Agent ZMK removal

Computing.Net > Forums > Security and Virus > Agent ZMK removal

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Agent ZMK removal

Name: delexus
Date: August 9, 2008 at 14:41:22 Pacific
OS: XP Home
CPU/Ram: 2.6Mhz/512
Product: Dell Dim 3000

Comment:

Avg has detected back door Agent ZMK but can't remove it. Neither can Spybot, Spyware Detector, Avira. Any suggestions would be greatly appreciated.

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: August 9, 2008 at 17:23:48 Pacific

Reply:

I think you already have Hijack This installed on your computer and your java is updated to the 6.7 version so no need to do that, if I'm wrong let me know cause we will need to do that.
Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Please download Malwarebytes' Anti-Malware from one of these sites:
MalwareBytes1
MalwareBytes2
1. Double Click mbam-setup.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Response Number 2

Name: delexus
Date: August 10, 2008 at 00:01:21 Pacific

Reply:

Malwarebytes' Anti-Malware 1.24
Database version: 1036
Windows 5.1.2600 Service Pack 3
11:17:55 PM 8/9/2008
mbam-log-8-9-2008 (23-17-55).txt
Scan type: Quick Scan
Objects scanned: 40181
Time elapsed: 3 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Response Number 3

Name: jabuck
Date: August 10, 2008 at 07:51:33 Pacific

Reply:

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Next, empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Response Number 4

Name: delexus
Date: August 10, 2008 at 12:31:29 Pacific

Reply:

----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 10, 2008 19:00:58
Records in database: 1079422
----------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 37951
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 00:55:48

File name / Threat name / Threats count
C:\Documents and Settings\Owner\My Documents\My Documents\SetUp\FLV2Video_Install.exe Infected: not-a-virus:AdWare.Win32.AdMoke.agg 1
C:\Documents and Settings\Owner\My Documents\My Documents\SetUp\FLV2Video_Install.exe Infected: Backdoor.Win32.Sheldor.bj 1
The selected area was scanned.
Kasp seems to be detecting the setup applications I used to install Moyea video downloader and FLV converter programs.

Response Number 5

Name: jabuck
Date: August 10, 2008 at 13:26:38 Pacific

Reply:

Must be a false positive. Is everything running ok now?

agent!ik removal win32 agent.odg removal trojan agent tdss removal	trojan-agent-tdss removal tool trojan-agent-tdss removal tool trojan-agent-tdss removal tool
See More

Response Number 6

Name: delexus
Date: August 10, 2008 at 16:13:26 Pacific

Reply:

No. Whenever I try to open my checkbook program the AV program alerts of the Trojan giving the location as C:\Documents and Settings\...\RBInternetEncodings600.dll. I have an Acronis HD backup that was made before any virus problems. If only there was some way I could delete the infected file, I have a clean healthy one I could replace it with.

Response Number 7

Name: jabuck
Date: August 10, 2008 at 17:00:59 Pacific

Reply:

Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.

Response Number 8

Name: delexus
Date: August 11, 2008 at 19:22:03 Pacific

Reply:

Here is the Combo Fix Log - thanks
ComboFix 08-08-10.06 - Owner 2008-08-11 18:58:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.261 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
2008-08-10 10:26 . 2008-08-11 18:54 88,576 --ah----- C:\Documents and Settings\Owner\Application Data\rbap550.dll
2008-08-10 07:41 . 2008-08-10 09:49 <DIR> d-------- C:\Program Files\a-squared Free
2008-08-09 23:11 . 2008-08-09 23:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 23:11 . 2008-08-09 23:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-09 23:11 . 2008-08-09 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 23:11 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-09 23:11 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-09 22:06 . 2008-08-09 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-09 22:05 . 2008-08-09 22:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-09 18:18 . 2008-08-10 15:59 <DIR> d-------- C:\Program Files\My Checkbook
2008-08-09 16:38 . 2008-08-09 16:38 <DIR> d-------- C:\Program Files\Avira
2008-08-09 16:08 . 2008-08-09 16:08 74 --a------ C:\WINDOWS\st_affiliate.ini
2008-08-08 00:14 . 2008-08-08 00:14 <DIR> d-------- C:\Program Files\AVG
2008-08-07 05:29 . 2008-08-07 05:52 <DIR> d-------- C:\Program Files\Wal-Mart Music Downloads Store
2008-08-02 07:29 . 2008-08-07 04:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-02 07:29 . 2008-08-02 07:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-29 20:04 . 2008-07-29 20:04 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-29 20:04 . 2008-07-29 20:04 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-29 20:04 . 2008-07-29 20:04 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-29 20:04 . 2008-07-29 20:04 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-29 20:00 . 2008-07-29 20:05 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 19:51 . 2008-07-29 19:51 <DIR> d-------- C:\WINDOWS\EHome
2008-07-29 07:14 . 2008-04-13 17:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-07-29 07:13 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-23 19:40 . 2008-08-09 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 02:01 132,116 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-12 02:01 11,841,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-12 01:18 --------- d-----w C:\Program Files\Dl_cats
2008-08-12 01:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\mjusbsp
2008-08-10 05:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-10 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 05:53 7,385 ----a-w C:\Program Files\HJT 080908 C.txt
2008-08-09 11:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-06 07:55 --------- d-----w C:\Program Files\Java
2008-08-04 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-03 18:41 6,866,206 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-07-29 01:16 3,212,288 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-07-29 01:16 1,882,624 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-07-12 04:20 --------- d-----w C:\Program Files\Common Files\Logitech
2008-07-12 04:20 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-12 04:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 15:02 1,756,160 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-05 22:18 --------- d-----w C:\Program Files\Common Files\LogiShared
2008-07-05 22:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2008-07-01 12:17 20,658,217 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_01_05_10_55_full.dmp.zip
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-01-28 03:39 74 ----a-w C:\Program Files\Hibernate.bat
2007-08-22 02:55 84,418 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2007-08-07 03:21 55 ----a-w C:\Program Files\Shutdown.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"cdloader"="C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 12:37 50520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 14:41 69632]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-20 18:27 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 14:28 266497]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-11 20:54:29 805392]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [2006-07-25 02:01:00 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-02-16 18:49 149024 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-02-16 18:57 1945960 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
--a------ 2004-11-10 12:36 290816 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-02-16 18:45 1169776 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
"UPS"=3 (0x3)
"TermService"=3 (0x3)
"SwPrv"=3 (0x3)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanserver"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Dnscache"=2 (0x2)
"Browser"=2 (0x2)
"ALG"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 12:23]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.exe [2008-06-12 14:59]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 13:22]
S3 uba500s;uba500s;C:\WINDOWS\system32\DRIVERS\uba500s.sys [2003-03-17 22:19]
S3 UBA500U;US Logic BA500 USB Driver;C:\WINDOWS\system32\Drivers\uba500u.sys [2003-03-17 22:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
\Shell\phone\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75abbef1-150e-11dc-90f6-a5b2aeeb782f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-07-26 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-04-17 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\8tok6pp1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 19:03:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
r Running Proce
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-08-11 19:05:47 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-08-12 02:05:38
Pre-Run: 101,096,935,424 bytes free
Post-Run: 101,069,312,000 bytes free
196 --- E O F --- 2008-07-11 02:09:37

Response Number 9

Name: jabuck
Date: August 11, 2008 at 20:12:35 Pacific

Reply:

Much Better, your computer appears clean, a few final steps. Let us know how your computer is operating.
Go to start> run > type in ComboFix /u (note the space after combofix) then press enter. This will uninstall combofix.
Go to start>control panel> add/remove programs and uninstall these programs if you want to:
Malwarebytes
Hijack This

You should keep ATF Cleaner, its a good tool to run weekly.
Empty the restore folder. Go to start>control panel> system> system restore tab> check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Response Number 10

Name: delexus
Date: August 11, 2008 at 20:56:16 Pacific

Reply:

Thank you

Response Number 11

Name: jabuck
Date: August 12, 2008 at 03:31:40 Pacific

Reply:

Glad we could help.

Sponsored Link

Ads by Google

Trash Can Filter

Please help. No applicati...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Agent ZMK removal

BackDoor.agent.b virus

Summary

www.computing.net/answers/security/backdooragentb-virus/13700.html

Trojan Horse: BackDoor.Agent.BA

Summary

www.computing.net/answers/security/trojan-horse-backdooragentba/12291.html

backdoor.agent.ba removal

Summary

www.computing.net/answers/security/backdooragentba-removal/12526.html

From the Geek Dictionary
L33T - L33T Was actually created in 1980's where people in chatrooms were using AS...

Ask a Question!

Weekly Poll
Do you believe in Video Game Addiction?

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History

Recent Posts
ASUS P5Q Deluxe and PC Speaker

sharing Problem

zg5 wont go past blue xp screen

Disappearing drives

Name of this 90's computer game?

All Awaiting Reply

Tom's News
Commodore 64 Emulator Returns to App Store

Check Out the Homemade Portable GameCube

Apple Working on "World Mode" iPhone

EA: Single-Player A Thing of the Past

Yahoo Officially Lands on China's Porn List

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE