Jump to content

seams to install but doesn't run mbam.exe


Recommended Posts

I can't download Malware just times out. I downloaded it to another machine and copied it to my machine and tried to install it appeared to install but it will not run.

Thanks for any help

Dave Wallis

DDS text

DDS (Ver_09-07-30.01) - NTFSx86

Run by Dave at 18:39:39.39 on Thu 08/06/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.429 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

e:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Brownie\Brnipmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Qualcomm\Eudora\Eudora.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Webroot\WebrootSecurity\SSU.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Dave\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: My Web Search Bar BHO: {8eab99c1-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL

BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: WeatherBug Browser Bar - powered by MyWebSearch: {8eab99c9-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll

TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [Weather] "c:\program files\aws\weatherbug\Weather.exe" 1

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"

mRun: [NBKeyScan] "c:\program files\nero\nero backitup 4\NBKeyScan.exe"

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [Carbonite Backup] "c:\program files\carbonite\carbonite backup\CarboniteUI.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [brStsWnd] "c:\program files\brownie\BrstsWnd.exe" Autorun

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [spySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\colorv~1.lnk - e:\program files\pantone colorvision\startup\ColorVisionStartup.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe

uPolicies-explorer: <NO NAME> =

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: fredmiranda.com\www

Trusted Zone: microsoft.com\update

Trusted Zone: youtube.com\www

DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} - hxxp://www.walbridgehome.biz/pw/mpsPwLc7.CAB

DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab

DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167188626968

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://upload.smugmug.com/photos/activex/ImageUploader4-072507.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll

Notify: 3c57d54e648 - c:\windows\system32\dpnhpast32.dll

AppInit_DLLs: c:\windows\system32\dpnhpast32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: {747e1fbe-b70f-441d-bbca-6e536c04924a} - No File

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\487quq34.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/home.html

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\documents and settings\dave\application data\mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPMySrWB.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-5-6 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-5-6 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-5-6 482352]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090730.003\IDSXpx86.sys [2009-7-30 276344]

R1 SMBus;Intel® SMBus Driver;c:\windows\system32\drivers\smbus.sys [2006-12-26 11520]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-24 935208]

R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-5-6 115560]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-3-1 603904]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-21 24652]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-7-25 1205760]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-6 101936]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090806.006\NAVENG.SYS [2009-8-6 87888]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090806.006\NAVEX15.SYS [2009-8-6 875728]

S2 gupdate1c9bc498a7e468;Google Update Service (gupdate1c9bc498a7e468);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]

S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-17 33752]

=============== Created Last 30 ================

2009-08-06 18:35 <DIR> --d----- c:\program files\Trend Micro

2009-08-06 18:24 <DIR> --dsh--- c:\windows\system32\SystemX86

2009-08-05 17:12 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-05 17:12 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-08-05 17:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-08-05 17:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-08-04 21:39 <DIR> --d----- c:\program files\ThreatExpert Memory Scanner

2009-07-28 13:11 0 a------- c:\windows\system32\40.tmp

2009-07-28 13:11 0 a------- c:\windows\system32\3F.tmp

2009-07-25 17:41 <DIR> --d----- c:\program files\Ask.com

2009-07-25 17:39 1,563,008 a------- c:\windows\WRSetup.dll

2009-07-25 17:39 <DIR> --d----- c:\docume~1\dave\applic~1\Webroot

2009-07-25 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot

2009-07-25 14:02 <DIR> --d----- c:\program files\MSSOAP

2009-07-25 14:02 <DIR> --d----- c:\program files\Webroot

2009-07-25 14:02 164 a------- c:\windows\install.dat

2009-07-23 01:39 0 a------- c:\windows\system32\18DC.tmp

2009-07-23 01:39 0 a------- c:\windows\system32\18DB.tmp

2009-07-21 19:10 615 a------- c:\windows\system32\ftOouBk3qeiP2wX.vbs

2009-07-21 19:10 57 a------- C:\xcrashdump.dat

2009-07-21 19:09 615 a------- c:\windows\system32\z4vTd8H.vbs

2009-07-21 19:08 615 a------- c:\windows\system32\cktnKCa.vbs

2009-07-21 19:06 615 a------- c:\windows\system32\4yX3icUOHZwdF.vbs

2009-07-21 19:05 615 a------- c:\windows\system32\wBfIZ.vbs

2009-07-21 18:55 615 a------- c:\windows\system32\zpkruToNwO27C.vbs

2009-07-21 18:36 615 a------- c:\windows\system32\8wbHt.vbs

2009-07-21 18:35 17,988 a------- c:\windows\GnuHashes.ini

2009-07-21 18:34 615 a------- c:\windows\system32\QfK2D9y.vbs

2009-07-21 18:34 615 a------- c:\windows\system32\wXsKLVzHC18ls6S.vbs

2009-07-21 18:33 615 a------- c:\windows\system32\hIALCKcj9MzdA.vbs

2009-07-21 18:31 615 a------- c:\windows\system32\pXWqHpbS1NG2NSc.vbs

2009-07-21 18:23 615 a------- c:\windows\system32\dFnw9uuNrFXy6.vbs

2009-07-21 18:20 557 a--sh--- c:\windows\system32\GroupPolicy000.dat

2009-07-21 18:19 120,832 a------- c:\windows\system32\dpnhpast32.dll

2009-07-21 18:19 615 a------- c:\windows\system32\fZXzu.vbs

2009-07-16 21:07 2,297,552 a------- c:\windows\system32\d3dx9_26.dll

==================== Find3M ====================

2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll

2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll

2009-05-29 18:27 2 ----h--- C:\time32.sys

2009-05-29 18:27 442 ----h--- C:\date.sys

2009-02-04 21:49 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT

2008-10-26 11:06 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT

2008-06-12 15:14 0 a------- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT

2008-05-29 21:54 0 a------- c:\docume~1\alluse~1\applic~1\PKP_DLbz.DAT

2006-12-30 14:42 0 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLea.DAT

2008-09-04 17:21 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 18:42:22.71 ===============

attach.zip

attach.zip

Link to post
Share on other sites

  • Staff

Hi,

I have a bad feeling here..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

  • Staff

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.