Jump to content

Malwarebytes Anti-Malware not installing (v.2)


Recommended Posts

Hello! I've been experiencing issues installing MBAM. All details can be found here: http://www.malwarebytes.org/forums/index.php?showtopic=19621

I have created another topic because AdvancedSetup can no longer help me! I have gone through a few steps already but haven't been given further instructions. The old topic can be found here: http://www.malwarebytes.org/forums/index.php?showtopic=19739

Link to post
Share on other sites

Hi master131

Copy the contents of the code (dont include the word code) box below into a new notepad document (not wordpad or another text editor).

Click file> save as...> call it check.bat > file types *all files*> and save it to your desktop.

For /F "TOKENS=*" %%g IN ('dir /s /a hsr /b  %systemdrive%\vbalsg^*.ocx,%systemdrive%\ssubtmr^* 2^>nul') Do @echo "%%~g" %%~zg %%~ag >>report.txt 2>nulstart notepad report.txt & exit

Run check.bat then post the text that will open please

You still have combofix ?

run the program (whith your antivirus disabled) allow it to update and post its log,

Link to post
Share on other sites

Here's the report generated from the batch code:

"C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx" 496912 --a------

"C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll" 46352 --a------

Here's the ComboFix log:

(Just to let you know RebirthRO is not a virus. It is an online game I used to play. I uninstalled it and it forgot to delete the start menu entries and I couldn't remove it manually. Luckily, ComboFix deleted it! :) )

ComboFix 09-08-04.03 - Tommy lu 05/08/2009 15:58.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2046.1382 [GMT 10:00]

Running from: c:\documents and settings\Tommy lu\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Tommy lu\Start Menu\Programs\RebirthRO Full Client

c:\windows\RebirthRO Full Client

c:\windows\RebirthRO Full Client \uninstall.exe

.

---- Previous Run -------

.

c:\documents and settings\Tommy lu\Application Data\inst.exe

c:\windows\Installer\1cf9ac.msi

c:\windows\system32\_004958_.tmp.dll

c:\windows\system32\_004960_.tmp.dll

c:\windows\system32\_004968_.tmp.dll

c:\windows\system32\_004969_.tmp.dll

c:\windows\system32\_004970_.tmp.dll

c:\windows\system32\_004972_.tmp.dll

c:\windows\system32\_004973_.tmp.dll

c:\windows\system32\_004976_.tmp.dll

c:\windows\system32\_004977_.tmp.dll

c:\windows\system32\_004986_.tmp.dll

c:\windows\system32\_004987_.tmp.dll

c:\windows\system32\_004992_.tmp.dll

c:\windows\system32\_004994_.tmp.dll

c:\windows\system32\_004997_.tmp.dll

c:\windows\system32\_005000_.tmp.dll

c:\windows\system32\_005002_.tmp.dll

c:\windows\system32\_005003_.tmp.dll

c:\windows\system32\_005007_.tmp.dll

c:\windows\system32\_005008_.tmp.dll

c:\windows\system32\_005009_.tmp.dll

c:\windows\system32\_005010_.tmp.dll

c:\windows\system32\_005015_.tmp.dll

c:\windows\system32\_005017_.tmp.dll

c:\windows\system32\OGACheckControl.dll

.

((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))

.

2009-08-05 05:54 . 2009-08-05 05:54 152576 ----a-w- c:\documents and settings\Tommy lu\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-05 05:52 . 2009-08-03 03:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-05 05:52 . 2009-08-05 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-05 05:52 . 2009-08-05 05:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-05 05:52 . 2009-08-03 03:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-02 07:37 . 2009-08-02 07:37 -------- d-----w- c:\documents and settings\Tommy lu\Application Data\Grasssoft

2009-08-02 07:37 . 2009-08-02 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Grasssoft

2009-08-02 07:37 . 2009-08-02 07:37 -------- d-----w- c:\program files\GrassSoft

2009-08-02 04:24 . 2007-12-26 07:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll

2009-08-02 04:24 . 2009-08-04 11:26 -------- d-----w- c:\program files\Cheat Engine

2009-08-02 04:24 . 2007-12-26 07:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll

2009-08-01 04:34 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll

2009-08-01 04:33 . 2009-08-01 04:33 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2009-08-01 03:58 . 2009-08-01 03:58 -------- d-----w- c:\windows\Performance

2009-08-01 03:57 . 2009-08-01 03:57 -------- d-----w- c:\documents and settings\Tommy lu\Local Settings\Application Data\Microsoft Corporation

2009-07-27 10:34 . 2009-07-27 10:34 -------- d-----w- C:\Sandbox

2009-07-27 10:33 . 2009-08-03 02:40 -------- d-----w- c:\program files\Sandboxie

2009-07-26 04:41 . 2009-07-26 05:03 -------- d-----w- c:\temp\database

2009-07-26 04:02 . 2009-07-26 04:09 105079 ----a-w- c:\documents and settings\Tommy lu\mbam-database.exe

2009-07-21 11:08 . 2009-07-21 11:08 -------- d-----w- c:\program files\Trend Micro

2009-07-18 13:29 . 2009-07-18 13:29 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2009-07-13 06:26 . 2009-07-13 06:26 -------- d-----w- c:\program files\Common Files\Futuremark Shared

2009-07-12 12:09 . 2009-08-01 05:44 -------- d-----w- c:\program files\Counter-Strike Source

2009-07-12 10:21 . 2009-07-12 10:21 -------- d-----w- c:\program files\Windows Resource Kits

2009-07-12 09:51 . 2009-07-18 10:03 -------- d-----w- c:\program files\Styler

2009-07-12 01:20 . 2009-07-12 01:20 330768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\x64\6.0\klif.sys

2009-07-12 01:20 . 2009-07-12 01:20 280592 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\6.0\klif.sys

2009-07-12 01:20 . 2009-07-12 01:20 307728 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\x64\5.2\klif.sys

2009-07-12 01:19 . 2009-07-12 01:19 296976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys

2009-07-12 01:19 . 2009-07-12 01:19 128016 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys

2009-07-12 01:11 . 2009-07-12 01:11 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat

2009-07-09 04:19 . 2009-07-09 04:31 -------- d--h--w- c:\windows\Icons

2009-07-08 01:38 . 2009-07-08 01:38 -------- d-----w- c:\documents and settings\Tommy lu\Application Data\Styler

2009-07-07 09:52 . 2009-07-07 09:52 -------- d-----w- c:\program files\Vista Drive Status

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-05 05:55 . 2006-05-07 05:26 -------- d-----w- c:\program files\Java

2009-08-05 05:46 . 2009-03-08 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-08-03 10:03 . 2006-10-02 06:52 -------- d-----w- c:\program files\Common Files\Teleca Shared

2009-08-02 03:35 . 2009-04-05 04:31 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-01 05:33 . 2006-12-15 04:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-01 04:34 . 2009-05-03 08:31 604488 ----a-w- c:\windows\system32\TUProgSt.exe

2009-08-01 04:33 . 2009-01-21 05:24 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-08-01 04:29 . 2006-10-02 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca

2009-08-01 04:27 . 2006-10-02 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson

2009-07-24 19:23 . 2008-11-06 07:38 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-22 06:30 . 2009-06-08 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-07-20 07:17 . 2009-04-19 03:01 -------- d-----w- c:\program files\SpywareBlaster

2009-07-18 08:06 . 2009-04-25 09:27 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-07-18 08:06 . 2009-04-25 09:26 183112 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-07-18 07:02 . 2009-04-10 23:02 -------- d-----w- c:\program files\Optus Wireless Broadband

2009-07-18 01:44 . 2006-05-08 11:10 -------- d-----w- c:\documents and settings\Tommy lu\Application Data\LimeWire

2009-07-16 07:27 . 2009-04-05 02:50 -------- d-----w- c:\program files\IObit

2009-07-13 06:26 . 2006-05-01 05:50 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-12 00:59 . 2009-03-08 23:13 4972 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-07-12 00:59 . 2009-03-08 23:13 4433440 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-12 00:59 . 2009-03-08 23:13 36764 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-12 00:59 . 2009-03-08 23:13 1138720 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-07-12 00:57 . 2009-03-08 23:13 -------- d-----w- c:\program files\Kaspersky Lab

2009-07-12 00:52 . 2009-03-08 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-07-07 07:56 . 2008-10-05 05:46 2285056 ----a-w- c:\windows\system32\TUKernel.exe

2009-07-06 05:43 . 2008-10-05 07:42 -------- d-----w- c:\documents and settings\Tommy lu\Application Data\Hamachi

2009-07-06 04:30 . 2006-09-26 07:11 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-07-03 17:09 . 2004-08-04 04:56 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-28 12:02 . 2009-06-28 12:01 -------- d-----w- c:\program files\PopCap Games

2009-06-28 12:01 . 2009-06-28 12:01 0 ----a-w- c:\windows\popcreg.dat

2009-06-28 12:01 . 2009-06-28 12:01 0 ----a-w- c:\windows\popcinfot.dat

2009-06-22 09:36 . 2008-05-13 08:44 -------- d-----w- c:\documents and settings\Tommy lu\Application Data\Vso

2009-06-22 07:45 . 2009-06-22 07:45 152576 ----a-w- c:\documents and settings\Tommy lu\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-06-21 10:44 . 2009-06-21 10:44 10134 ----a-r- c:\documents and settings\Tommy lu\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-06-21 10:44 . 2009-06-21 10:44 -------- d-----w- c:\program files\Microsoft WSE

2009-06-21 10:35 . 2009-06-21 10:35 -------- d-----w- c:\program files\Electronic Arts

2009-06-19 08:34 . 2007-02-02 20:54 -------- d-----w- c:\program files\EPSON Print CD

2009-06-19 07:30 . 2008-07-13 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk

2009-06-19 06:24 . 2008-05-13 08:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-06-19 06:24 . 2008-05-13 08:44 47360 ----a-w- c:\documents and settings\Tommy lu\Application Data\pcouffin.sys

2009-06-19 06:24 . 2008-05-13 08:44 47360 ----a-w- c:\documents and settings\Tommy lu\Application Data\pcouffin.sys

2009-06-19 06:23 . 2009-06-19 06:23 -------- d-----w- c:\program files\VSO

2009-06-18 06:09 . 2009-06-18 06:09 390664 ----a-w- c:\documents and settings\Tommy lu\Application Data\Real\RealPlayer\Update\realplayer11gold.exe

2009-06-17 11:24 . 2009-06-17 11:24 -------- d-----w- c:\documents and settings\Tommy lu\Application Data\MonkeyJam

2009-06-16 14:36 . 2009-03-24 05:19 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2009-03-24 05:19 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 12:16 . 2008-10-05 10:39 -------- d-----w- c:\program files\LeeGTs Games

2009-06-09 09:55 . 2009-04-05 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner

2009-06-09 09:54 . 2006-08-02 08:36 -------- d-----w- c:\documents and settings\Tommy lu\Application Data\DMCache

2009-06-09 09:29 . 2009-06-09 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii

2009-06-09 04:46 . 2008-10-07 11:27 -------- d-----w- c:\documents and settings\Tommy lu\Application Data\PlayFirst

2009-06-08 06:10 . 2006-06-09 08:56 -------- d-----w- c:\program files\DivX

2009-06-08 06:09 . 2009-06-08 02:18 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-06-08 03:01 . 2006-05-02 08:11 114328 ----a-w- c:\documents and settings\Tommy lu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-08 02:50 . 2009-06-08 02:50 -------- d-----w- c:\program files\Microsoft Works

2009-06-08 02:48 . 2009-06-08 02:48 -------- d-----w- c:\program files\Microsoft.NET

2009-06-08 02:14 . 2009-06-08 02:14 -------- d-----w- c:\program files\Common Files\xing shared

2009-06-08 02:14 . 2007-11-04 06:07 -------- d-----w- c:\program files\Common Files\Real

2009-06-08 02:12 . 2009-06-08 02:12 390664 ----a-w- c:\documents and settings\Tommy lu\Application Data\Real\RealPlayer\setup\AU_setup.exe

