Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SaveKeep Malware - Malwarebytes' won't run


  • Please log in to reply
6 replies to this topic

#1 iWebbIt

iWebbIt

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milford, DE
  • Local time:11:51 AM

Posted 18 August 2009 - 12:00 PM

I am working on a clients computer infected with SaveKeep.

SaveKeep Malware running,

OS XP Pro Version 2002 SP3
I have tried to run Malwarebytes' and it won't start up/run. I did find another post within this forum where instructions were to run DDS, so I have and have placed the information as prompted.

DDS.txt - below


DDS (Ver_09-07-30.01) - NTFSx86
Run by janice at 12:40:30.01 on Tue 08/18/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.176 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090817-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Nicole\janice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Nicole\LOCALS~1\Temp\szn0hs0t.exe
C:\Documents and Settings\Nicole\Desktop\Connect To Kit.exe
C:\DOCUME~1\Nicole\LOCALS~1\Temp\7zSBAC.tmp\winvnc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Nicole\Desktop\mbam-setup.exe
C:\Documents and Settings\Nicole\Desktop\mbam-setup.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\For Kit\dds.pif

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.dell4me.com/myway
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [janice] c:\documents and settings\nicole\janice.exe
uRun: [szn0hs0t.exe] c:\windows\system32\szn0hs0t.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [<NO NAME>]
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\nicole\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\nicole\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\documents and settings\nicole\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\nicole\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: delmls.com\www
Trusted Zone: getoffutt.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0D9633EB-D799-4626-B34E-FCC17AFA2BCF} - hxxp://www.delmls.com/sus/valid/osi_valid9j.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup152.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://intouchhometours.com/download/XUpload.ocx
DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - hxxp://216.249.24.62/code/iPIX-ImageWell-ipix.cab
TCP: {28EEDB98-3B6B-4F96-AA9E-D440B75FC65B} = 151.197.0.39,151.197.0.38
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-18 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-18 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-18 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-18 352920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-9 99376]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-18 24652]

