Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

zbot trojan suspected but not found

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

zbot trojan suspected but not found

Unread postby trammina » April 1st, 2011, 5:14 am

my internet banking has locked my code for entering and told me that j have a zbot infection. but j can't find it in my pc. j have scan with antivirus and malwarebyte windows defender in save mode too but nothing. thank you for your help j hope to do the right way of posting what you ask for.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Erika at 10:56:19,87 on 01/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3894.2418 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Erika\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2418376
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Erika\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\17c3by8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?client=firef ... con+Google
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-11 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-25 202752]
R2 AntiVirScheduler;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-30 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-30 269480]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-3-30 83120]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-3-9 92592]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-2-11 2320920]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-2-11 228408]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-16 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-11 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-10 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-03-31 22:08:00 -------- d-----w- C:\Users\Erika\AppData\Local\{2CB1126A-F361-4F47-857F-1B514B371B5B}
2011-03-31 10:07:36 -------- d-----w- C:\Users\Erika\AppData\Local\{EE237404-5858-49B1-A59E-9E74166CF7C6}
2011-03-30 22:07:11 -------- d-----w- C:\Users\Erika\AppData\Local\{86691E00-723F-4410-A228-24DAC1C55830}
2011-03-30 08:30:35 -------- d-----w- C:\Users\Erika\AppData\Local\{0ACC5D53-5A40-4484-B0EA-9D483B4F9D33}
2011-03-29 22:03:22 -------- d-----w- C:\Users\Erika\AppData\Roaming\Avira
2011-03-29 22:02:41 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-03-29 22:02:41 -------- d-----w- C:\Program Files (x86)\Avira
2011-03-29 22:02:41 -------- d-----w- C:\PROGRA~3\Avira
2011-03-29 21:18:05 -------- d-----w- C:\Program Files\AVAST Software
2011-03-29 21:15:59 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-29 21:01:16 98816 ----a-w- C:\Windows\sed.exe
2011-03-29 21:01:16 89088 ----a-w- C:\Windows\MBR.exe
2011-03-29 21:01:16 256512 ----a-w- C:\Windows\PEV.exe
2011-03-29 21:01:16 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-29 20:24:25 -------- d-----w- C:\Users\Erika\AppData\Local\{21A1C157-719D-4FEA-9884-970902F8902F}
2011-03-29 18:10:18 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A7B10713-C906-4C67-9986-94A0015B0FDE}\mpengine.dll
2011-03-29 07:49:08 -------- d-----w- C:\Users\Erika\AppData\Local\{ABDCCAB0-CD14-476F-9786-122214370491}
2011-03-28 23:27:14 -------- d-----w- C:\Users\Erika\AppData\Local\{8FD64B00-4B26-457F-895D-A74D452ED894}
2011-03-28 19:54:47 -------- d-----w- C:\Users\Erika\AppData\Roaming\AVG10
2011-03-28 19:54:21 -------- d--h--w- C:\PROGRA~3\Common Files
2011-03-28 19:53:57 -------- d-----w- C:\PROGRA~3\AVG10
2011-03-28 19:47:40 -------- d-----w- C:\PROGRA~3\MFAData
2011-03-28 19:27:00 -------- d-----w- C:\Program Files\CCleaner
2011-03-28 18:20:31 -------- d-----w- C:\PROGRA~3\PC Tools
2011-03-28 11:09:48 -------- d-----w- C:\Users\Erika\AppData\Local\{1871E97B-F292-446C-A845-0440054BC07B}
2011-03-28 08:25:20 -------- d-----w- C:\Users\Erika\AppData\Local\{07969CB7-E38D-448C-A09B-A9105EF8E587}
2011-03-27 18:17:42 -------- d-----w- C:\Users\Erika\AppData\Local\{5C79E33C-9689-4FDD-8E6A-BDA21E0C7BF5}
2011-03-27 18:05:42 -------- d-----w- C:\Users\Erika\AppData\Local\{4FC92A79-E982-420E-9D0E-6D23561CB4A3}
2011-03-27 04:36:30 -------- d-----w- C:\Users\Erika\AppData\Local\{E0247CE6-60F9-4D80-BEB4-B49D5E8C13E4}
2011-03-27 01:20:09 49152 ----a-r- C:\Windows\SysWow64\MaJGUILib.dll
2011-03-27 01:20:09 45056 ----a-w- C:\Windows\SysWow64\MaXMLProto.dll
2011-03-27 01:20:09 106609 ----a-w- C:\Windows\SysWow64\MaJUtilLib.dll
2011-03-26 15:26:01 -------- d-----w- C:\Users\Erika\AppData\Local\{96C7CFBC-8CAD-425C-B065-0D1C6D6A2DD8}
2011-03-25 20:16:00 -------- d-----w- C:\Users\Erika\AppData\Local\{26BBD4F9-5444-49EB-BEF9-D33FA976CF74}
2011-03-25 07:21:16 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-03-25 07:18:17 -------- d-----w- C:\Users\Erika\AppData\Local\{5C5AC86F-0CF4-46AD-BCBD-69543243225B}
2011-03-24 18:34:44 -------- d-----w- C:\Users\Erika\AppData\Local\{ED1DC771-835C-4B60-A22B-65D64E09F5B6}
2011-03-23 23:33:43 -------- d-----w- C:\Users\Erika\AppData\Local\{B4689922-C29E-4127-A259-201E20710406}
2011-03-23 21:24:27 -------- d-----w- C:\Users\Erika\AppData\Roaming\Malwarebytes
2011-03-23 21:24:07 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-23 21:24:06 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-23 21:24:02 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-23 21:24:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-23 11:33:19 -------- d-----w- C:\Users\Erika\AppData\Local\{D73817D1-FFAA-49E1-A3E7-C2890F0A6868}
2011-03-23 11:33:19 -------- d-----w- C:\Users\Erika\AppData\Local\{018A192D-DD2E-4CC9-94F0-45F7A512230F}
2011-03-22 23:26:26 -------- d-----w- C:\Users\Erika\AppData\Local\{157F8986-251A-4849-B572-CF518B84C7AB}
2011-03-22 09:40:53 -------- d-----w- C:\Users\Erika\AppData\Local\{E35C6802-4950-469B-85F7-506522ED222F}
2011-03-22 09:16:06 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-03-21 21:40:28 -------- d-----w- C:\Users\Erika\AppData\Local\{A03E0A05-5F76-4E85-BAE8-27BB613891C4}
2011-03-21 08:40:50 -------- d-----w- C:\Users\Erika\AppData\Local\{0DA1B583-6CA7-46BA-886E-B07C35F4B9BB}
2011-03-20 20:40:25 -------- d-----w- C:\Users\Erika\AppData\Local\{FF2CB22F-2799-4EAD-AF54-6E1C233F111B}
2011-03-20 08:40:01 -------- d-----w- C:\Users\Erika\AppData\Local\{46B3F98C-7219-491F-8854-92F8DB36F5DC}
2011-03-19 18:26:22 -------- d-----w- C:\Users\Erika\AppData\Local\{88ED8ADD-FA0D-4BCC-8A2E-6DB83124B027}
2011-03-19 12:23:23 -------- d-----w- C:\PROGRA~3\TomTom
2011-03-19 12:23:12 -------- d-----w- C:\Users\Erika\AppData\Roaming\TomTom
2011-03-19 12:23:12 -------- d-----w- C:\Users\Erika\AppData\Local\TomTom
2011-03-19 12:23:07 -------- d-----w- C:\Program Files (x86)\TomTom International B.V
2011-03-19 12:22:59 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2
2011-03-19 12:22:16 -------- d-----w- C:\Program Files (x86)\TomTom DesktopSuite
2011-03-19 10:02:47 -------- d-----w- C:\Program Files (x86)\MarkAny
2011-03-19 10:02:27 -------- d-----w- C:\Program Files (x86)\Samsung
2011-03-19 10:00:43 -------- d-----w- C:\Manual-PCProgram
2011-03-19 08:15:37 -------- d-----w- C:\Users\Erika\AppData\Roaming\OpenOffice.org
2011-03-19 08:14:06 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-03-19 06:31:29 -------- d-----w- C:\Users\Erika\AppData\Local\GamePlayLabs Plugin
2011-03-19 06:22:40 -------- d-----w- C:\Users\Erika\AppData\Local\{ABCCEFA1-A2F5-4C0B-B4DF-5AC5978BFAFA}
2011-03-18 18:06:49 -------- d-----w- C:\Users\Erika\AppData\Local\{027B87B3-B2A8-492F-A5DA-400341E4D04F}
2011-03-17 12:09:16 -------- d-----w- C:\Users\Erika\AppData\Local\{742F1E62-47E9-4CBF-9E00-5115AD3F44BE}
2011-03-17 09:14:06 -------- d-----w- C:\Users\Erika\AppData\Roaming\PrimoPDF
2011-03-17 09:13:33 90624 ----a-w- C:\Windows\System32\Primomonnt.dll
2011-03-17 09:13:30 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2011-03-17 00:08:51 -------- d-----w- C:\Users\Erika\AppData\Local\{B88AC88A-4C23-422E-BD9B-F447F4747AB5}
2011-03-16 12:08:26 -------- d-----w- C:\Users\Erika\AppData\Local\{1B732042-6889-433E-9EBF-5DA0D7FF46B4}
2011-03-16 12:08:15 -------- d-----w- C:\Users\Erika\AppData\Roaming\Windows Live Writer
2011-03-16 12:08:15 -------- d-----w- C:\Users\Erika\AppData\Local\Windows Live Writer
2011-03-16 12:05:35 -------- d-----w- C:\Windows\it
2011-03-16 11:59:20 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-03-16 11:58:13 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-03-16 11:58:13 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-03-16 11:58:13 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-03-16 11:58:13 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-03-16 11:57:21 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-03-16 11:57:21 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-03-16 11:57:21 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-03-16 11:57:21 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-03-16 11:57:00 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40031b001cbe3d106\InstallManager_WLE_WLE.exe
2011-03-16 11:56:41 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\35c35bf51cbe3d105\MeshBetaRemover.exe
2011-03-16 11:56:36 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32cf65431cbe3d104\DSETUP.dll
2011-03-16 11:56:36 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32cf65431cbe3d104\DXSETUP.exe
2011-03-16 11:56:36 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32cf65431cbe3d104\dsetup32.dll
2011-03-16 11:56:27 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2d8679541cbe3d103\DSETUP.dll
2011-03-16 11:56:27 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2d8679541cbe3d103\DXSETUP.exe
2011-03-16 11:56:27 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2d8679541cbe3d103\dsetup32.dll