2009-06-08 02:07 . 2006-10-02 06:52 -------- d-----w- c:\program files\Sony Ericsson

2009-06-08 01:41 . 2006-07-10 09:18 -------- d-----w- c:\program files\QuickTime

2009-06-08 01:41 . 2006-07-10 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe

2009-06-03 19:09 . 2009-03-24 05:19 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-05-29 09:09 . 2009-06-25 08:23 65536 ----a-w- c:\documents and settings\Tommy lu\Application Data\Mozilla\Firefox\Profiles\z5zl44gb.Default User\extensions\{88c4479d-3515-4ca3-a805-27b920c3bf6d}\components\Engine.dll

2009-05-24 19:21 . 2009-05-24 19:21 219664 ----a-w- c:\windows\system32\klogon.dll

2009-05-24 19:18 . 2009-05-24 19:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat

2009-05-24 09:32 . 2009-05-24 09:31 854139 ----a-w- c:\documents and settings\Tommy lu\Application Data\Hide IP NG\hideipng-update.exe

2009-05-22 13:37 . 2006-05-01 05:55 5082624 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2009-05-21 09:16 . 2009-03-08 23:15 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-05-21 09:16 . 2009-03-08 23:15 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-05-21 04:01 . 2006-05-01 05:55 17881600 ----a-w- c:\windows\RTHDCPL.EXE

2009-05-16 10:59 . 2009-05-16 10:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2009-05-14 05:21 . 2009-04-30 11:32 36864 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2009-05-13 07:46 . 2008-04-30 06:06 31760 ----a-w- c:\windows\system32\drivers\klim5.sys

2009-05-10 04:57 . 2009-05-10 04:57 75 --sh--r- c:\windows\CT5PRET.BIN

2009-05-10 04:14 . 2009-05-10 04:14 24616 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2009-05-10 04:14 . 2009-05-10 04:14 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2009-05-10 04:14 . 2009-05-10 04:14 1107296 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2009-05-09 23:44 . 2006-05-01 06:16 29480 ----a-w- c:\windows\system32\msxml3a.dll

2009-05-09 23:44 . 2009-05-09 23:44 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{2B55AF83-017A-4C81-9324-D9D3255642A6}\PostBuild.exe

2009-05-09 23:44 . 2003-03-18 10:14 505128 ----a-w- c:\windows\system32\msvcp71.dll

2009-05-09 23:44 . 2003-02-20 18:42 353576 ----a-w- c:\windows\system32\msvcr71.dll

2009-05-07 15:32 . 2009-03-24 05:19 345600 ----a-w- c:\windows\system32\localspl.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2008-07-22 10:37 . 2008-07-22 10:37 2 --shatr- c:\windows\winstart.bat

2007-08-06 07:11 . 2007-07-05 02:55 56 --sh--r- c:\windows\system32\40559AC5FF.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-07-25_23.15.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-11 09:41 . 2009-07-11 09:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll

+ 2009-08-05 05:55 . 2009-08-05 05:55 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat

- 2007-08-13 07:54 . 2009-03-07 18:31 55296 c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 07:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll

+ 2009-08-02 04:36 . 2009-08-02 07:02 70264 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2004-08-04 04:56 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-04 04:56 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll

+ 2009-06-16 12:20 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll

- 2009-06-16 12:20 . 2009-04-30 21:22 12800 c:\windows\system32\dllcache\xpshims.dll

- 2008-12-14 02:37 . 2009-03-07 18:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-12-14 02:37 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2004-08-04 04:56 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2004-08-04 04:56 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2006-10-02 06:54 . 2006-10-02 06:54 69632 c:\windows\Installer\{7689CA7A-1270-425A-9959-EB4CB25EA29A}\NewShortcut9_868F30534A8B42D6843635496D350CD2.exe

+ 2009-08-03 10:05 . 2009-08-03 10:05 69632 c:\windows\Installer\{7689CA7A-1270-425A-9959-EB4CB25EA29A}\NewShortcut9_868F30534A8B42D6843635496D350CD2.exe

