win32.Zafi.B (PLZ HELP ASAP)

View previous topic View next topic Go down

win32.Zafi.B (PLZ HELP ASAP)

Post by Laith on 11th January 2009, 12:04 pm

I went through the other posts and i didnt find a solution for win32.Zafi.B problem. It keeps blocking me from accessing into websites and gives me the protection error, please help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:17, on 1/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Laith\Downloads\aswclnr.exe
C:\Users\Laith\Downloads\aswclnr.tmp
C:\Users\Laith\Downloads\stinger1001602.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

= [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

about:blank
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet

Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no

file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-

0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12

\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {80123684-A222-4009-8220-A867294D6DE8} -

(no file)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe"

/auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows

Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power

Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program

Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program

Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software

Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32

\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program

Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart

Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware

Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows

Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [winclock]

"C:\Users\Laith\AppData\Roaming\Google\winck.exe" 2
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -

[You must be registered and logged in to see this link.]
O8 - Extra context menu item: الدليل السريع - C:\Windows\ww80.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF

-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0

\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c

-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} -

[You must be registered and logged in to see this link.] (file

missing)
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object)

- [You must be registered and logged in to see this link.]
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl

Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - [You must be registered and logged in to see this link.]

us.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games -

Installer) -

[You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

[You must be registered and logged in to see this link.]

.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl

Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-

3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12

\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) -

Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION -

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -

Unknown owner - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program

Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program

Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -

C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -

C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools

- C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools

- C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC

Connectivity Solution\ServiceLayer.exe
O23 - Service: Notebook Performance Tuning Service

(TempoMonitoringService) - Toshiba Europe GmbH - C:\Program

Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) -

TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation

- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION -

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead

Systems, Inc. - C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe

--
End of file - 9745 bytes

Laith
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-01-11
OS OS : Windows Vista
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32.Zafi.B (PLZ HELP ASAP)

Post by Belahzur on 11th January 2009, 1:21 pm

That is completely unreadable, but nevermind, I can see the problem.

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32.Zafi.B (PLZ HELP ASAP)

Post by Laith on 12th January 2009, 4:04 am

The DDS.txt


DDS (Ver_09-01-07.01) - NTFSx86 NETWORK
Run by Laith at 15:01:59.47 on Mon 01/12/2009
Internet Explorer: 8.0.6001.17184
Microsoft® Windows Vista™ Home Premium

6.0.6001.1.1256.968.1033.18.1021.490 [GMT 11:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Laith\Documents\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-

784b7d6be0b3} - c:\program files\adobe\acrobat 7.0

\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer:

{3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e}

- c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} -

c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-

5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
TB: {80123684-A222-4009-8220-A867294D6DE8} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe"

/background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -

hide
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe

SVPwUTIL
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NSLauncher] c:\program files\nokia\nokia software

launcher\NSLauncher.exe /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -

atboottime
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32

\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32

\NvMcTray.dll,NvTaskbarInit
mRun: [Camera Assistant Software] "c:\program files\camera assistant

software for toshiba\traybar.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide

/waitservice
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12

\GrooveMonitor.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe"

/background
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12

\EXCEL.EXE/3000
IE: الدليل السريع - c:\windows\ww80.html
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - [You must be registered and logged in to see this link.]

bin/toshiba/tracker_url.pl?EN
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-

ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-

E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-

F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-

96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-

52453494e6cd} - c:\program files\microsoft office\office12

\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -

c:\users\laith\appdata\roaming\mozilla\firefox\profiles\4yjjhw20.defaul

t\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin:

c:\users\laith\appdata\roaming\mozilla\firefox\profiles\4yjjhw20.defaul

t\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

============= SERVICES / DRIVERS ===============

R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-1-11

160792]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware

doctor\pctsAuxs.exe [2009-1-11 356920]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32

\drivers\ggflt.sys [2007-11-13 13352]
S4 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe

[2008-3-13 472320]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program

files\microsoft visual studio 8\common7\ide\remote debugger\x86

\msvsmon.exe [2007-2-22 2808664]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe

[2006-11-2 9216]
S4 TempoMonitoringService;Notebook Performance Tuning Service

;c:\program files\toshiba tempo\TempoSVC.exe [2007-10-29 95624]

=============== Created Last 30 ================

2009-01-11 22:59 --d-----

c:\users\laith\appdata\roaming\Malwarebytes
2009-01-11 22:59 15,504 a------- c:\windows\system32

\drivers\mbam.sys
2009-01-11 22:59 38,496 a------- c:\windows\system32

\drivers\mbamswissarmy.sys
2009-01-11 22:59 --d-----

c:\programdata\Malwarebytes
2009-01-11 22:59 --d----- c:\program

files\Malwarebytes' Anti-Malware
2009-01-11 22:59 --d----- c:\progra~2

\Malwarebytes
2009-01-11 22:52 --d----- c:\program files\Trend

Micro
2009-01-11 03:12 160,792 a------- c:\windows\system32

\drivers\pctfw2.sys
2009-01-11 03:11 --d----- c:\program files\common

files\PC Tools
2009-01-11 03:11 81,288 a------- c:\windows\system32

\drivers\iksyssec.sys
2009-01-11 03:11 66,952 a------- c:\windows\system32

\drivers\iksysflt.sys
2009-01-11 03:11 40,840 a------- c:\windows\system32

\drivers\ikfilesec.sys
2009-01-11 03:11 29,576 a------- c:\windows\system32

\drivers\kcom.sys
2009-01-11 03:11 --d-----

c:\users\laith\appdata\roaming\PC Tools
2009-01-11 03:11 --d----- c:\programdata\PC Tools
2009-01-11 03:11 --d----- c:\program

files\Spyware Doctor
2009-01-11 03:11 --d----- c:\progra~2\PC Tools
2008-12-29 20:56 --d----- c:\program files\Super

