Jump to content

mattn

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Everything posted by mattn

  1. mattn
    I have the "security tool" and various other problems on my PC. I downloaded malware bytes, however, it cannot find "mbam.exe" when I try to run the program. Please help !! I ran a "combo fix" and got this log: ComboFix 09-10-14.01 - Todd Boyce 14/10/2009 18:20.1.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.292 [GMT -4:00] Running from: c:\documents and settings\Todd Boyce\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003 c:\recycler\S-1-5-21-469419311-136563276-3912834752-1003 c:\windows\Installer\3ac8c9c.msp c:\windows\Installer\577f6.msp c:\windows\system32\bincd32.dat c:\windows\system32\bulawasi.dll.tmp c:\windows\system32\bumokoju.dll c:\windows\system32\fofugapi.dll c:\windows\system32\hegarosa.dll c:\windows\system32\huholapu.dll c:\windows\system32\Ijl11.dll c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\jonijono.dll c:\windows\system32\kaholisa.dll c:\windows\system32\kowipali.dll c:\windows\system32\lunaladu.dll c:\windows\system32\matedibu.dll c:\windows\system32\nuar.old c:\windows\system32\pozayeda.dll c:\windows\system32\sakalimo.dll c:\windows\system32\schtml c:\windows\system32\schtml\dbsinit.exe c:\windows\system32\schtml\images\i1.gif c:\windows\system32\schtml\images\i2.gif c:\windows\system32\schtml\images\i3.gif c:\windows\system32\schtml\images\j1.gif c:\windows\system32\schtml\images\j2.gif c:\windows\system32\schtml\images\j3.gif c:\windows\system32\schtml\images\jj1.gif c:\windows\system32\schtml\images\jj2.gif c:\windows\system32\schtml\images\jj3.gif c:\windows\system32\schtml\images\l1.gif c:\windows\system32\schtml\images\l2.gif c:\windows\system32\schtml\images\l3.gif c:\windows\system32\schtml\images\pix.gif c:\windows\system32\schtml\images\t1.gif c:\windows\system32\schtml\images\t2.gif c:\windows\system32\schtml\images\up1.gif c:\windows\system32\schtml\images\up2.gif c:\windows\system32\schtml\images\w1.gif c:\windows\system32\schtml\images\w11.gif c:\windows\system32\schtml\images\w2.gif c:\windows\system32\schtml\images\w3.gif c:\windows\system32\schtml\images\w3.jpg c:\windows\system32\schtml\images\wt1.gif c:\windows\system32\schtml\images\wt2.gif c:\windows\system32\schtml\images\wt3.gif c:\windows\system32\schtml\wispex.html c:\windows\system32\surujesu.dll c:\windows\system32\suwumuwo.dll c:\windows\system32\togaruyu.dll c:\windows\system32\totemoze.dll.tmp c:\windows\system32\wispex.html c:\windows\wf3.dat c:\windows\wf4.dat ----- BITS: Possible infected sites ----- hxxp://82.98.235.208 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ANTIPOL ((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 ))))))))))))))))))))))))))))))) . 2009-10-14 22:14 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-14 22:14 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-14 21:20 . 2009-10-14 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-14 21:16 . 2009-10-14 21:16 -------- d-----w- c:\documents and settings\Todd Boyce\Application Data\Malwarebytes 2009-10-11 22:39 . 2009-10-11 22:39 1152 ----a-w- c:\windows\system32\windrv.sys 2009-10-11 22:39 . 2009-10-14 22:15 -------- d-----w- c:\program files\SpyNoMore 2009-10-11 18:57 . 2009-10-14 22:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-07 20:59 . 2009-10-07 20:59 36092 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-25 20:08 . 2009-10-14 21:14 -------- d-----w- c:\documents and settings\Todd Boyce\Local Settings\Application Data\Yahoo! . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-14 22:12 . 2008-11-19 06:48 -------- d-----w- c:\documents and settings\Todd Boyce\Application Data\U3 2009-10-14 21:15 . 2006-11-13 15:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-11 18:14 . 2006-06-09 19:51 -------- d-----w- c:\documents and settings\Todd Boyce\Application Data\Lavasoft 2009-10-07 22:37 . 2007-06-02 04:57 5347363 ----a-w- c:\windows\system32\mshcache.dll 2009-10-07 20:56 . 2005-05-28 12:23 -------- d-----w- c:\documents and settings\Todd Boyce\Application Data\Apple Computer 2009-08-23 14:26 . 2005-07-13 17:20 43232 -c--a-w- c:\documents and settings\Todd Boyce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-22 07:45 . 2009-08-22 07:45 -------- d-----w- c:\program files\MSBuild 2009-08-22 07:45 . 2009-08-22 07:45 -------- d-----w- c:\program files\Reference Assemblies 2009-08-06 23:24 . 2004-08-04 08:00 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-08-04 08:00 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2005-06-23 18:11 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-08-04 08:00 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-08-04 08:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-08-04 08:00 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2006-10-17 13:58 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 23:23 . 2005-05-26 08:19 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 23:23 . 2004-08-04 08:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 22:07 . 2009-07-14 22:07 51712 --sha-w- c:\windows\system32\dubunide.dll 2009-07-11 23:31 . 2009-07-11 23:31 1011385 --sha-w- c:\windows\system32\hohokaza.exe 2009-07-09 16:05 . 2009-07-09 16:05 1011298 --sha-w- c:\windows\system32\nirepuna.exe 2009-07-07 19:23 . 2009-07-07 19:23 1050147 --sha-w- c:\windows\system32\vumasege.exe 2009-07-14 22:07 . 2009-07-14 22:07 51712 --sha-w- c:\windows\system32\wijuhalu.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cadfad17-dcc0-4f48-94e9-2718f7538987}] 2009-07-14 22:07 51712 --sha-w- c:\windows\system32\wijuhalu.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-30 68856] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-05-28 26112] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-18 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-14 229438] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "SNM"="c:\program files\SpyNoMore\SNM.exe" [2009-10-08 1067472] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-4-15 118784] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\explorer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [16/03/2006 2:23 PM 58464] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [25/03/2007 9:58 AM 24652] S0 sfloppex;sfloppex; [x] S1 irdant;irdant; [x] S1 tcpip2k;tcpip2k; [x] . Contents of the 'Scheduled Tasks' folder 2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=laptop uDefault_Search_URL = hxxp://www.google.com/ie mWindow Title = Microsoft Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = www.java.com;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 . . ------- File Associations ------- . . - - - - ORPHANS REMOVED - - - - HKCU-Run-winlogonsys.exe - c:\documents and settings\Todd Boyce\My Documents\download\remmy343\Keylogger King Home\winlogonsys.exe HKLM-Run-tumasewif - c:\windows\system32\pozayeda.dll HKLM-Run-wasahujemu - sakalimo.dll HKLM-Explorer_Run-application - c:\windows\Resources\Themes\Luna\Shell\ACSPMonitor\ASMonitor.exe SharedTaskScheduler-{5fc0da56-3067-4e33-acc1-1b35e38797b1} - c:\windows\system32\sorubaro.dll SharedTaskScheduler-{5b586e9b-f4e3-4ec5-8b21-fa0fc458eef2} - c:\windows\system32\wudiyopi.dll SharedTaskScheduler-{384d30dd-887e-4933-96e0-908620156a6b} - c:\windows\system32\wudiyopi.dll SharedTaskScheduler-{1458fce0-f3ab-4140-9e64-469858ef9872} - c:\windows\system32\wudiyopi.dll SharedTaskScheduler-{2a381006-dadb-49cd-81a7-5ad72fe8a906} - c:\windows\system32\wujatedi.dll SharedTaskScheduler-{b696346d-8b33-4296-885a-2cb9d1a6046c} - c:\windows\system32\wudiyopi.dll SharedTaskScheduler-{6931056c-93f1-49e5-97fe-f3fde2bb791b} - c:\windows\system32\hikagazu.dll SharedTaskScheduler-{53666de1-2d55-45f2-9232-eb185e0d3645} - c:\windows\system32\pozayeda.dll SSODL-sokokolav-{5fc0da56-3067-4e33-acc1-1b35e38797b1} - c:\windows\system32\sorubaro.dll SSODL-husosajum-{5b586e9b-f4e3-4ec5-8b21-fa0fc458eef2} - c:\windows\system32\wudiyopi.dll SSODL-besibitah-{384d30dd-887e-4933-96e0-908620156a6b} - c:\windows\system32\wudiyopi.dll SSODL-butebepop-{1458fce0-f3ab-4140-9e64-469858ef9872} - c:\windows\system32\wudiyopi.dll SSODL-nevipepit-{2a381006-dadb-49cd-81a7-5ad72fe8a906} - c:\windows\system32\wujatedi.dll SSODL-gufujazov-{b696346d-8b33-4296-885a-2cb9d1a6046c} - c:\windows\system32\wudiyopi.dll SSODL-varanubay-{6931056c-93f1-49e5-97fe-f3fde2bb791b} - c:\windows\system32\hikagazu.dll SSODL-nawuhiwus-{53666de1-2d55-45f2-9232-eb185e0d3645} - c:\windows\system32\pozayeda.dll AddRemove-StreetPlugin - c:\program files\Learn2.com\StRunner\stuninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-14 18:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?0?4?6??@???? ???B?????????????H<C? ?????? scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(736) c:\windows\system32\EntApi.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(2448) c:\windows\system32\WININET.dll c:\windows\system32\EntApi.dll c:\windows\system32\wijuhalu.dll c:\windows\system32\ieframe.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\program files\Network Associates\VirusScan\shext.dll c:\program files\Network Associates\VirusScan\RES09\ShExtRes.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\program files\Network Associates\VirusScan\mcshield.exe c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe c:\program files\Network Associates\VirusScan\vstskmgr.exe c:\windows\system32\wdfmgr.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\progra~1\MICROS~1\rapimgr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\taskmgr.exe . ************************************************************************** . Completion time: 2009-10-14 18:42 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-14 22:41 Pre-Run: 18,325,684,224 bytes free Post-Run: 18,001,600,512 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 284 --- E O F --- 2009-09-13 07:15
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.