Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unkown rootkit infection


  • This topic is locked This topic is locked
6 replies to this topic

#1 jperry886

jperry886

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 15 June 2010 - 06:38 AM

Hi I have Vipre and MBAM but cannot seem to get this infection out. I have done the dds and gmer but cannot do a full GMER with c: as it locks up before completing.

DDS (Ver_10-03-17.01) - NTFSx86
Run by jperry at 13:34:25.28 on Mon 06/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2276 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.EXE
C:\PROGRA~1\SAAZOD\SAAZRemoteSupport.exe
C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe
C:\PROGRA~1\SAAZOD\RMHLPDSK.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nortel\CallPilot\cpnotifier.exe
C:\Program Files\FacetCorp\FacetWin\fwagent.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jperry\Local Settings\Temporary Internet Files\Content.IE5\168PLRKN\dds[1].scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Skytron
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [My Movies Tray] "c:\program files\binnerup consult\my movies collection management\My Movies Tray.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SBAMTray] "c:\program files\sunbelt software\sbeagent\SBAMTray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\callpi~1.lnk - c:\program files\nortel\callpilot\cpnotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\facetw~1.lnk - c:\program files\facetcorp\facetwin\fwagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 8\SnagIt32.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: AnyDiscHelp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-5-27 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-3-24 204632]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-24 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-24 304464]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\saazod\SAAZDPMACTL.EXE [2010-3-25 81920]
R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2010-3-25 73728]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2010-3-25 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2006-11-21 77824]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\saazod\\saazwatchdog --> c:\progra~1\saazod\\SAAZWatchDog [?]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\sunbelt software\sbeagent\SBAMSvc.exe [2010-4-19 2726000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-5-27 69720]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\sbeagent\SBPIMSvc.exe [2010-4-19 181584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-24 20952]
S2 jzhdnqg;Config Monitor;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2007-7-27 14336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-06-14 16:50:48 0 ----a-w- c:\windows\system32\SBRC.dat
2010-06-10 16:55:45 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{3F7DA0FA-BF46-4992-A214-B3A873786A4A}
2010-06-10 16:54:54 0 d-----w- c:\program files\Zebra Technologies
2010-06-10 16:54:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Font Downloader
2010-06-10 16:54:20 19456 ----a-w- c:\windows\system32\zdnPMntU.dll
2010-06-10 16:54:19 20480 ----a-w- c:\windows\system32\zdnPMntS.dll
2010-06-10 16:52:04 0 d-----w- C:\ZD2642
2010-06-10 16:50:20 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-06-10 16:50:20 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-06-09 20:13:28 0 d-----w- c:\program files\USPS
2010-06-09 15:13:06 0 d-----w- c:\docume~1\jperry\applic~1\E-centives
2010-05-27 13:25:17 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-05-27 13:23:48 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-05-19 14:09:15 24 ----a-w- c:\windows\0F2CB1CCF1B5B2AF.log[20100519_1009].bak

==================== Find3M ====================

2010-06-09 19:22:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 19:22:29 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-09 19:22:29 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-04 14:43:20 23968 ----a-w- c:\windows\fonts\bt_oldstyle.ttf
2010-05-11 20:53:29 13984488 ----a-w- C:\lj90x0pcl5win2kxp2003vista2008.exe
2010-05-11 20:22:53 14289640 ----a-w- C:\HP_CLJ_9500_32bit_2000_XP_S2003_Vista_PCL5.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 12:23:44 45568 ----a-w- c:\windows\fonts\ZebraBarcode.ttf
2010-04-23 12:23:44 153600 ----a-w- c:\windows\system32\zdnNLMNT.dll
2010-04-19 17:48:04 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-04-19 13:53:44 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-23 19:13:54 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 13:35:52.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 20 June 2010 - 12:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.
    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt
"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?
Gringo



Note to self
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] jzhdnqg

Edited by gringo_pr, 20 June 2010 - 12:56 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jperry886

jperry886
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 21 June 2010 - 07:17 AM

Ok here is the log file from combo fix. It all seemed to go well. I left my Vipre and MWB running over the weekend and this morning it seems a lot better.

Attached Files

  • Attached File  log.txt   19.1KB   3 downloads


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 21 June 2010 - 04:29 PM

ComboFix 10-06-20.06 - jperry 06/21/2010 8:03.1.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2462 [GMT -4:00]
Running from: c:\documents and settings\jperry\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://skyapp2
.
((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-20 04:00 . 2010-06-20 04:00 0 ----a-w- c:\windows\system32\SBRC.dat
2010-06-15 15:35 . 2010-06-15 15:35 -------- d-----w- c:\windows\system32\NtmsData
2010-06-15 13:49 . 2010-06-15 13:49 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-06-15 13:49 . 2010-06-15 13:49 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-06-15 13:49 . 2010-06-21 11:54 2 --shatr- c:\windows\winstart.bat
2010-06-15 13:48 . 2010-05-06 17:44 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-06-15 13:48 . 2010-06-21 11:54 -------- d-----w- c:\program files\UnHackMe
2010-06-15 13:47 . 2010-06-15 13:47 -------- d-----w- C:\unhackme
2010-06-15 13:21 . 2010-06-15 13:21 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-11 21:06 . 2010-06-11 21:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2010-06-11 20:49 . 2010-06-11 20:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-06-11 20:48 . 2010-06-11 20:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Sunbelt
2010-06-11 20:47 . 2010-06-11 20:47 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2010-06-10 16:55 . 2010-06-10 16:55 -------- dc----w- c:\windows\system32\DRVSTORE
2010-06-10 16:55 . 2010-06-10 16:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{3F7DA0FA-BF46-4992-A214-B3A873786A4A}
2010-06-10 16:55 . 2010-04-29 13:47 2684274 -c--a-w- c:\documents and settings\All Users\Application Data\{3F7DA0FA-BF46-4992-A214-B3A873786A4A}\TreeFrog.exe
2010-06-10 16:54 . 2010-06-10 16:55 -------- d-----w- c:\program files\Zebra Technologies
2010-06-10 16:54 . 2010-06-10 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Font Downloader
2010-06-10 16:54 . 2010-04-23 12:23 19456 ----a-w- c:\windows\system32\zdnPMntU.dll
2010-06-10 16:54 . 2010-04-23 12:23 20480 ----a-w- c:\windows\system32\zdnPMntS.dll
2010-06-10 16:52 . 2010-06-10 16:52 -------- d-----w- C:\ZD2642
2010-06-10 16:50 . 2008-04-14 04:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-06-10 16:50 . 2008-04-14 04:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-06-09 20:13 . 2010-06-10 19:01 -------- d-----w- c:\documents and settings\jperry\Local Settings\Application Data\ShippingAssistant
2010-06-09 20:13 . 2010-06-09 20:13 -------- d-----w- c:\program files\USPS
2010-06-09 15:13 . 2010-06-09 15:13 -------- d-----w- c:\documents and settings\jperry\Application Data\E-centives
2010-06-09 15:13 . 2010-06-09 15:13 423464 ----a-w- c:\documents and settings\jperry\Application Data\E-centives\BSTIEPrintCtl1.dll
2010-05-27 13:25 . 2010-01-04 10:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-05-27 13:23 . 2010-01-04 10:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-05-27 13:21 . 2010-05-27 13:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Sunbelt
2010-05-27 13:21 . 2010-01-04 21:39 144720 ----a-w- c:\documents and settings\All Users\Application Data\Sunbelt\AntiMalware\Upgrade\SBEAgentUpgrader.exe
2010-05-27 13:21 . 2010-01-04 21:02 656720 ----a-w- c:\documents and settings\All Users\Application Data\Sunbelt\AntiMalware\Upgrade\SBSDKXML.dll
2010-05-26 02:54 . 2010-05-26 02:54 61440 ----a-w- c:\documents and settings\jperry\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-581ffa37-n\decora-sse.dll
2010-05-26 02:54 . 2010-05-26 02:54 12800 ----a-w- c:\documents and settings\jperry\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-581ffa37-n\decora-d3d.dll
2010-05-26 02:54 . 2010-05-26 02:54 503808 ----a-w- c:\documents and settings\jperry\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5ad8b59d-n\msvcp71.dll
2010-05-26 02:54 . 2010-05-26 02:54 499712 ----a-w- c:\documents and settings\jperry\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5ad8b59d-n\jmc.dll
2010-05-26 02:54 . 2010-05-26 02:54 348160 ----a-w- c:\documents and settings\jperry\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5ad8b59d-n\msvcr71.dll
2010-05-24 18:49 . 2010-05-24 18:49 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 12:07 . 2010-03-24 14:58 -------- d-----w- c:\program files\SAAZOD
2010-06-21 11:48 . 2010-03-24 16:59 -------- d-----w- c:\program files\LogMeIn
2010-06-18 14:43 . 2010-03-24 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-06-17 15:29 . 2010-03-23 20:45 87304 ----a-w- c:\documents and settings\jperry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-16 16:29 . 2010-03-31 13:38 -------- d-----w- c:\documents and settings\jperry\Application Data\uTorrent
2010-06-16 02:54 . 2010-04-21 02:54 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-09 19:22 . 2010-03-24 16:59 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 19:22 . 2010-03-24 16:59 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 19:22 . 2010-03-24 16:59 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-02 15:04 . 2010-03-24 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 14:11 . 2010-04-05 16:49 -------- d-----w- c:\program files\uTorrent
2010-05-11 20:54 . 2010-05-11 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-05-11 20:53 . 2010-05-11 20:53 13984488 ----a-w- C:\lj90x0pcl5win2kxp2003vista2008.exe
2010-05-11 20:22 . 2010-05-11 20:22 14289640 ----a-w- C:\HP_CLJ_9500_32bit_2000_XP_S2003_Vista_PCL5.exe
2010-04-29 19:39 . 2010-03-24 15:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-24 15:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 12:23 . 2010-04-23 12:23 153600 ----a-w- c:\windows\system32\zdnNLMNT.dll
2010-04-19 17:48 . 2010-04-19 17:48 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-04-19 13:54 . 2010-04-19 13:54 503808 ----a-w- c:\documents and settings\jperry\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-26bced9c-n\msvcp71.dll
2010-04-19 13:54 . 2010-04-19 13:54 499712 ----a-w- c:\documents and settings\jperry\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-26bced9c-n\jmc.dll
2010-04-19 13:54 . 2010-04-19 13:54 348160 ----a-w- c:\documents and settings\jperry\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-26bced9c-n\msvcr71.dll
2010-04-19 13:54 . 2010-04-19 13:54 61440 ----a-w- c:\documents and settings\jperry\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6c33dbba-n\decora-sse.dll
2010-04-19 13:54 . 2010-04-19 13:54 12800 ----a-w- c:\documents and settings\jperry\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6c33dbba-n\decora-d3d.dll
2010-04-19 13:53 . 2010-04-19 13:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-24 20:02 . 2010-03-24 18:54 25214 ----a-r- c:\documents and settings\jperry\Application Data\Microsoft\Installer\{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}\NewShortcut1_D93B70D24DA44F6F9DC872D08F74A386.exe
2010-03-24 20:02 . 2010-03-24 18:54 25214 ----a-r- c:\documents and settings\jperry\Application Data\Microsoft\Installer\{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}\ARPPRODUCTICON.exe
2010-03-24 15:41 . 2010-03-24 15:34 37646688 ----a-w- c:\documents and settings\All Users\Application Data\My Movies\SQLEXPR32.EXE
2010-03-24 15:34 . 2010-03-24 15:34 2745256 ----a-w- c:\documents and settings\All Users\Application Data\My Movies\vcredist_x86.exe
2010-03-24 15:08 . 2010-03-24 15:08 0 ----a-w- c:\windows\system32\SBFC.dat
2010-03-24 13:06 . 2010-03-24 13:06 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-24 12:17 . 2010-03-24 12:15 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-03-23 20:17 . 2010-03-23 19:15 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-23 20:06 . 2010-03-23 20:06 8 ----a-w- c:\windows\system32\nvModes.dat
2010-03-23 19:13 . 2010-03-23 19:13 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2007-07-27 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-03-09 3328960]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2010-05-21 594200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-30 8523776]
"nwiz"="nwiz.exe" [2007-11-30 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-30 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2006-09-14 503808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"My Movies Tray"="c:\program files\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe" [2010-03-20 325080]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-04-12 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-04 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2010-04-19 1275216]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CallPilot MWI Icon.lnk - c:\program files\Nortel\CallPilot\cpnotifier.exe [2009-6-29 1142881]
FacetWin Agent.lnk - c:\program files\FacetCorp\FacetWin\fwagent.exe [2010-3-24 102400]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-09 19:22 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\FacetCorp\\FacetWin\\fwagent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6857:TCP"= 6857:TCP:ysydgas

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/27/2010 9:23 AM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [3/24/2010 11:05 AM 204632]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 3:09 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/24/2010 11:09 AM 304464]
R2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [9/2/2003 3:03 PM 20064]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.EXE [3/25/2010 4:00 AM 81920]
R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [3/25/2010 4:00 AM 73728]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [3/25/2010 4:00 AM 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [11/21/2006 2:18 PM 77824]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\\SAAZWatchDog --> c:\progra~1\SAAZOD\\SAAZWatchDog [?]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [4/19/2010 1:48 PM 2726000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/27/2010 9:25 AM 69720]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\SBEAgent\SBPIMSvc.exe [4/19/2010 1:47 PM 181584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/24/2010 11:09 AM 20952]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [6/15/2010 9:49 AM 35816]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/27/2007 8:00 AM 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - UnHackMeDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{2D6DED35-E1E1-4DD5-A436-FB4260D3D3C3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 08:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAAZWatchDog]
"ImagePath"="c:\progra~1\SAAZOD\\SAAZWatchDog"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1224)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-06-21 08:12:35
ComboFix-quarantined-files.txt 2010-06-21 12:12

Pre-Run: 226,317,201,408 bytes free
Post-Run: 226,337,603,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0202DF16CFC42EC1C09D2BE2E9F9AF28

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 21 June 2010 - 04:46 PM

Hello

These logs look good

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 25 June 2010 - 03:14 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 29 June 2010 - 03:26 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users