Internet TV
2008-12-28 22:14 --d----- c:\program files\Free

Internet TV
2008-12-22 23:06 --d----- c:\users\laith\Tracing
2008-12-22 23:01 --d----- c:\program

files\Microsoft
2008-12-22 23:01 --d----- c:\program

files\Windows Live SkyDrive
2008-12-22 22:55 --d----- c:\program files\common

files\Windows Live
2008-12-13 18:53 --d-----

c:\programdata\Macrovision
2008-12-13 18:53 --d----- c:\program files\common

files\Macromedia Shared
2008-12-13 18:52 --d----- c:\program

files\Macromedia

==================== Find3M ====================

2009-01-12 03:08 13,025 a-------

c:\users\laith\appdata\roaming\nvModes.dat
2008-12-02 22:37 49,480 a------- c:\windows\system32

\sirenacm.dll
2008-11-02 15:29 143,360 a-------

c:\windows\inf\infstrng.dat
2008-11-02 15:29 86,016 a-------

c:\windows\inf\infpub.dat
2008-11-02 15:28 143,360 a-------

c:\windows\inf\infstor.dat
2008-11-01 14:44 2,154,496 a-------

c:\windows\apppatch\AcGenral.dll
2008-11-01 14:44 541,696 a-------

c:\windows\apppatch\AcLayers.dll
2008-11-01 14:44 460,288 a-------

c:\windows\apppatch\AcSpecfc.dll
2008-11-01 14:44 173,056 a-------

c:\windows\apppatch\AcXtrnal.dll
2008-11-01 14:44 28,672 a------- c:\windows\system32

\Apphlpdm.dll
2008-11-01 12:21 4,240,384 a-------

c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 17:29 2,927,104 a-------

c:\windows\explorer.exe
2008-10-29 09:36 823,296 a------- c:\windows\system32

\divx_xx0c.dll
2008-10-29 09:36 823,296 a------- c:\windows\system32

\divx_xx07.dll
2008-10-29 09:35 815,104 a------- c:\windows\system32

\divx_xx0a.dll
2008-10-29 09:35 802,816 a------- c:\windows\system32

\divx_xx11.dll
2008-10-29 09:35 684,032 a------- c:\windows\system32

\DivX.dll
2008-10-27 05:57 8,204 a-------

c:\users\laith\Magic.Message.zip
2008-10-22 14:57 241,152 a------- c:\windows\system32

\PortableDeviceApi.dll
2008-10-22 12:22 2,048 a------- c:\windows\system32

\tzres.dll
2008-10-21 16:25 296,960 a------- c:\windows\system32

\gdi32.dll
2008-10-21 16:25 1,645,568 a-------

c:\windows\system32\connect.dll
2008-10-17 07:56 1,524,736 a-------

c:\windows\system32\wucltux.dll
2008-10-17 07:55 83,456 a------- c:\windows\system32

\wudriver.dll
2008-10-16 14:08 162,064 a------- c:\windows\system32

\wuwebv.dll
2008-10-16 13:56 31,232 a------- c:\windows\system32

\wuapp.exe
2008-06-12 00:21 665,600 a-------

c:\windows\inf\drvindex.dat
2008-06-11 04:36 174 a--sh--- c:\program

files\desktop.ini
2007-09-09 10:43 81,920 a-------

c:\users\laith\appdata\roaming\ezpinst.exe
2007-09-09 10:43 47,360 a-------

c:\users\laith\appdata\roaming\pcouffin.sys
2006-11-02 23:42 287,440 a-------

c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 23:42 287,440 a-------

c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 23:42 30,674 a-------

c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 23:42 30,674 a-------

c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 20:20 287,440 a-------

c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 20:20 287,440 a-------

c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 20:20 30,674 a-------

c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 20:20 30,674 a-------

c:\windows\inf\perflib\0000\perfc.dat
2005-05-12 22:32 225,280 a-------

c:\users\laith\setup.exe
2002-03-11 08:06 1,822,520 a-------

c:\users\laith\instmsiw.exe

============= FINISH: 15:03:55.34 ===============

Laith
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-01-11
OS OS : Windows Vista
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Re: win32.Zafi.B (PLZ HELP ASAP)

Post by Belahzur on 12th January 2009, 2:00 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :processes
    explorer.exe

    :files
    C:\Users\Laith\AppData\Roaming\Google\*.*

    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "winclock"=-

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: win32.Zafi.B (PLZ HELP ASAP)

Post by Doctor Inferno on 28th March 2009, 8:10 am

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum