Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with zeioki.exe malware?


  • This topic is locked This topic is locked
5 replies to this topic

#1 RyanB

RyanB

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 15 May 2010 - 12:54 AM

In my task manager there is a prosses called zeioki.exe and it is using 30% of my cpu. I have reasons to believe it is a virus.
When i try to end the process a message comes up saying 'task manager has stopped working' and my only option is to close the task manager.
Is this a virus? and does anyone know how to get rid of it?
P.s I have windows 7.

Also, their is a autorun.inf virus on my usb and when i try to delete it, it says something like 'cannot delete as zeioki.exe is using it'.

Also, before all this, my virus protection (trend micro) asked me if I wanted to allow or block zeioki.exe from making changes to my computer, it said its publisher was microsoft so i allowed it and the security risk was stated as low. My virus protection said that the risk was that it could change my dll or dl or something like that i cant really remember. And now sometimes it says unknown publisher and other times microsoft is stated as the publisher.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Ryan at 17:19:37.57 on Sat 15/05/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.2975.1933 [GMT 12:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Ryan\zeioki.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ryan\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ryan\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://nz.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_NZ&c=94&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_NZ&c=94&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_NZ&c=94&bd=Presario&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [zeioki] c:\users\ryan\zeioki.exe
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
StartupFolder: c:\users\ryan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-system: WallpaperStyle = 2
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-nz\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://arcww.vo.llnwd.net/o37/seekr/MCD/Plugin/DFusionHomeWebPlugIn.Installer.exe
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-30 146448]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2009-3-2 81920]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-4-14 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-30 283152]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-15 228408]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-27 122368]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-30 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-1-14 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-1-14 689416]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-1 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2010-2-24 562464]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-25 167424]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-27 1343400]

=============== Created Last 30 ================

2010-05-15 05:15:27 0 ----a-w- c:\users\ryan\defogger_reenable
2010-05-13 05:21:45 13310 ----a-w- c:\users\ryan\vtimq.exe
2010-05-13 05:21:27 13310 ----a-w- c:\users\ryan\lijwn.exe
2010-05-13 04:50:38 13310 ----a-w- c:\users\ryan\mufcj.exe
2010-05-13 04:49:00 13310 ----a-w- c:\users\ryan\kivkaw.exe
2010-05-13 04:43:03 13310 ----a-w- c:\users\ryan\tdaxkpf.exe
2010-05-12 09:04:40 13310 ----a-w- c:\users\ryan\qxseebj.exe
2010-05-12 08:51:01 0 d-----w- c:\users\ryan\appdata\roaming\Uniblue
2010-05-12 08:16:53 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-28 05:52:22 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-04-28 05:52:22 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-28 05:05:46 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 05:05:43 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 05:05:43 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-27 07:31:14 3612600 ----a-w- c:\windows\system32\GameMon.des
2010-04-27 07:28:22 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2010-04-27 07:28:22 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-04-27 07:28:02 0 d-----w- c:\program files\common files\INCA Shared
2010-04-26 04:59:01 0 d-----w- c:\program files\ijji
2010-04-24 23:38:18 0 d-----w- C:\.jagex_cache_32
2010-04-23 06:11:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 05:44:35 0 d-----w- c:\programdata\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2010-04-21 05:31:21 81920 --sh--r- c:\users\ryan\zeioki.exe

