Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Malware removed. Help Please


  • This topic is locked This topic is locked
5 replies to this topic

#1 bikept

bikept

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 20 March 2012 - 05:34 PM

Malwarebytes only runs in safe mode with or without networking or it shuts down after a few seconds of scanning. Superantispyware will not complete even in safe mode. GMER shut down when starting up. JV16 power tools shut down when I tried to look at startup programs. I am displaying the DDS.txt below.
I greatly appreciate your help.
Thanks in advance

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Alan at 18:20:05 on 2012-03-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2346 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Returnil System Safe 2011 *Disabled/Updated* {535A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
d:\Program Files\Mamutu\a2service.exe
d:\Program Files\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
D:\Program Files\Superantispyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PrintCtrl.exe
D:\Program Files\Macrium\Reflect\ReflectService.exe
d:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\abit\abit uGuru\AirPaceWifi.exe
C:\Program Files\Common Files\Chameleon Manager\monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Process Lasso\processlasso.exe
D:\Program Files\Process Lasso\processgovernor.exe
C:\WINDOWS\system32\PrintDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\PROGRAM FILES\MAMUTU\mamutu.exe
D:\Program Files\Investintech.com Inc\Sonic PDF Creator\3.0\itSONPrnDisp.exe
D:\Program Files\Zentimo\Zentimo.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Ashampoo\Ashampoo Office 2010\smash.exe
D:\Program Files\Sticky Password\stpass.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Browny02\BrYNSvc.exe
D:\Program Files\Secunia\PSI\psi_tray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
d:\Program Files\Secunia\PSI\sua.exe
c:\documents and settings\alan\application data\dropbox\bin\Dropbox.exe
d:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe
c:\program files\nuance\paperport\pptd40nt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [Google Update] "c:\documents and settings\alan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [fsm]
uRun: [SMASH] "d:\program files\ashampoo\ashampoo office 2010\smash.exe"
uRun: [StickyPassword] "d:\program files\sticky password\stpass.exe"
uRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [AirPaceWifi] "c:\program files\abit\abit uguru\AirPaceWifi.exe" -nogui
mRun: [NWEReboot]
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [Chameleon System Monitor] c:\program files\common files\chameleon manager\monitor.exe /startup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ProcessLassoManagementConsole] "d:\program files\process lasso\processlasso.exe"
mRun: [ProcessGovernor] "d:\program files\process lasso\processgovernor.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [TrayServer] "d:\program files\magix\movie_edit_pro_15_silver\TrayServer.exe"
mRun: [PrintDisp] "c:\windows\system32\PrintDisp.exe"
mRun: [Gadgetlabs_Gui] c:\windows\system32\gadgetlabs_gui_32.exe
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Mamutu Guard] "d:\program files\mamutu\mamutu.exe" /silent
mRun: [Sonic PDF Print Dispatcher] d:\program files\investintech.com inc\sonic pdf creator\3.0\itSONPrnDisp.exe
mRun: [Zentimo xStorage Manager] d:\program files\zentimo\Zentimo.exe /startup
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\desktop_test.ini
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - d:\program files\secunia\psi\psi_tray.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
Trusted Zone: aol.com\free
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1293238937359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61
TCP: Interfaces\{7401B8EC-D5DF-4254-B26D-DB2E1F260A31} : DhcpNameServer = 192.168.1.1 209.18.47.61
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\system32\cssdll32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
mASetup: Nitro PDF Professional - cscript //B "d:\program files\nitro pdf\professional\RemoveOldAddins.vbs"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alan\application data\mozilla\firefox\profiles\bf4bfy4m.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll
FF - plugin: d:\program files\sticky password\npSPAutofill.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [2011-7-1 58808]
R1 a2injectiondriver;a2injectiondriver;d:\program files\mamutu\a2dix86.sys [2012-2-25 34768]
R1 a2util;a-squared Malware-IDS utility driver;d:\program files\mamutu\a2util32.sys [2012-2-25 11776]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-25 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-25 24336]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 103112]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [2011-6-24 276104]
R1 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [2011-6-24 43712]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [2011-6-24 31096]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [2011-10-25 37280]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-4-25 700152]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
R2 Mamutu;Mamutu Service;d:\program files\mamutu\a2service.exe [2012-2-25 2978720]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-12 652360]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2010-12-6 77824]
R2 ReflectService;Macrium Reflect Image Mounting Service;d:\program files\macrium\reflect\ReflectService.exe [2009-11-12 220128]
R2 Secunia PSI Agent;Secunia PSI Agent;d:\program files\secunia\psi\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\secunia\psi\sua.exe [2010-12-21 399416]
R2 ZentimoService;Zentimo Assistant;d:\program files\zentimo\ZentimoService.exe [2011-12-12 259072]
R3 a2acc;a2acc;d:\program files\mamutu\a2accx86.sys [2012-2-25 51632]
R3 AR2425;abit AirPace Wi-Fi Wireless Network Adapter Service;c:\windows\system32\drivers\aw5006.sys [2009-5-3 556832]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-12-24 245760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-12 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-20 40776]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-6 136176]
S2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [2002-9-3 19296]
S2 RVSMONBL;Returnil System Safe Core Service;"c:\program files\returnil\rss\rvsmon.exe" -log "c:\documents and settings\all users\application data\returnil\rvs3\log\rvs3.log" -errlevel 3 --> c:\program files\returnil\rss\rvsmon.exe [?]
S3 ABIT-IO;ABIT-IO;\??\c:\documents and settings\alan\abit-io.sys --> c:\documents and settings\alan\ABIT-IO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-31 1691480]
S3 cpuz132;cpuz132;\??\c:\docume~1\alan\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\alan\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DfSdkS;Defragmentation-Service;d:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-9-5 406016]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\magix\common\database\bin\fbserver.exe [2010-11-25 1527900]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-6 136176]
S3 RGService;RGService;d:\program files\radioget\RGService.exe [2009-10-1 335872]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 rvseng;rvseng;c:\windows\system32\drivers\rvseng.sys [2011-6-24 1091992]
S3 WavePro;Service for GadgetLabs WavePro Driver;c:\windows\system32\drivers\gadgetlabs_driver_32.sys [2011-3-29 134656]
.
=============== Created Last 30 ================
.
2012-03-20 09:50:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-20 00:03:26 -------- d-----w- c:\documents and settings\alan\application data\SUPERAntiSpyware.com
2012-03-20 00:00:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-17 18:46:26 134072 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-03-17 18:46:24 97208 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-03-17 18:46:24 801720 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-03-17 18:46:24 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-03-17 18:46:24 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-03-17 18:46:24 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-03-17 18:46:24 44984 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-03-17 18:46:24 437176 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-03-17 18:46:24 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-03-17 18:46:24 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-03-17 18:46:24 1911736 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-03-17 18:46:24 15800 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-03-11 21:45:31 -------- d-----w- c:\program files\common files\PS
2012-03-11 21:45:30 1455616 ----a-w- c:\windows\system32\iSED.dll
2012-03-11 21:45:28 110592 ----a-w- c:\windows\system32\itPCR2PortMon.dll
2012-02-25 10:33:57 -------- d-----w- c:\documents and settings\alan\.rainlendar2
2012-02-24 11:09:08 -------- d-----w- c:\documents and settings\alan\local settings\application data\Proxure
2012-02-24 11:09:06 -------- d-----w- c:\documents and settings\all users\application data\ClubSanDisk
2012-02-21 23:58:07 -------- d-----w- c:\program files\MyKeyFinder
.
==================== Find3M ====================
.
2012-03-10 14:14:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-03 19:58:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-03 19:58:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:20:52.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:21 AM

Posted 22 March 2012 - 11:46 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bikept

bikept
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 23 March 2012 - 07:11 PM

Gringo,
I did not yet try Combofix. I tried turning off all my security and Malwarebytes and Superantispyware both ran to completion and found no problems. I think I am in the clear.
Thanks
bikept

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:21 AM

Posted 23 March 2012 - 08:15 PM

we can still run the scans to make sure it is all clean



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:21 AM

Posted 26 March 2012 - 08:54 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:21 AM

Posted 28 March 2012 - 11:14 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users