PDA

View Full Version : zbot memory b



emram
2012-09-27, 18:30
Hello, I would like help removing zbot memory b from my computer.
I used ERUNT and here is the log.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by Julia at 8:21:01 on 2012-09-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1667 [GMT -7:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxpers.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Users\Julia\AppData\Roaming\Umcoed\huuv.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pubmed.org/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [{0CC08F2B-614F-B393-3F1B-F8EF26247C5C}] C:\Users\Julia\AppData\Roaming\Umcoed\huuv.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BCEA3424-758C-440E-8E72-BE221A229BD5} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D4E5E8E6-6660-4E6A-BB57-5AC5248E7882} : NameServer = 0.0.0.0
TCP: Interfaces\{F3A73F29-C353-4A68-B604-0F58FD9CBCC3} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F3A73F29-C353-4A68-B604-0F58FD9CBCC3}\2375942554834303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F3A73F29-C353-4A68-B604-0F58FD9CBCC3}\271686F6D656 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F3A73F29-C353-4A68-B604-0F58FD9CBCC3}\341607E664275656D616E6D27457563747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F3A73F29-C353-4A68-B604-0F58FD9CBCC3}\34F66666565602245616E60275966496 : DhcpNameServer = 192.168.180.1
TCP: Interfaces\{F3A73F29-C353-4A68-B604-0F58FD9CBCC3}\A457C6961602970254D696C696F6 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\fo490z8v.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 2
FF - component: C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\fo490z8v.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Julia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 SAVOnAccess;SAVOnAccess;C:\windows\system32\DRIVERS\savonaccess.sys --> C:\windows\system32\DRIVERS\savonaccess.sys [?]
R3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
S3 sdcfilter;sdcfilter;C:\windows\system32\DRIVERS\sdcfilter.sys --> C:\windows\system32\DRIVERS\sdcfilter.sys [?]
S4 SophosBootDriver;SophosBootDriver;C:\windows\system32\DRIVERS\SophosBootDriver.sys --> C:\windows\system32\DRIVERS\SophosBootDriver.sys [?]
.
=============== Created Last 30 ================
.
2012-09-27 14:46:09 -------- d-----w- C:\Users\Julia\AppData\Roaming\Malwarebytes
2012-09-27 14:45:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-27 14:45:53 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-27 14:45:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-27 14:30:43 -------- d-----w- C:\75818d3fa85a7301f1e995b36924
2012-09-27 14:13:48 -------- d-----w- C:\windows\pss
2012-09-26 02:39:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19EA1B68-5F76-4A2B-BC9A-D5305D29F29A}\offreg.dll
2012-09-25 11:54:52 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19EA1B68-5F76-4A2B-BC9A-D5305D29F29A}\mpengine.dll
2012-09-20 23:47:45 49664 ----a-w- C:\windows\System32\CamCodec.dll
2012-09-20 23:47:45 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b
2012-09-12 14:43:45 -------- d-----w- C:\windows\1CE60928832549A88B06633E48DD2B67.TMP
2012-09-12 04:36:03 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-12 04:36:03 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-12 04:36:02 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-12 04:36:02 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-12 04:36:01 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-09-12 04:36:01 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 04:36:01 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-09-07 20:41:43 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-09-07 20:41:19 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-05 06:01:17 -------- d-----w- C:\Program Files (x86)\GlobFX
2012-08-30 01:51:13 -------- d-----w- C:\Users\Julia\AppData\Roaming\RealNetworks
2012-08-30 01:48:50 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-08-30 01:48:37 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-08-30 01:48:24 150736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-08-30 01:48:20 129176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
.
==================== Find3M ====================
.
2012-09-21 18:03:17 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 18:03:17 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-07 20:41:06 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-30 01:48:07 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-08-30 01:48:06 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-08-24 18:05:06 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2009-08-21 20:21:39 463152 ----a-w- C:\Program Files\setup.exe
.
============= FINISH: 8:22:49.34 ===============



Thanks a lot, guys.:cowboy:

ken545
2012-10-02, 00:12
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~ZbotMem-B/detailed-analysis.aspx
Just want to give you a heads up on this one, you need to use a known clean computer and change all your passwords for sites you use for banking or online purchases


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please






Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is NOT TICKED, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

ken545
2012-10-05, 14:48
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.