Jump to content

PUP Hacktool Patcher


Recommended Posts

Hello, I am new to MwB and I recently found a pup hacktool patcher in my c:\sys volume information\restore and I was wondering how to resolve this.

Here is the DSS txt:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Administrator at 17:57:31 on 2011-08-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.954 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: ZoneAlarm Firewall *Disabled*

FW: COMODO Firewall *Disabled*

FW: Avira FireWall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Melloware\Intelliremote\Intelliservice.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdqserv.exe

C:\WINDOWS\system32\lxdqcoms.exe

C:\Program Files\Soluto\SolutoService.exe

C:\Program Files\Soluto\soluto.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe

C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Documents and Settings\Administrator\Application Data\uTorrent\apps\VirusGuard\VirusGuard.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

uRun: [Power2GoExpress] NA

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [RecGuard] c:\windows\sminst\RecGuard.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe"

mRun: [lxdqamon] "c:\program files\lexmark z2400 series\lxdqamon.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A3A9E79D-A7DE-4D22-927A-443C42929768} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-14 13496]

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-6-9 51144]

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2011-8-8 106904]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-8-8 11608]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 242600]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 29400]

R1 SASDIFSV;SASDIFSV;c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2011-7-12 12880]

R1 SASKUTIL;SASKUTIL;c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2011-7-12 67664]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2011-8-8 567464]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-8-8 340136]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-8 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-8 269480]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-8-8 428200]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-8 66616]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1793712]

R2 Intelliservice;Intelliservice;c:\program files\melloware\intelliremote\Intelliservice.exe [2011-2-8 118784]

R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]

R2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2011-5-31 94208]

R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-7-7 376352]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2011-8-8 82952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 dump_wmimmc;dump_wmimmc;\??\c:\gpotato\rappelz\gameguard\dump_wmimmc.sys --> c:\gpotato\rappelz\gameguard\dump_wmimmc.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-9 41272]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 XDva387;XDva387;c:\windows\system32\XDva387.sys [2011-7-15 76616]

.

=============== Created Last 30 ================

.

2011-08-21 05:47:20 -------- d-----w- c:\windows\system32\NtmsData

2011-08-10 04:11:50 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 04:10:06 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-09 23:57:59 -------- d-----w- c:\program files\common files\Steam

2011-08-09 23:57:58 -------- d-----w- c:\program files\Steam

2011-08-09 23:54:40 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2011-08-09 23:54:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-09 23:54:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-09 23:54:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-09 23:54:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-09 05:37:10 -------- d-----w- c:\documents and settings\administrator\application data\Avira

2011-08-09 03:27:18 82952 ----a-w- c:\windows\system32\drivers\avfwim.sys

2011-08-09 03:27:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-09 03:27:18 106904 ----a-w- c:\windows\system32\drivers\avfwot.sys

2011-08-09 03:27:17 -------- d-----w- c:\program files\Avira

2011-08-09 03:27:17 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-08-06 17:10:09 -------- d-----w- c:\windows\pss

2011-08-06 02:13:06 -------- d-----w- c:\program files\iPod

2011-08-06 02:13:03 -------- d-----w- c:\program files\iTunes

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-08-06 02:11:32 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-08-06 02:11:32 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-08-06 02:11:17 -------- d-----w- c:\program files\Bonjour

2011-08-06 00:18:28 -------- d-----w- c:\program files\Windows Resource Kits

2011-08-04 18:25:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-31 23:06:17 -------- d-----w- c:\program files\Musicnotes

2011-07-25 03:44:32 -------- d-----w- c:\program files\AVAST Software

2011-07-25 03:44:32 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-07-25 00:28:02 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-25 00:28:02 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys

.

==================== Find3M ====================

.

2011-07-15 19:25:30 76616 ----a-w- c:\windows\system32\XDva387.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 15:34:08 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2011-07-05 22:41:38 285256 ----a-w- c:\windows\system32\guard32.dll

2011-07-05 22:41:36 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-07-05 22:41:35 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-07-05 22:41:35 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys

c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A648868]

3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008f[0x8A75D848]

5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-0[0x8A75C030]

kernel: MBR read successfully

_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }

user != kernel MBR !!!

.

============= FINISH: 17:58:30.04 ===============

and here is the MwB log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7539

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

8/22/2011 5:36:25 PM

mbam-log-2011-08-22 (17-36-25).txt

Scan type: Full scan (C:\|D:\|G:\|)

Objects scanned: 480138

Time elapsed: 1 hour(s), 25 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\RP100\A0025790.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\RP99\A0024110.exe (Trojan.Agent) -> Quarantined and deleted successfully.

As for the zip, I won't post it until someone replies to me. Personally, I feel uncomfortable to post it. Sorry

Thanks,

Andrew

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.