- 2006-10-02 06:54 . 2006-10-02 06:54 69632 c:\windows\Installer\{7689CA7A-1270-425A-9959-EB4CB25EA29A}\NewShortcut2_8C749723BA3040A094BDDED099FB1D3E.exe

+ 2009-08-03 10:05 . 2009-08-03 10:05 69632 c:\windows\Installer\{7689CA7A-1270-425A-9959-EB4CB25EA29A}\NewShortcut2_8C749723BA3040A094BDDED099FB1D3E.exe

+ 2009-08-02 00:25 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll

+ 2009-08-02 00:25 . 2009-03-07 18:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll

+ 2009-08-02 00:25 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll

- 2006-10-02 06:54 . 2006-10-02 06:54 3638 c:\windows\Installer\{7689CA7A-1270-425A-9959-EB4CB25EA29A}\ARPPRODUCTICON.exe

+ 2009-08-03 10:05 . 2009-08-03 10:05 3638 c:\windows\Installer\{7689CA7A-1270-425A-9959-EB4CB25EA29A}\ARPPRODUCTICON.exe

+ 2004-08-04 04:56 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll

- 2007-08-13 07:54 . 2009-03-07 18:32 594432 c:\windows\system32\msfeeds.dll

+ 2007-08-13 07:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll

+ 2008-03-25 03:21 . 2008-03-25 03:21 218496 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2009-08-05 05:55 . 2009-07-24 19:23 149280 c:\windows\system32\javaws.exe

+ 2009-08-05 05:55 . 2009-07-24 19:23 145184 c:\windows\system32\javaw.exe

+ 2009-08-05 05:55 . 2009-07-24 19:23 145184 c:\windows\system32\java.exe

+ 2004-08-04 04:56 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll

+ 2004-08-04 04:56 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 04:56 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe

- 2004-08-04 04:56 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe

+ 2004-08-04 04:56 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 04:56 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll

+ 2004-08-04 04:56 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll

- 2008-12-14 02:37 . 2009-03-07 18:32 594432 c:\windows\system32\dllcache\msfeeds.dll

+ 2008-12-14 02:37 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-06-16 12:20 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll

- 2009-06-16 12:20 . 2009-04-30 21:22 246272 c:\windows\system32\dllcache\ieproxy.dll

+ 2004-08-04 04:56 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2004-08-04 04:56 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll

+ 2004-08-04 04:56 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe

- 2004-08-04 04:56 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-08-03 02:40 . 2009-07-27 10:32 582175 c:\windows\Installer\SandboxieInstall.exe

+ 2009-08-02 00:24 . 2009-08-02 00:24 248832 c:\windows\Installer\35791b.msi

+ 2009-08-02 00:25 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll

+ 2009-08-02 00:25 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll

+ 2009-08-02 00:25 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe

+ 2009-08-02 00:25 . 2009-03-07 18:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll

+ 2009-08-02 00:25 . 2009-03-07 18:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll

+ 2009-08-02 00:25 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll

+ 2009-08-02 00:25 . 2009-03-07 18:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll

+ 2009-08-02 00:25 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll

+ 2009-08-02 00:25 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe

+ 2004-08-04 04:56 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll

+ 2004-08-04 04:56 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll

+ 2008-03-25 03:21 . 2008-03-25 03:21 2889088 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2007-08-13 07:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll

+ 2004-08-04 04:56 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 04:56 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll

+ 2008-12-14 02:37 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll

+ 2009-07-20 06:21 . 2009-07-20 06:21 1070592 c:\windows\Installer\6e856e.msp

+ 2009-08-02 00:25 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll

+ 2009-08-02 00:25 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll

+ 2009-08-02 00:25 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll

+ 2007-08-13 07:54 . 2009-07-19 08:48 11067392 c:\windows\system32\ieframe.dll

+ 2008-12-14 02:37 . 2009-07-19 08:48 11067392 c:\windows\system32\dllcache\ieframe.dll