=============== Created Last 30 ================

2009-08-17 03:01 14,647 a------- c:\windows\5932szars95056.bin
2009-08-15 17:46 14,391 a------- c:\windows\system32\350a9d5zare569.dll
2009-08-15 15:22 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-15 03:10 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-15 03:07 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 03:07 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-15 03:07 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 03:07 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-15 03:07 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 03:07 <DIR> --d----- C:\69df60da93be7729bb9e
2009-08-15 03:07 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-15 03:07 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-14 22:45 13,389 a------- c:\windows\system32\5df5sza9se23845.exe
2009-08-14 07:16 6,989 a------- c:\windows\system32\55z5spyware2195.ocx
2009-08-14 04:29 3,011 a------- c:\windows\573t5ojzfe9.dll
2009-08-13 00:28 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 00:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-12 11:18 9,520 a------- c:\windows\3847spyw9re1953z.exe
2009-08-11 12:48 18,003 a------- c:\windows\3889do5nzoader1643.exe
2009-08-11 09:18 11,303 a------- c:\windows\7d95backdoor208z.dll
2009-08-10 21:15 12,899 a------- c:\windows\4975azdw5re303.dll
2009-08-10 18:58 12,271 a------- c:\windows\20093spy75z.exe
2009-08-08 22:02 13,349 a------- c:\windows\40f5zackd5or948.ocx
2009-08-06 12:32 3,199 a------- c:\windows\system32\39z0downl5ader186.cpl
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 15:32 15,522 a------- c:\windows\f7zspyw9re258.cpl
2009-08-04 13:25 6,671 a------- c:\windows\system32\5cz4vir15395.dll
2009-08-03 12:01 2,866 a------- c:\windows\system32\1539thief1853z.cpl
2009-08-03 08:39 4,678 a------- c:\windows\239csparsz1745.cpl
2009-08-02 08:36 8,060 a------- c:\windows\system32\5adcth5ef19z9.cpl
2009-08-01 11:20 15,052 a------- c:\windows\29a2t9reatz3795.ocx
2009-08-01 10:19 13,999 a------- c:\windows\system32\24520not-azv9r5s43f.bin
2009-08-01 04:45 16,602 a------- c:\windows\159z7troj127.dll
2009-07-30 08:59 <DIR> --dsh--- c:\documents and settings\nicole\PrivacIE
2009-07-30 08:51 <DIR> --dsh--- c:\documents and settings\nicole\IETldCache
2009-07-30 08:46 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-30 08:46 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-30 08:45 <DIR> --d----- c:\windows\ie8updates
2009-07-30 08:45 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-07-30 08:43 <DIR> -cd-h--- c:\windows\ie8
2009-07-29 09:03 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-29 09:03 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-28 16:21 11,562 a------- c:\windows\system32\7957downlzader1435.cpl
2009-07-28 09:06 <DIR> --d----- c:\docume~1\nicole\applic~1\Malwarebytes
2009-07-28 06:49 9,879 a------- c:\windows\4b85sze9l3017.bin
2009-07-27 20:03 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 20:03 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-27 20:03 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 20:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-27 17:04 17,153 a------- c:\windows\57z8spyware22749.cpl
2009-07-27 09:31 61,440 a------- c:\windows\system32\ndisapi.dll
2009-07-27 09:31 24,576 a------- c:\windows\system32\drivers\ndisrd.sys
2009-07-27 09:30 <DIR> --d----- c:\program files\common files\Uninstall
2009-07-26 00:17 9,629 a------- c:\windows\13335hac9zool155.cpl
2009-07-25 20:24 5,315 a------- c:\windows\system32\10779not-a-vi5us44z.exe
2009-07-25 17:22 11,689 a------- c:\windows\29c5ad5warz1421.bin
2009-07-24 11:46 297 a------- c:\documents and settings\nicole\EOJNYV.bat
2009-07-24 11:46 196,608 a------- c:\documents and settings\nicole\LNBTSP.exe
2009-07-24 11:44 40,960 ---shr-- c:\documents and settings\nicole\janice.exe
2009-07-24 11:16 158 a------- c:\windows\ricdb.ini
2009-07-24 11:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RICOH
2009-07-23 16:08 9,015 a------- c:\windows\20209spamzo59b2.ocx
2009-07-23 08:45 58 a------- c:\windows\system32\sys.bat
2009-07-22 17:08 11,000 a------- c:\windows\system32\398bback5o9r99z.dll
2009-07-22 10:15 12,530 a------- c:\windows\system32\54d4zh9ef1024.ocx
2009-07-19 21:20 7,544 a------- c:\windows\10fc9hie5149z.exe

==================== Find3M ====================

2009-08-18 10:55 40,464 a------- c:\docume~1\nicole\applic~1\wklnhst.dat
2009-08-05 05:01 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-15 19:36 17,421 a------- c:\windows\6fd4thr9a519582z.dll
2009-07-14 17:30 5,717 a------- c:\windows\91553wozm5d9.exe
2009-07-14 15:36 4,982 a------- c:\windows\49a89hief285z.bin
2009-07-14 05:56 6,421 a------- c:\windows\150225zo92db.exe
2009-07-14 03:20 10,111 a------- c:\windows\system32\19z07virus415.exe
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-11 11:58 4,820 a------- c:\windows\2088z9irus4985.bin
2009-07-08 04:25 7,135 a------- c:\windows\system32\58339pywarez31.exe
2009-07-07 09:41 8,999 a------- c:\windows\3387t95eaz20416.dll
2009-07-05 03:13 3,265 a------- c:\windows\2z07st5al3099.bin
2009-07-04 01:44 4,994 a------- c:\windows\5369thief17z99.bin
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-02 14:10 2,862 a------- c:\windows\60sparse9115z.exe
2009-07-01 12:46 11,924 a------- c:\windows\2a9cthreat591z7.bin
2009-06-29 12:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-26 22:16 5,309 a------- c:\windows\5324sp97c4z.dll
2009-06-24 19:34 13,149 a------- c:\windows\67a4szyw9re2593.exe
2009-06-21 10:03 9,951 a------- c:\windows\system32\16662spz59d.dll
2009-06-20 07:33 7,030 a------- c:\windows\z759spa9se1914.exe
2009-06-18 10:53 17,739 a------- c:\windows\95d0s5ywarz43.exe
2009-06-17 13:14 2,804 a------- c:\windows\system32\256919py455z.exe
2009-06-17 03:43 8,229 a------- c:\windows\38d2zpar5e1951.bin
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-15 20:56 14,642 a------- c:\windows\fz6ste952664.bin
2009-06-14 01:00 11,602 a------- c:\windows\zb38addware2539.dll
2009-06-12 08:31 80,896 -------- c:\windows\system32\tlntsess.exe
2009-06-12 08:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:16 14,873 a------- c:\windows\system32\22401worz159.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\wkssvc.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-10 00:21 16,045 a------- c:\windows\system32\225699ackz5ol271.exe
2009-06-07 18:34 6,431 a------- c:\windows\775fthreat458z9.bin
2009-06-06 23:42 13,483 a------- c:\windows\system32\45f9addware257z.bin
2009-06-05 20:52 12,789 a------- c:\windows\system32\480vi5usz589.exe
2009-06-04 15:38 4,325 a------- c:\windows\system32\2959zspam5ot32a.bin
2009-06-03 23:09 16,361 a------- c:\windows\system32\z26fsp5ware439.exe
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 13:46 16,056 a------- c:\windows\2z489w9rm405.bin
2009-05-28 07:08 6,282 a------- c:\windows\system32\96aaste5lz68.bin
2009-05-27 21:45 13,218 a------- c:\windows\9z19vir551.exe
2009-05-27 04:51 12,293 a------- c:\windows\509faddzare26929.exe
2009-05-26 14:18 6,046 a------- c:\windows\391d5dzware2022.bin
2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
2009-05-24 00:42 7,914 a------- c:\windows\957dzwnloader2925.exe
2009-05-22 19:25 10,069 a------- c:\windows\system32\5z760not-9-virus16c.dll
2009-02-18 17:14 102,640 a------- c:\docume~1\nicole\applic~1\GDIPFONTCACHEV1.DAT
2008-09-19 03:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat

============= FINISH: 12:41:31.79 ===============

been looking for method/button to attach "Attach.zip" but do not see it yet. So I am posting this first.

Thanks for your help
Kit


I've been looking to see how to attach file as instructed in previous topic/thread and I do not see any way to do so.

File is zipped, I can provide a link upon request. Thanks again

Edited by iWebbIt, 18 August 2009 - 12:07 PM.


BC AdBot (Login to Remove)

 


#2 Qtek

Qtek

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:09:51 AM

Posted 18 August 2009 - 02:25 PM

I am not finished cleaning my daughters computer but a good start is to delete "szn0hs0t.exe" I found it in C:\Windows\System32 and in a temp folder in her C:\Documents and Settings. I also deleted it in the registery so the computer wouldn't be looking for it.

Edited by Qtek, 18 August 2009 - 02:39 PM.

May the Force Be with You, Always!

#3 Qtek

Qtek

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:09:51 AM

Posted 18 August 2009 - 03:01 PM

My daughters computer works fine with just those changes but I would like to find out what else needs to be deleted.
May the Force Be with You, Always!

#4 iWebbIt

iWebbIt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milford, DE
  • Local time:11:51 AM

Posted 18 August 2009 - 03:14 PM

Thanks Qtek, I'll check that out...

#5 iWebbIt

iWebbIt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milford, DE
  • Local time:11:51 AM

Posted 18 August 2009 - 03:26 PM

Yea, I found SZN0HS0T.EXE in the windows32 directory but I also found SZN0HS0T.EXE-203B24BE.pf in the windows prefetch directory, did you end up deleting that one too?

-Kit

Edited by iWebbIt, 18 August 2009 - 03:33 PM.


#6 Qtek

Qtek

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:09:51 AM

Posted 19 August 2009 - 08:37 AM

Yea, I found SZN0HS0T.EXE in the windows32 directory but I also found SZN0HS0T.EXE-203B24BE.pf in the windows prefetch directory, did you end up deleting that one too?
I will now, :thumbsup: Thanks
-Kit


May the Force Be with You, Always!

#7 iWebbIt

iWebbIt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milford, DE
  • Local time:11:51 AM

Posted 19 August 2009 - 11:37 AM

Thanks Qtek for your help yesterday. The system I am working on is at least stable and void of those irritating alerts but I am still unable to run Malwarebytes. I'm doing all of this remotely at this point (until Monday) so I am hoping that I'll get some more feed back to move me in that direction.

-Kit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users