AGP440.sys file infected

LaurelC · Feb 6, 2010

HI,

I am trying to fix my daughter's computers. She has various issues, Unfortunately, I have another daughter who THINKS she 'knows about computers' who has been 'helping' her.

I think I'm good except for the AGP440.sys file. Combofix found it but I don't know what to DO about it.

Would you check all the log files and let me know if you find anything else?

Thanks,
Laurel

LaurelC · Feb 6, 2010

Here's the MGTools zip file

LaurelC · Feb 6, 2010

P.S. I don't have an initial problem with THIS computer, however, I'm trying to clean up the puters for my daughter's bridal shop before she reopens in a new location. Did all the scans and they looked good to ME except for the AGP440.sys file.

Installed COMODO firewall and AV after all the scans.

TimW · Feb 8, 2010

Please use windows explorer to find and delete:
c:\windows\Ghufulazexizu.dat

Now, download OTL to your desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Copy and paste the following in the Custom/Scans and fixes box.

AGP440.sys

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

* When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
* Please attach these files.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\MGlogs.zip

Make sure you tell me how things are working now!

LaurelC · Feb 25, 2010

OK, here they are! Sorry it took so long!

Did I say thank you? If not, THANK YOU!

Cheers,
Laurel

TimW · Feb 26, 2010

Please go to start / run / and type:
services.msc

When that opens, scroll down to AGP440 and tell me what it is set to ( ie: Auto, Manual, etc.).

LaurelC · Mar 2, 2010

uummmmm....don't get mad at me, but I think I might have mixed up the scans for two different puters about half way through this thread! I'm gonna start over and try to keep them straight this time.

SOOOOOOOO sorry! :-o

TimW · Mar 2, 2010

That is why we want separate threads for separate computers.

LaurelC · Mar 2, 2010

Oh, I understand. BELIEVE me, I understand! I just got them confused when my daughter moved them around. :confused

God bless her little heart!

TimW · Mar 4, 2010

Where do we stand at this point?

LaurelC · Mar 4, 2010

I'm starting over with all three machines. Now that they're permanently where they will STAY and I have recorded the machine names, etc, I will post each set of logs to a different thread and go from there.

I have been working on this in the evenings after I leave work, but then my daughters get back on the machines the next day and no telling WHAT they're doing, so I plan to go either this Sunday or next and spend the whole day getting everthing resolved.

Have I thanked you for your geekiness?

Log in or Sign up

AGP440.sys file infected

LaurelC Private E-2

Attached Files:

SASLog.txt

mbam-log-2010-02-06 (11-59-36).txt

ComboFix.txt

RRLog.txt

LaurelC Private E-2

Attached Files:

MGlogs.zip

LaurelC Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

LaurelC Private E-2

Attached Files:

Extras.zip

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

LaurelC Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

LaurelC Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

LaurelC Private E-2