2011-03-16 11:55:47 -------- d-----w- C:\Users\Erika\AppData\Local\Windows Live
2011-03-15 20:07:38 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-03-15 20:07:21 -------- d-----w- C:\Users\Erika\AppData\Roaming\hpqLog
2011-03-15 20:00:12 -------- d-----w- C:\Users\Erika\AppData\Roaming\HP Support Assistant
2011-03-14 20:17:16 -------- d-----w- C:\Users\Erika\AppData\Local\CrashDumps
2011-03-14 07:21:03 -------- d-----w- C:\Users\Erika\AppData\Local\CyberLink
2011-03-14 07:16:16 -------- d-----r- C:\Program Files (x86)\Skype
2011-03-12 11:28:40 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-10 20:38:05 -------- d-----w- C:\Users\Erika\AppData\Local\Adobe
2011-03-10 20:24:20 61440 ----a-w- C:\Windows\SysWow64\NI_DFD_1_4.dll
2011-03-10 20:24:20 393216 ----a-w- C:\Windows\SysWow64\NI_IRC_1_1.dll
2011-03-10 20:24:20 393216 ----a-w- C:\Windows\SysWow64\NI_IRC_1_0_3.dll
2011-03-10 20:24:20 -------- d-----w- C:\Program Files (x86)\Native Instruments
2011-03-10 20:23:54 -------- d-----w- C:\Program Files (x86)\Finale GPO 2.0
2011-03-10 20:23:16 -------- d-----w- C:\PSFonts
2011-03-10 20:23:14 90112 ----a-w- C:\Windows\unvise32.exe
2011-03-10 20:22:41 -------- d-----w- C:\Program Files (x86)\Finale 2007
2011-03-10 18:53:56 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-03-10 18:53:52 -------- d-----w- C:\Users\Erika\SystemRequirementsLab
2011-03-10 08:50:43 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-03-10 08:50:43 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-03-10 08:49:44 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-03-10 08:49:44 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2011-03-10 08:49:14 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-03-10 08:49:14 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-03-10 08:20:12 -------- d-----w- C:\Windows\SysWow64\Wat
2011-03-10 08:20:12 -------- d-----w- C:\Windows\System32\Wat
2011-03-09 20:33:41 -------- d-----w- C:\PROGRA~3\Recovery
2011-03-09 17:54:49 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-03-09 17:54:49 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-03-09 17:54:49 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-03-09 17:54:49 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-03-09 17:54:49 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-03-09 17:54:48 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-03-09 17:54:48 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-03-09 17:54:48 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-03-09 17:54:48 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-03-09 17:54:48 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-03-09 17:54:37 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-03-09 17:50:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-03-09 17:50:48 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-03-09 17:50:48 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-03-09 17:50:48 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-03-09 17:50:38 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2011-03-09 17:50:38 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2011-03-09 17:50:22 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2011-03-09 17:50:22 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2011-03-09 17:50:22 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2011-03-09 17:50:21 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2011-03-09 17:38:58 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-03-09 17:23:17 -------- d-----w- C:\Intel
2011-03-09 12:24:43 14744 ----a-w- C:\Users\Erika\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2011-03-09 12:10:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-09 12:10:57 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-09 12:08:34 -------- d-----w- C:\Users\Erika\AppData\Roaming\Static Windows Live Mail Backup
2011-03-09 12:08:23 -------- d-----w- C:\Program Files (x86)\Static Windows Live Mail Backup
2011-03-09 11:57:12 -------- d-----w- C:\Program Files\Symantec
2011-03-09 11:51:39 -------- d-----w- C:\Users\Erika\AppData\Roaming\HpUpdate
2011-03-09 11:47:35 -------- d-----w- C:\Users\Erika\AppData\Local\ATI
2011-03-09 11:42:54 -------- d-----w- C:\Users\Erika\AppData\Local\Hewlett-Packard
.
==================== Find3M ====================
.
2011-03-19 10:01:51 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-03-09 12:03:48 588472 ----a-w- C:\Windows\SysWow64\ezsvc7x.dll
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-17 06:17:00 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-01-17 05:38:38 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-07 08:07:24 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 08:07:24 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:31:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 10:56:56,73 ===============


ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/03/2011 12:37:04
System Uptime: 01/04/2011 09:57:24 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1425
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 1450/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 146,807 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2,129 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0,093 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP46: 30/03/2011 12:00:54 - 30.3.11
RP47: 30/03/2011 12:02:51 - d 30.3.11
RP48: 30/03/2011 12:05:28 - Punto di ripristino di HP Support Assistant
RP49: 30/03/2011 12:05:31 - Punto di ripristino di HP Support Assistant
.
==== Installed Programs ======================
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3 MUI
Adobe Shockwave Player
Atheros Driver Installation Program
Avira AntiVir Personal - Free Antivirus
Catalyst Control Center InstallProxy
ContentSAFER for Wizmax
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
D3DX10
EmoDio
ESU for Microsoft Windows 7
Finale 2007
GamePlayLabs Plugin
Garritan Ambiance Installer
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides
HP Wireless Assistant
HPAsset component for HP Active Support Library
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.16)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Native Instruments Finale GPO 2.0
OpenOffice.org 3.3
Pacchetto di compatibilità per Office System 2007
Power2Go
PowerDirector
PrimoPDF -- brought to you by Nitro PDF Software
QLBCASL
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Skype™ 4.0
Static Windows Live Mail Backup 2.9
System Requirements Lab for Intel
TomTom HOME 2.8.1.2218
TomTom HOME Visual Studio Merge Modules
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
trammina
Active Member
 
Posts: 2
Joined: March 30th, 2011, 4:48 am
Advertisement
Register to Remove

Re: zbot trojan suspected but not found

Unread postby Carolyn » April 5th, 2011, 7:46 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool until instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

============================

Remove outdated programs
Current versions of these programs can be downloaded and installed after your computer is clean.
  • Go to start > control panel > programs and features.
  • Right click on each instance of:

    Adobe Reader 9.4.3 MUI
    Java(TM) 6 Update 22


  • Click Uninstall & then follow the prompts to remove them.

============================

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

============================

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the fix.

============================

Disable Windows Defender until the computer is clean

Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save

============================

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

============================

Please scan again with DDS. Post the DDS.txt file along with the ESET log for my review.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: zbot trojan suspected but not found

Unread postby Carolyn » April 10th, 2011, 8:23 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware