deb lennington\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: XULRunner: {46A62ADC-2086-4D50-89BF-F5A72B5F2A49} - c:\documents and settings\deb lennington\local settings\application data\{46A62ADC-2086-4D50-89BF-F5A72B5F2A49} ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.liveinfopro.com/?s= Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.