+ 2009-08-02 00:25 . 2009-08-02 00:25 15705600 c:\windows\Installer\357922.msp

+ 2009-08-02 00:25 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo R210 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE" [2003-09-11 99840]

"SpeedConnectStartUp"="c:\program files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe" [2008-08-18 565760]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-04-19 3885408]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo R210 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE" [2003-09-11 99840]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-02-21 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-07-30 159744]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]

"Vistadrv"="c:\program files\Vista Drive Status\vsdrv.exe" [2006-07-29 121089]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]

"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-14 40960]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-05-21 17881600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-13 53760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 4:29 PM 33808]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/03/29 17:20];c:\program files\CyberLink\PowerDVD9\000.fcl [30/03/2009 5:53 PM 87536]

R2 Macro Expert;Macro Expert;c:\program files\GrassSoft\Mouse Recorder\MacroService.exe [14/05/2009 2:18 PM 206848]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [3/05/2009 6:31 PM 604488]

R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [11/09/2008 1:22 AM 229648]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 4:06 PM 31760]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 8:59 PM 19472]

R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [28/05/2009 11:32 PM 108032]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30/04/2009 9:32 PM 1684736]

S3 cpuz130;cpuz130;\??\c:\docume~1\TOMMYL~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\TOMMYL~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 Engine;Engine;\??\c:\documents and settings\Tommy lu\Desktop\qunpack21\QUnpack\Engine.sys --> c:\documents and settings\Tommy lu\Desktop\qunpack21\QUnpack\Engine.sys [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/05/2009 2:14 PM 13224]

S3 iMSPCLOj;iMSPCLOj; [x]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [22/07/2008 8:49 PM 30946]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-04-30 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 07:57]

2009-05-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 07:08]

2009-04-22 c:\windows\Tasks\NeroLiveEpgUpdate-TOMMY-4047AC0DB_Tommy-lu.job

- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-26 22:59]

2009-01-20 c:\windows\Tasks\Uniblue DiskRescue 2009.job

- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]

2009-08-05 c:\windows\Tasks\User_Feed_Synchronization-{F458CE8B-C346-4500-8BDA-E1B785E8E36F}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = about:blank

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = socks=

uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Open with &ZipScan

TCP: {EEA2637B-8CC5-4FEE-AACE-B15DB3CDBFE8} = 208.67.222.222,208.67.220.220

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

FF - ProfilePath - c:\documents and settings\Tommy lu\Application Data\Mozilla\Firefox\Profiles\z5zl44gb.Default User\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - component: c:\documents and settings\Tommy lu\Application Data\Mozilla\Firefox\Profiles\z5zl44gb.Default User\extensions\{88c4479d-3515-4ca3-a805-27b920c3bf6d}\components\Engine.dll

FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-05 16:03

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mchInjDrv]

"ImagePath"="\??\c:\windows\TEMP\mc22.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-861567501-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1D22F4F4-36A5-E941-6E78-568819933F38}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iabgpbflpfdmgjiedi"=hex:69,61,70,61,6a,6f,6e,68,63,6c,6b,67,6e,64,6d,65,6f,70,

00,00

"hahgfnkapclhgpbj"=hex:6b,61,66,6e,6e,6e,65,68,6b,6c,63,6e,6e,6f,69,6b,65,6a,

66,66,6b,67,00,7c

"iafdoncmehagbjjile"=hex:64,61,6b,6e,65,61,61,61,00,d0

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]

@DACL=(02 0000)

@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]

@DACL=(02 0000)

@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):17,36,01,b5,4c,b1,46,ef,b9,06,2d,27,e2,aa,fe,11,ad,af,66,d7,2f,

99,ac,ed,8d,14,03,13,9f,34,60,c2,95,8d,db,f3,80,00,d6,97,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7b5e4ffe-1690-407e-ac4d-bbc469bdf8a0}]

@Denied: (Full) (Everyone)

"Model"=dword:00000066

"Therad"=dword:0000000c

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,

df,1c,2f,3b,8a,0a,32,11,89,01,b5,39,49,36,51,23,61,78,fb,d2,0f,33,07,df,47,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):69,ff,aa,d1,cd,6a,0a,fe,2a,fe,66,ae,f6,f8,28,6f,7b,f6,76,be,b3,

15,2d,39,42,6b,af,29,46,5b,f4,1b,f1,61,9d,4f,e8,73,20,17,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d6b93cef-13a6-4708-b050-2ae7fc3ceda1}]

@Denied: (Full) (Everyone)

"Model"=dword:000000f2

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,84,3e,1a,26,9d,c8,02,2a,b9,f0,43,56,ff,e4,48,eb,ee,27,aa,60,37,86,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1480)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-08-05 16:07

ComboFix-quarantined-files.txt 2009-08-05 06:07

ComboFix2.txt 2009-07-25 23:24

Pre-Run: 97,535,193,088 bytes free

Post-Run: 97,482,387,456 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8

475 --- E O F --- 2009-08-02 00:25

Link to post
Share on other sites

No. My computer is completely normal. I haven't had any problems or caught any viruses this year. I am not running Sandboxie when I'm installing it. I did an experiment and remarkably, I could run Malwarebytes Anti-Malware if I ran and installed it in Sandboxed mode.

The code I used to manually register vbalsgrid6.ocx and ssubtmr6.dll was:

regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"

regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"

Link to post
Share on other sites

I know you were referred to the hot-fix page but 1.4 final is out now

I think they made changes between then and now, so try uninstalling the program

download the latest please, if you see the same ocx and dll error see if opening the program a second time produces the same error.

http://www.malwarebytes.org/mbam.php

If the errors are still present try copying (not move) both files to the windows folder

Any luck ?

Link to post
Share on other sites

  • Root Admin

Hello master131,

I'm back now and I'll go ahead and start to work with you on this again. Please try the following.

Disable your Anti-Virus and then please uninstall the current MBAM v1.40 and reboot, then download this installer that will modify all the registry and file locations to ensure that Administrators have full rights to these locations.

This is an older installer that your ID/KEY will not match. Do not try to enable the Protection Module

DO NOT check for updates. Just run the scanner as is if it will run. It will also create a random name shortcut to run it.

Then if this scanner works go ahead and run a quick scan and then uninstall it and reboot, then look in the main program folder and delete any left over files.

fixmbam.exe

Then once again try to install the latest version from here

Link to post
Share on other sites

  • Root Admin

It's probably not US English. You may have British or other English versions but that's not the same thing for some of these fixes.

Please wait and I'll get back with you on this. I think there is another tool that might help but its getting real later here now, almost 03:00

Link to post
Share on other sites

My cousin (he did some research) and he ran subinacl.exe and reset.cmd. It took ages but it finally finished. I re-installed MBAM and it came up with Run time error '0' and Run time error '440'. I ignored those and MBAM works now!

The link for subinacl.exe and reset.cmd can be found inside Reset_subinacl.zip.

You can get the file by registering on What The Tech, logging in and opening this link in a new tab.

Link to post
Share on other sites

I just did a quick scan. Here are the results:

Malwarebytes' Anti-Malware 1.40

Database version: 2584

Windows 5.1.2600 Service Pack 3

9/08/2009 10:23:03 PM

mbam-log-2009-08-09 (22-23-03).txt

Scan type: Quick Scan

Objects scanned: 101492

Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\meta4.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Tommy lu\Application Data\svighost.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

meta4.exe is not a virus. Super (A video convertor) creates it but it is flagged as a virus for some odd reason. svighost.dll is a FP. I have uploaded it to virus total and it is clean. Someone had me upload it last year because my userinit.exe was infected.

Link to post
Share on other sites

  • Root Admin

In your post #22

http://www.malwarebytes.org/forums/index.p...st&p=107861

That should be the exact same thing that I had you run from Microsoft in post #16 so not sure what would be different.

http://www.malwarebytes.org/forums/index.p...st&p=107054

Please disable your current Anti-Virus and run this Online AV scanner

Run Kaspersky Online AV Scanner

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

    [*]Click on My Computer under Scan and then put the kettle on!

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

Then run the DDS scan again when done with the above.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.