Jump to content


Photo

Rootkit.agent cannot be removed from Drivers folder.


  • This topic is locked This topic is locked
3 replies to this topic

#1 London

London

    New Member

  • Members
  • Pip
  • 16 posts

Posted 26 December 2009 - 05:21 AM

So my friend got a virus and we have managed to remove everything off the computer except the rootkit.agent

we did a combo fix and a MBAM, we also downloaded another tool and tried to *wipe* the file, and then delete if with MBAB with no avail, multiple reboots and rescans and its still there.

here is my Combo Fix Logg:

ComboFix 09-12-25.04 - User 12/26/2009 3:56.2.4 - x86
MicrosoftĂ Windows Vista˘ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2409 [GMT -6:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1438342224-747510617-516726662-1001

.
((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.

2009-12-26 10:03 . 2009-12-26 10:03 -------- d-----w- c:\users\User\AppData\Local\temp
2009-12-26 10:03 . 2009-12-26 10:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-12-26 10:03 . 2009-12-26 10:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-26 10:03 . 2009-12-26 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-26 08:55 . 2009-06-18 18:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-12-26 08:18 . 2009-12-26 08:18 -------- d-----w- c:\program files\Sophos
2009-12-26 07:44 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 07:44 . 2009-12-26 07:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 07:44 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 07:19 . 2009-12-26 07:19 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-12-26 06:34 . 2009-12-26 06:34 -------- d-----w- c:\users\User\AppData\Local\Threat Expert
2009-12-26 06:34 . 2009-12-26 07:41 -------- d-----w- c:\program files\Enigma Software Group
2009-12-26 06:17 . 2009-12-26 06:40 -------- d-----w- c:\program files\Spyware Doctor
2009-12-26 06:17 . 2009-12-26 06:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-26 03:31 . 2009-12-26 03:31 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2009-12-26 03:30 . 2009-12-26 03:30 -------- d-----w- c:\programdata\Malwarebytes
2009-12-26 01:48 . 2009-12-26 01:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2009-12-24 22:26 . 2009-12-26 09:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Spyware Terminator
2009-12-17 20:20 . 2009-12-17 20:20 -------- d-----w- c:\program files\Winamp Detect
2009-12-17 20:20 . 2009-12-17 20:25 -------- d-----w- c:\users\User\AppData\Roaming\Winamp
2009-12-17 20:20 . 2009-12-17 20:20 -------- d-----w- c:\program files\Winamp
2009-12-16 19:13 . 2009-12-16 19:13 -------- d-----w- c:\users\User\AppData\Local\Google
2009-12-16 19:13 . 2009-12-16 19:13 -------- d-----w- c:\program files\Google
2009-12-14 04:36 . 2009-12-14 04:44 -------- d-----w- c:\users\User\AppData\Local\AIM
2009-12-14 04:36 . 2009-12-14 04:38 -------- d-----w- c:\users\User\AppData\Roaming\acccore
2009-12-14 04:36 . 2009-12-14 04:36 -------- d-----w- c:\users\User\AppData\Local\AOL
2009-12-14 04:36 . 2009-12-14 04:36 -------- d-----w- c:\programdata\AIM
2009-12-14 04:36 . 2009-12-14 04:36 -------- d-----w- c:\program files\AIM
2009-12-14 04:36 . 2009-12-14 04:36 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-12-14 04:36 . 2009-12-14 04:36 -------- d-----w- c:\program files\Common Files\AOL
2009-12-14 00:20 . 2009-12-14 00:20 2855 ----a-w- c:\programdata\Microsoft\Windows\GameExplorer\{58DF7AA4-2F32-4F98-B748-2715346573DF}\SupportTasks\0\www.mythicentertainment.com.pif
2009-12-12 12:02 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 12:02 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 12:02 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 02:58 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 02:56 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-28 12:00 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 09:55 . 2009-12-26 07:12 5018 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-12-26 09:26 . 2008-06-17 19:38 -------- d-----w- c:\program files\Spyware Terminator
2009-12-26 07:19 . 2006-11-02 13:02 2032 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2009-12-26 06:49 . 2008-08-09 21:48 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2009-12-26 05:25 . 2008-06-17 19:38 -------- d-----w- c:\programdata\Spyware Terminator
2009-12-26 04:41 . 2008-06-17 19:38 -------- d-----w- c:\users\User\AppData\Roaming\Spyware Terminator
2009-12-26 03:23 . 2008-03-27 18:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-25 07:03 . 2008-11-23 06:27 -------- d-----w- c:\program files\WinClamAVShield
2009-12-24 22:19 . 2008-01-30 22:36 99864 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-23 20:50 . 2008-06-12 21:55 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-17 03:21 . 2008-02-23 18:46 -------- d-----w- c:\users\User\AppData\Roaming\Ventrilo
2009-12-17 03:21 . 2008-02-23 18:46 -------- d-----w- c:\program files\Ventrilo
2009-12-17 03:20 . 2008-02-23 18:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-12 16:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-12 12:03 . 2008-01-30 23:22 -------- d-----w- c:\programdata\Microsoft Help
2009-11-21 16:23 . 2008-01-30 22:39 99864 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-21 16:20 . 2009-11-21 16:20 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-21 16:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-21 16:20 . 2009-11-21 16:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-21 16:20 . 2009-11-21 16:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-21 12:02 . 2008-01-30 23:25 -------- d-----w- c:\program files\Microsoft Works
2009-11-21 06:40 . 2009-12-10 02:57 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 02:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 02:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 02:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-12 14:53 . 2008-03-27 18:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-09 01:11 . 2008-03-01 03:55 -------- d-----w- c:\users\User\AppData\Roaming\DivX
2009-11-03 17:36 . 2009-11-03 17:36 -------- d-----w- c:\programdata\ALM
2009-11-03 16:57 . 2008-02-25 16:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-03 16:19 . 2009-11-03 16:19 -------- d-----w- c:\program files\Bonjour
2009-11-03 16:16 . 2009-11-03 16:16 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-03 13:44 . 2008-03-01 03:55 -------- d-----w- c:\program files\DivX
2009-11-03 13:44 . 2009-04-04 16:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-03 12:29 . 2009-11-03 12:28 -------- d-----w- c:\program files\Common Files\Real
2009-11-03 12:28 . 2009-11-03 12:28 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-03 12:28 . 2009-11-03 12:28 -------- d-----w- c:\program files\Real
2009-10-08 21:08 . 2009-11-21 12:03 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-21 12:03 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-21 12:03 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 01:02 . 2009-11-21 12:03 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-21 12:03 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-21 12:03 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-21 12:03 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-21 12:03 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-21 12:03 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-21 12:03 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-21 12:03 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-21 12:03 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-21 12:03 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-21 12:03 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-21 12:03 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-21 12:03 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-21 12:03 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-21 12:03 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-21 12:03 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB6045"="command" [X]
"SpybotDeletingD4609"="del" [X]
"SpybotDeletingB5922"="command" [X]
"SpybotDeletingD9454"="del" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 17:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 16:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2009-05-04 16:26 1572872 ----a-w- c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2009-05-04 16:47 2817544 ----a-w- c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDeviceAgent]
2009-05-04 16:48 354312 ----a-w- c:\program files\Logitech\GamePanel Software\LGDevAgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 23:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher]
2009-10-16 23:44 38184 ----a-w- c:\program files\NCSoft\Launcher\NCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-05 00:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 04:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2008-11-22 22:22 1783808 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 10:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-03 12:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-16 23:02 39424 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ares"="c:\program files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(:):04,1d,b4,08,a7,36,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-18]
"EnableNotifications\\Ref"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1438342224-747510617-516726662-1000]
"EnableNotifications\\Ref"=dword:00000001