==================== Find3M ====================

2010-03-23 02:53:06 940544 ----a-w- c:\windows\system32\stapo.dll
2010-03-23 02:53:06 536576 ----a-w- c:\windows\system32\idtmini1.exe
2010-03-23 02:53:06 527872 ----a-w- c:\windows\system32\stapi32.dll
2010-03-23 02:53:06 495708 ----a-w- c:\windows\sttray.exe
2010-03-23 02:53:06 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-03-23 02:53:06 405504 ----a-w- c:\windows\system32\stcplx.dll
2010-03-23 02:53:06 3354624 ----a-w- c:\windows\system32\stlang.dll
2010-03-23 02:53:06 175616 ----a-w- c:\windows\system32\staco.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-23 17:07:08 226592 ----a-w- c:\windows\system32\RaCoInst.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 04:37:58 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-02-20 04:37:54 268824 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-02-20 04:37:54 141848 ----a-w- c:\windows\system32\igfxtray.exe
2010-02-20 04:37:52 167960 ----a-w- c:\windows\system32\igfxpers.exe
2010-02-20 04:37:50 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-02-20 04:37:50 175640 ----a-w- c:\windows\system32\hkcmd.exe
2010-02-20 04:37:48 3152408 ----a-w- c:\windows\system32\GfxUI.exe
2010-02-20 04:29:32 81920 ----a-w- c:\windows\system32\igfxCoIn_v2086.dll
2010-02-20 04:18:04 4950528 ----a-w- c:\windows\system32\igdumd32.dll
2010-02-20 04:16:10 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2010-02-20 04:16:08 982240 ----a-w- c:\windows\system32\igkrng500.bin
2010-02-20 04:16:08 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2010-02-20 04:14:08 564224 ----a-w- c:\windows\system32\igdumdx32.dll
2010-02-20 04:06:28 4340224 ----a-w- c:\windows\system32\igd10umd32.dll
2010-02-20 03:51:30 11027456 ----a-w- c:\windows\system32\ig4icd32.dll
2010-02-20 03:36:16 260096 ----a-w- c:\windows\system32\igfxTMM.dll
2010-02-20 03:36:14 200704 ----a-w- c:\windows\system32\igfxpph.dll
2010-02-20 03:36:06 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-02-20 03:35:50 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-02-20 03:35:28 130560 ----a-w- c:\windows\system32\igfxdo.dll
2010-02-20 03:35:18 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-02-20 03:35:08 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-02-20 03:35:06 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-02-20 03:35:04 227328 ----a-w- c:\windows\system32\igfxdev.dll
2010-02-20 03:34:50 9030656 ----a-w- c:\windows\system32\igfxress.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 23:06:01 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:20:08.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 15 May 2010 - 03:15 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.
If you follow these instructions, everything should go smoothly.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 RyanB

RyanB
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 15 May 2010 - 08:39 PM

Hi gringo,
here are some problems i had with combofix
first of all when i went to print the instructions a window came up saying 'problem with shortcut, The file or folder 'zeioki.scr' that this shortcut refers to can't be found.'
however i was sril able to print. But when i tryed to close the window anotherone popped up until i unplugged my laptop from the printer and closed the word document i was printing.

I then closed all windows and turned off my antivirus, antispyware and firewall.

Next, when i double clicked on the combofix icon my anti virus (trend micro) notified me that pev.exe wanted to do something with security policy modification
and that it was high risk, so trend micro automaticaly blocked it.
Then combofix was preparing to run.
Then PEV.cfxxe also wanted to do something. Trend micro stated it as low risk and the window wouldnt go away untill i stated whether or not i wanted to block or allow.
I pressed block and the window disnt go away, so i then pressed allow and the windo eventually went away.
Then Catchme.tmp wanted to do something and trend micro considered it a low risk and wanted me to chose whether to allow or block but i didnt chose one and the window eventually went away.
Combofix then said it was doing a scan but after awile a window popped up telling me combofix way have not installed propperly. So i clicked the button to do it with compatibility with my system or something like that. Nothing happened so after awhile i double clicked the combofix icon, again i was notified by trend micro of all those things that wanted to run and i didnt click allow or block for any of them. But this time combofix didnt do anything. So i deleted combofix and reinstalled it from the same link and it did the same thing that happened last time.

Also, when i turned on my computer this morning i got a message from trend micro asking whether i wanted to allow or block zeioki.exe from making changes to my computer. This is exactely what happened the very first time when i allowed it. It still said its publisher was microsoft but this time i blocked it.

Could you please help me with any more information on what to do? Thx Ryan.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 15 May 2010 - 09:54 PM

Good evening Ryan

Please turn off Mcafee while doing this scan - Mcafee see's Combofix as a threat but trust me it is not.

You will have to download combofix again while Mcafee is off.

Gringo

Edited by gringo_pr, 15 May 2010 - 09:55 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 18 May 2010 - 01:40 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 24hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:33 AM

Posted 21 May 2010 - 01:16 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users