Jump to content

rootkit help


Recommended Posts

Help with suspected rootkit issue/spyware/virus.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Emilio Jorge at 19:44:33 on 2011-08-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2591 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\devldr32.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\umonit.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe

C:\Program Files\EZ-RC\ez-rc-tray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [uMonit] c:\windows\system32\umonit.exe

mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjAzMzgxMzQyLUZQOSs2LVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzUtRjlNMTBCKzEtRjlNMisxLUZMMTArMS1YTzEwKzExLUxJQysyLUNJUCsyLUREVCsw"&"prod=90"&"ver=10.0.1392

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ez-rcs~1.lnk - c:\program files\ez-rc\ez-rc-tray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

uPolicies-explorer: <NO NAME> =

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: aol.com\free

Trusted Zone: imageshack.us\toolbar

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37870.4638310185

DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{6600A17A-46CD-48FD-B00E-D7568CDAFE65} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{67CAB336-D091-49D1-9A91-566E192AF77E} : DhcpNameServer = 10.0.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\emilio jorge\application data\mozilla\firefox\profiles\5wswpjaq.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\view22\version 3.10.50\NPView22.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-8 64288]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]

R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-12-16 68136]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-17 366640]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-17 22712]

S2 CVPNDRV;Cisco Systems IPsec Driver;\??\c:\windows\system32\drivers\cvpndrv.sys --> c:\windows\system32\drivers\CVPNDRV.sys [?]

S2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-31 136176]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2151640]

S2 NeroSVC;NeroSVC;c:\program files\ahead\nero\NeroSVC.exe [2001-3-30 73728]

S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2007-8-23 6016]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-31 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

.

=============== Created Last 30 ================

.

2011-08-17 16:46:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-17 16:46:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-17 16:20:01 -------- d-----w- C:\PC_VIRUS_FIX_LOGS

2011-08-17 16:15:20 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-08-14 22:20:53 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-08-14 22:15:33 -------- d-sha-r- C:\cmdcons

2011-08-14 22:11:38 98816 ----a-w- c:\windows\sed.exe

2011-08-14 22:11:38 518144 ----a-w- c:\windows\SWREG.exe

2011-08-14 22:11:38 256000 ----a-w- c:\windows\PEV.exe

2011-08-14 22:11:38 208896 ----a-w- c:\windows\MBR.exe

2011-08-14 22:08:58 4172196 ------r- C:\CF_1.exe

2011-08-14 22:01:58 388608 ----a-w- C:\nigga.com

2011-08-14 22:01:40 388608 ----a-w- C:\HijackThis.exe

2011-08-14 22:00:59 388608 ----a-w- c:\program files\jorge4.exe

2011-08-14 21:59:09 388608 ----a-w- c:\program files\jorge3.exe

2011-08-14 21:50:08 -------- d-----w- c:\program files\ESET

2011-08-14 21:23:27 -------- d-----w- c:\documents and settings\emilio jorge\DoctorWeb

2011-08-14 21:12:06 1404720 ----a-w- C:\tdsskiller.exe

2011-08-14 21:01:51 532480 ----a-w- C:\cws.exe

2011-08-14 20:59:29 388608 ----a-w- C:\asshole_1.exe

2011-08-14 20:58:37 2002320 ----a-w- c:\program files\HousecallLauncher.exe

2011-08-14 20:53:16 532480 ----a-w- c:\program files\cccccccc.exe

2011-08-14 20:52:57 532480 ----a-w- c:\program files\bbbbbbbb.exe

2011-08-14 20:52:35 532480 ----a-w- c:\program files\ggggggggg.exe

2011-08-14 20:35:09 388608 ----a-w- c:\program files\HJ_c.exe

2011-08-14 20:33:57 41 ----a-w- C:\jorger.bat

2011-08-14 20:31:59 388608 ----a-w- c:\program files\HJ_b.exe

2011-08-14 20:31:27 388608 ----a-w- C:\HJ_a.exe

2011-08-14 20:30:14 2002320 ----a-w- C:\NiggaLancher.exe

2011-08-14 19:45:24 -------- d-----w- C:\BBBBBBB

2011-08-14 18:52:43 -------- d-----w- c:\documents and settings\emilio jorge\application data\Malwarebytes

2011-08-11 02:30:41 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-02 17:00:09 956160 ----a-w- c:\windows\system32\ativvamv.dll

2011-08-02 17:00:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe

.

==================== Find3M ====================

.

2011-08-17 23:39:32 16608 ----a-w- c:\windows\gdrv.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-08 04:12:46 7023104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-07-08 04:09:28 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-07-08 03:45:16 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-07-08 03:45:06 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-07-08 03:42:12 5111808 ----a-w- c:\windows\system32\aticaldd.dll

2011-07-08 03:38:30 17989632 ----a-w- c:\windows\system32\atioglxx.dll

2011-07-08 03:23:10 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-07-08 03:22:08 302592 ----a-w- c:\windows\system32\ati2dvag.dll

2011-07-08 03:21:34 4091648 ----a-w- c:\windows\system32\ati3duag.dll

2011-07-08 03:05:16 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-07-08 03:05:04 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-07-08 03:04:56 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-07-08 03:04:48 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-07-08 03:04:36 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-07-08 03:03:20 647168 ----a-w- c:\windows\system32\ati2evxx.exe

2011-07-08 03:03:12 3155072 ----a-w- c:\windows\system32\ativvaxx.dll

2011-07-08 03:01:58 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-07-08 02:56:52 651264 ----a-w- c:\windows\system32\atikvmag.dll

2011-07-08 02:53:32 507904 ----a-w- c:\windows\system32\atiok3x2.dll

2011-07-08 02:53:14 208896 ----a-w- c:\windows\system32\atiadlxx.dll

2011-07-08 02:52:54 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-07-08 02:47:44 868352 ----a-w- c:\windows\system32\ati2cqag.dll

2011-07-08 02:46:38 64512 ----a-w- c:\windows\system32\atimpc32.dll

2011-07-08 02:46:38 64512 ----a-w- c:\windows\system32\amdpcom32.dll

2011-07-08 02:46:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-06-30 17:14:24 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-15 17:19:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2008-07-24 17:04:03 16388 ----a-w- c:\program files\common files\qudydepu.pif

2008-07-24 17:04:03 14835 ----a-w- c:\program files\common files\zarokid.reg

2008-07-24 17:04:03 11733 ----a-w- c:\program files\common files\ukomoqosac.com

2000-12-22 02:30:20 923020 ----a-w- c:\program files\cutehtml20.exe

2000-12-22 02:19:14 1700760 ----a-w- c:\program files\cuteftp.exe

.

============= FINISH: 19:46:08.00 ===============

MBAM Log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7488

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/17/2011 6:36:24 PM

mbam-log-2011-08-17 (18-36-24).txt

Scan type: Full scan (C:\|)

Objects scanned: 492254

Time elapsed: 1 hour(s), 40 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\docs\Jorge\local settings\Temp\comver.dll (Adware.GameSpyArcade) -> Quarantined and deleted successfully.

c:\program files\mIRC\mirc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{52353304-db4e-4f14-82e0-34dfc51e8f33}\RP633\A0097663.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\documents and settings\Jorge\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Jorge\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Adriana\local settings\temporary internet files\jobiwakija.exe (Trojan.Agent) -> Quarantined and deleted successfully.

thanks

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (AVG and Lavasoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.