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\System32\SAVRKBootTasks.sys [12/26/2009 2:55 AM 18816]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [6/17/2008 1:38 PM 141312]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [4/30/2008 9:21 AM 21504]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [3/27/2008 12:29 PM 809296]

--- Other Services/Drivers In Memory ---

*Deregistered* - ovxhbse

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ebay.com
Trusted Zone: fakku.net
Trusted Zone: worldofwarcraft.com
Trusted Zone: worldofwarcraft.com\forums
Trusted Zone: wowhead.com\www
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bqardddq.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(network.protocol-handler.warn-external.dnupdate, false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-26 04:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8599D618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8b39fd24
\Driver\ACPI -> acpi.sys @ 0x80613d68
\Driver\atapi -> ataport.SYS @ 0x82680a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\62A8.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ovxhbse]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,de,5a,36,0f,a2,bb,43,a5,b3,f1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,de,5a,36,0f,a2,bb,43,a5,b3,f1,\
.
Completion time: 2009-12-26 04:07:10
ComboFix-quarantined-files.txt 2009-12-26 10:07
ComboFix2.txt 2009-12-26 07:16

Pre-Run: 383,889,604,608 bytes free
Post-Run: 383,912,062,976 bytes free

- - End Of File - - C3A21FBC976D35A07F2288673A9A8C9B


How can i get rid of this thing, everything ive tried its just came back after reboot.


-Thanks
London

#2 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,015 posts
  • Gender:Male
  • Location:US

Posted 26 December 2009 - 05:24 AM

Hello , and welcome to Malwarebytes.org

We don't work on Malware removal in the general forums.
Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
One of the expert helpers there will give you one-on-one assistance when one becomes available.
After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#3 London

London

    New Member

  • Members
  • Pip
  • 16 posts

Posted 26 December 2009 - 05:39 AM

Hello , and welcome to Malwarebytes.org

We don't work on Malware removal in the general forums.
Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
One of the expert helpers there will give you one-on-one assistance when one becomes available.
After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org



Thanks and sorry about that im kinda new and was on the person with the issue :) ill repost in the appropriate place, thanks!

#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 26 December 2009 - 09:24 AM

@ London
See my reply to your post in the Malware removal sub-forum http://www.malwareby...showtopic=34561




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users