Wirbelwind

PUP Hacktool Patcher

4 posts in this topic

Hello, I am new to MwB and I recently found a pup hacktool patcher in my c:\sys volume information\restore and I was wondering how to resolve this.

Here is the DSS txt:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Administrator at 17:57:31 on 2011-08-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.954 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: ZoneAlarm Firewall *Disabled*

FW: COMODO Firewall *Disabled*

FW: Avira FireWall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Melloware\Intelliremote\Intelliservice.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdqserv.exe

C:\WINDOWS\system32\lxdqcoms.exe

C:\Program Files\Soluto\SolutoService.exe

C:\Program Files\Soluto\soluto.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe

C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Documents and Settings\Administrator\Application Data\uTorrent\apps\VirusGuard\VirusGuard.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

uRun: [Power2GoExpress] NA

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [RecGuard] c:\windows\sminst\RecGuard.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe"

mRun: [lxdqamon] "c:\program files\lexmark z2400 series\lxdqamon.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A3A9E79D-A7DE-4D22-927A-443C42929768} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-14 13496]

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-6-9 51144]

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2011-8-8 106904]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-8-8 11608]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 242600]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 29400]

R1 SASDIFSV;SASDIFSV;c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2011-7-12 12880]

R1 SASKUTIL;SASKUTIL;c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2011-7-12 67664]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2011-8-8 567464]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-8-8 340136]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-8 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-8 269480]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-8-8 428200]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-8 66616]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1793712]

R2 Intelliservice;Intelliservice;c:\program files\melloware\intelliremote\Intelliservice.exe [2011-2-8 118784]

R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]

R2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2011-5-31 94208]

R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-7-7 376352]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2011-8-8 82952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 dump_wmimmc;dump_wmimmc;\??\c:\gpotato\rappelz\gameguard\dump_wmimmc.sys --> c:\gpotato\rappelz\gameguard\dump_wmimmc.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-9 41272]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 XDva387;XDva387;c:\windows\system32\XDva387.sys [2011-7-15 76616]

.

=============== Created Last 30 ================

.

2011-08-21 05:47:20 -------- d-----w- c:\windows\system32\NtmsData

2011-08-10 04:11:50 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 04:10:06 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-09 23:57:59 -------- d-----w- c:\program files\common files\Steam

2011-08-09 23:57:58 -------- d-----w- c:\program files\Steam

2011-08-09 23:54:40 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2011-08-09 23:54:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-09 23:54:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-09 23:54:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-09 23:54:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-09 05:37:10 -------- d-----w- c:\documents and settings\administrator\application data\Avira

2011-08-09 03:27:18 82952 ----a-w- c:\windows\system32\drivers\avfwim.sys

2011-08-09 03:27:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-09 03:27:18 106904 ----a-w- c:\windows\system32\drivers\avfwot.sys

2011-08-09 03:27:17 -------- d-----w- c:\program files\Avira

2011-08-09 03:27:17 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-08-06 17:10:09 -------- d-----w- c:\windows\pss

2011-08-06 02:13:06 -------- d-----w- c:\program files\iPod

2011-08-06 02:13:03 -------- d-----w- c:\program files\iTunes

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-08-06 02:12:41 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-08-06 02:11:32 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-08-06 02:11:32 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-08-06 02:11:17 -------- d-----w- c:\program files\Bonjour

2011-08-06 00:18:28 -------- d-----w- c:\program files\Windows Resource Kits

2011-08-04 18:25:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-31 23:06:17 -------- d-----w- c:\program files\Musicnotes

2011-07-25 03:44:32 -------- d-----w- c:\program files\AVAST Software

2011-07-25 03:44:32 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-07-25 00:28:02 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-25 00:28:02 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys

.

==================== Find3M ====================

.

2011-07-15 19:25:30 76616 ----a-w- c:\windows\system32\XDva387.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 15:34:08 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2011-07-05 22:41:38 285256 ----a-w- c:\windows\system32\guard32.dll

2011-07-05 22:41:36 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-07-05 22:41:35 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-07-05 22:41:35 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys

c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A648868]

3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008f[0x8A75D848]

5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-0[0x8A75C030]

kernel: MBR read successfully

_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }

user != kernel MBR !!!

.

============= FINISH: 17:58:30.04 ===============

and here is the MwB log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7539

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

8/22/2011 5:36:25 PM

mbam-log-2011-08-22 (17-36-25).txt

Scan type: Full scan (C:\|D:\|G:\|)

Objects scanned: 480138

Time elapsed: 1 hour(s), 25 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\RP100\A0025790.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\RP99\A0024110.exe (Trojan.Agent) -> Quarantined and deleted successfully.

As for the zip, I won't post it until someone replies to me. Personally, I feel uncomfortable to post it. Sorry

Thanks,

Andrew

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Share this post


Link to post
Share on other sites

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.