Trojan agent and Trojan banker cannot be removed from Malwarebytes.

[chirps]

Ran a scan and found a trojan agent and banker in my Java folders upon clicking remove selected a pop up appears saying some items could not be removed. Tried to remove the two viruses but upon running a scan after a reboot found that the buggers stuck around. I deleted all the Java folders I could find and ran another scan only to find the viruses still showing up with their location being the deleted Java folder. I ran a scan in safe mode and the mentioned viruses do not show up.

Could this be a false positive?

Anyways here are my logs.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4070

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

05/05/2010 5:41:28 PM

mbam-log-2010-05-05 (17-41-28).txt

Scan type: Quick scan

Objects scanned: 116671

Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files (x86)\Java.exe (Trojan.Banker) -> Delete on reboot.

C:\Program Files (x86)\JavaSDK.exe (Trojan.Agent) -> Delete on reboot.

_____________________________________________________________________

DDS (Ver_10-03-17.01) - NTFSX64

Run by chirps at 18:35:12.47 on 05/05/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.1788.979 [GMT -6:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\chirps\Desktop\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\chirps\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090325l0374z1m5r48923363

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090325l0374z1m5r48923363

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090325l0374z1m5r48923363

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090325l0374z1m5r48923363

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [LManager] c:\program files (x86)\launch manager\LManager.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll

AppInit_DLLs: c:\windows\syswow64\guard32.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe

mRun-x64: [Acer ePower Management] c:\program files\emachines\emachines power management\ePowerTray.exe

mRun-x64: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun-x64: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

AppInit_DLLs-X64: c:\windows\system32\guard64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jessy\appdata\roaming\mozilla\firefox\profiles\wurx2pjg.default\

FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-29 121936]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-3-23 233040]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-3-3 33208]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-21 203264]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-29 22096]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-29 63568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384]

R2 ePowerSvc;Acer ePower Service;c:\program files\emachines\emachines power management\ePowerSvc.exe [2009-8-21 844320]

R2 Greg_Service;GRegService;c:\program files (x86)\emachines\registration\GregHSRW.exe [2009-6-4 1150496]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]

R2 Updater Service;Updater Service;c:\program files\emachines\emachines updater\UpdaterService.exe [2009-8-21 240160]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-29 40384]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x64.sys [2009-11-13 67072]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-10-28 34872]

S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-19 135664]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]

S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2010-2-17 12872]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1255736]

=============== Created Last 30 ================

2010-05-06 00:32:09 0 ----a-w- c:\users\chirps\defogger_reenable

2010-05-04 08:12:47 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-04-30 04:24:54 206848 ----a-w- c:\windows\system32\unrar.dll

2010-04-30 04:24:53 100352 ----a-w- c:\windows\system32\ff_vfw.dll

2010-04-30 04:24:51 0 d-----w- c:\program files\KLCP64

2010-04-29 22:33:18 63568 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-04-29 22:32:54 38848 ----a-w- c:\windows\syswow64\avastSS.scr

2010-04-29 22:32:54 153184 ----a-w- c:\windows\syswow64\aswBoot.exe

2010-04-29 08:17:23 0 d-----w- c:\program files (x86)\Windows Installer Clean Up

2010-04-29 08:16:35 0 d-----w- c:\program files (x86)\MSECACHE

2010-04-27 22:52:03 1446912 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-27 22:52:03 12867072 ----a-w- c:\windows\syswow64\shell32.dll

2010-04-27 22:52:02 96768 ----a-w- c:\windows\syswow64\sspicli.dll

2010-04-27 22:52:02 22016 ----a-w- c:\windows\syswow64\secur32.dll

2010-04-27 22:52:02 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-04-27 22:11:00 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-04-26 05:02:40 524288 --sha-w- c:\users\chirps\ntuser.dat{d47022cc-50f0-11df-b80b-00262276ad54}.TMContainer00000000000000000002.regtrans-ms

2010-04-26 05:02:40 524288 --sha-w- c:\users\chirps\ntuser.dat{d47022cc-50f0-11df-b80b-00262276ad54}.TMContainer00000000000000000001.regtrans-ms

2010-04-26 05:02:39 65536 --sha-w- c:\users\chirps\ntuser.dat{d47022cc-50f0-11df-b80b-00262276ad54}.TM.blf

2010-04-22 05:50:34 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-04-22 05:50:33 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-04-22 05:50:33 145184 ----a-w- c:\windows\syswow64\java.exe

2010-04-21 04:02:03 0 d-----w- C:\Gorillaz - Plastic Beach [2010-MP3-Cov][bubanee]

2010-04-19 01:01:51 0 d-----w- C:\perflogs

2010-04-15 09:32:22 411368 ----a-w- c:\windows\syswow64\deployJava1.dll

2010-04-15 01:50:11 0 d-----w- c:\program files (x86)\SpywareBlaster

2010-04-14 03:05:06 612352 ----a-w- c:\windows\system32\vbscript.dll

2010-04-14 03:05:06 427520 ----a-w- c:\windows\syswow64\vbscript.dll

2010-04-14 03:04:18 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-14 03:04:18 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-14 03:04:18 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-14 03:04:08 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-14 03:04:07 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe

2010-04-14 03:04:07 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe

2010-04-13 23:34:09 220672 ----a-w- c:\windows\system32\wintrust.dll

2010-04-13 23:34:09 172032 ----a-w- c:\windows\syswow64\wintrust.dll

2010-04-13 23:34:06 139264 ----a-w- c:\windows\system32\cabview.dll

2010-04-13 23:34:06 132608 ----a-w- c:\windows\syswow64\cabview.dll

2010-04-13 23:09:08 0 d-----w- c:\programdata\NOS

2010-04-11 23:24:52 0 d-----w- c:\windows\CheckSur

2010-04-11 23:03:40 0 d-----w- c:\programdata\Windows Genuine Advantage

2010-04-11 12:37:17 0 d-----w- c:\programdata\Comodo Downloader

2010-04-11 12:36:22 0 d--h--w- C:\VritualRoot

2010-04-11 12:36:03 0 d-----w- c:\programdata\COMODO

2010-04-11 12:33:43 0 d-----w- c:\program files\COMODO

2010-04-11 10:29:18 0 d-----w- c:\users\chirps\appdata\roaming\Malwarebytes

2010-04-11 10:28:47 0 d-----w- c:\programdata\Malwarebytes

2010-04-11 10:28:46 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-11 10:28:46 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-04-11 09:27:38 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-04-11 09:27:29 0 d-----w- c:\users\chirps\appdata\roaming\SUPERAntiSpyware.com

2010-04-11 09:27:29 0 d-----w- c:\program files (x86)\SUPERAntiSpyware

2010-04-11 09:26:23 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard

2010-04-11 08:33:22 0 d-----w- c:\program files (x86)\CCleaner

2010-04-11 01:23:25 0 ----a-w- c:\windows\syswow64\config.nt

2010-04-11 01:23:04 0 d-----w- c:\programdata\Alwil Software

2010-04-11 01:23:04 0 d-----w- c:\program files\Alwil Software

==================== Find3M ====================

2010-04-12 22:04:53 353520 ----a-w- c:\windows\system32\guard64.dll

2010-04-12 22:04:48 277240 ----a-w- c:\windows\syswow64\guard32.dll

2010-04-12 22:04:41 33208 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-04-12 22:04:40 19840 ----a-w- c:\windows\system32\drivers\cmderd.sys

2010-04-12 22:04:39 233040 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2010-03-15 04:53:08 3120 ----a-w- c:\windows\syswow64\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll

2010-02-24 16:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll

2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll

2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-01-14 17:09:00 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat

2010-01-14 17:09:00 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat

2010-01-14 17:09:00 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

2010-01-15 10:37:40 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-01-24 01:17:07 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:36:33.61 ===============

Thanks!

Attach.zip

[chirps]

Bump.

[chirps]

One more try.

[screen317]

Hi and welcome to Malwarebytes.

My apologies for the extended delay. Do you still need help?

[chirps]

Sure.

[screen317]

Okay.

Click Start --> Run, and type in this command:

mbam.exe /developer

Press Enter. MBAM will open. Update it, then run a Quick Scan and post its log.

If those files are still being detected, attach them here and I will have out developers look at this.

[chirps]

Here it is:

mbam_log_2010_06_08__21_47_42_.txt

[screen317]

Hi,

Please go to VirusTotal, and upload the following files for analysis:

C:\Program Files (x86)\Java.exe

C:\Program Files (x86)\JavaSDK.exe

Post the results in your reply.

After that, zip up those two files and attach them into your reply.

[chirps]

Do not have those files as I uninstalled Java when I first caught this had trouble with the uninstall and as mentioned in my first post I deleted all the Java folders I could find. I did a reinstall of Java a few weeks ago and there seems to be no Java folder in program files (x86) but there is one in program files.

[screen317]

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:

  :filefind
  Java™.exe
  JavaSDK.exe

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

-screen317

[chirps]

No files found

SystemLook.txt

[screen317]

chirps,

I am consulting with our developers and will be back with you as soon as possible. We appreciate your patience.

In the meantime, could you please update your database and confirm that the latest database is still detecting this?

If so, please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu). Run a scan from Safe Mode and see if the detections still occur.

-screen317

[chirps]

No problem.

Still getting the detections and the pop up that some of the items may not be removed and a scan in Safe mode detects nothing.

[screen317]

Hi,

Could you please run DDS again? This time, post only attach.txt for me.

[chirps]

Here it is.

Attach.zip

[screen317]

Hi,

Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java Auto Updater

Java 6 Update 19

Java 6 Update 20

Restart your computer.

Update MBAM, run a Quick Scan, and see if the detections persist.

[chirps]

Yeah still getting the detections.

[screen317]

Hi,

Your security software could be interfering here.

To troubleshoot, first please uninstall Avira, restart your computer, and see if the detections are still occurring. If so, uninstall Comodo completely, restart, and try again. If it's still being detected, uninstall SUPERAntiSpyware, restart your computer, and try again.

If the detections persist, let me know and we'll try something else.

[chirps]

Took a look at Comodo''s suspicious activities list and found it was blocking malwarebytes. So I did an uninstall of Comodo first and ran a quick scan and am now getting no detections.

[screen317]

Great, we've found the culprit then.

Reinstall Comodo and see if you can add these files to its exclusion list:

* C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

* C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

* C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

* C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll

* C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

* C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

* C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

* C:\Windows\System32\drivers\mbam.sys

* C:\Windows\System32\drivers\mbamswissarmy.sys

After that, restart your computer, run a scan with MBAM, and see if the detections persist.

[chirps]

Ok the only files I could not find to add to the trusted application list were:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

C:\Windows\System32\drivers\mbamswissarmy.sys

Ran a scan without the two applications on the list and Malwarebytes showed no detections.

[screen317]

Great.

Are you encountering any other issues?

[chirps]

None that I can see. It seems my computer's protection is in roughly good shape. I just have to check a hang issue with Avira and I am good to go. Thanks for the help and advice, Appreciate it!

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!