Jump to content

Umm Help plz


Madster

Recommended Posts

I recently purchased Defender Pro 2010 which has Malware Bytes. It came with a license for the programs. The problem is that I think a virus is deleting the mbam.exe file when i install Malware Bytes. I tried updating to a newer Malware Bytes but i cant use the license for some reason. Is there some way to get the mbam.exe 1.39 without the virus deleting it?

Link to post
Share on other sites

DDS (Ver_09-12-01.01) - NTFSx86

Run by Owner at 21:06:06.20 on Thu 12/03/2009

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1454 [GMT -8:00]

AV: Defender Pro Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: Defender Pro Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Common Files\Defender Pro\Defender Pro Update Service\livesrv.exe

C:\Program Files\Defender Pro\Defender Pro\vsserv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Defender Pro\Defender Pro\bdagent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\DNA\btdna.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\PROGRA~1\COMMON~1\AOL\125495~1\EE\AOLHOS~1.EXE

C:\Program Files\BigFix\bigfix.exe

C:\Program Files\GamersFirst\LIVE!\Live.exe

C:\Program Files\Defender Pro\Defender Pro\seccenter.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\COMMON~1\AOL\125495~1\EE\AOLServiceHost.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner.Manuels\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6927

uSearch Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6927

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6927

mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6927

mWinlogon: Shell=Explorer.exe logon.exe

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Defender Pro Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\defender pro\defender pro\IEToolbar.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [HostManager] c:\program files\common files\aol\1254950612\ee\AOLHostManager.exe

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [personalguard] c:\program files\personal guard 2009\personalguard.exe

mRun: [Defender Pro Antiphishing Helper] "c:\program files\defender pro\defender pro\IEShow.exe"

mRun: [DPAgent] "c:\program files\defender pro\defender pro\bdagent.exe"

mRun: [gawoviwin] Rundll32.exe "c:\windows\system32\kufubabe.dll",a

dRun: [Power2GoExpress] NA

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gamers~1.lnk - c:\program files\gamersfirst\live!\Live.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: {118F7F7D-5EA7-45C7-A33F-B125361E02E1} = 83.149.115.182

TCP: {14638966-F53F-44F3-93B9-3591FDB1BD18} = 83.149.115.182

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\fejuvizo.dll c:\windows\system32\vuyohasu.dll c:\windows\system32\wepejapu.dll c:\windows\system32\lulakodu.dll c:\windows\system32\suvatonu.dll c:\windows\system32\lelizomo.dll gadibure.dll c:\windows\system32\kufubabe.dll

SSODL: bimolijeb - {bb384c94-d13d-48a6-a865-2d4c99a7e695} -

SSODL: nevahoraf - {29f1b213-2450-4ce7-b85b-42d590aa25fe} -

SSODL: juresilal - {0b282c57-f94c-4af0-b9b7-b9cf208bb247} -

SSODL: fenukuval - {c11e37d5-8d46-4c8d-a4ec-2155f3aa0474} -

SSODL: buwevegiv - {ce925d02-2b7f-4b92-8592-a670014ccf9e} -

SSODL: digowezof - {043389f6-8eae-4e15-a33c-f6a86ef4fa55} -

SSODL: pejemikas - {f521f8c7-2324-4ff2-bc16-ce0718619387} -

SSODL: mepofogon - {ce8cc709-badb-497e-be6c-e0653ead99fb} - c:\windows\system32\wepejapu.dll

SSODL: hunuhises - {fa150700-8ead-4897-a28c-58474597b94f} - c:\windows\system32\suvatonu.dll

SSODL: torevudin - {25ddc0dd-4017-4da0-acf9-9d9aab2b81b9} - c:\windows\system32\suvatonu.dll

SSODL: yeleyozap - {3a9ed0bc-d8cc-44f4-b279-1e0309f6162d} - c:\windows\system32\suvatonu.dll

SSODL: mefuzebok - {702a371f-fcc6-497a-9d34-263e436be379} - c:\windows\system32\suvatonu.dll

SSODL: selirufaz - {b85305ae-7175-49bb-b81a-cbc3ec8057d3} - c:\windows\system32\suvatonu.dll

SSODL: zowojaged - {215c71c9-1623-48cc-a1b0-e4fb8727d129} - c:\windows\system32\lelizomo.dll

SSODL: kigeyipos - {f3300143-dc86-49fb-8ea3-e7bf9f9c5f1b} - c:\windows\system32\lelizomo.dll

SSODL: wejarikef - {09f38904-3c63-4f33-8293-6b668cc9fcf8} - c:\windows\system32\kufubabe.dll

STS: {bb384c94-d13d-48a6-a865-2d4c99a7e695}: gahurihor

STS: {29f1b213-2450-4ce7-b85b-42d590aa25fe}: mujuzedij

STS: {0b282c57-f94c-4af0-b9b7-b9cf208bb247}: kupuhivus

STS: {c11e37d5-8d46-4c8d-a4ec-2155f3aa0474}: mujuzedij

STS: {ce925d02-2b7f-4b92-8592-a670014ccf9e}: kupuhivus

STS: {043389f6-8eae-4e15-a33c-f6a86ef4fa55}: gahurihor

STS: {f521f8c7-2324-4ff2-bc16-ce0718619387}: mujuzedij

STS: mujuzedij: {ce8cc709-badb-497e-be6c-e0653ead99fb} - c:\windows\system32\wepejapu.dll

STS: kupuhivus: {fa150700-8ead-4897-a28c-58474597b94f} - c:\windows\system32\suvatonu.dll

STS: jugezatag: {25ddc0dd-4017-4da0-acf9-9d9aab2b81b9} - c:\windows\system32\suvatonu.dll

STS: mujuzedij: {3a9ed0bc-d8cc-44f4-b279-1e0309f6162d} - c:\windows\system32\suvatonu.dll

STS: mujuzedij: {702a371f-fcc6-497a-9d34-263e436be379} - c:\windows\system32\suvatonu.dll

STS: mujuzedij: {b85305ae-7175-49bb-b81a-cbc3ec8057d3} - c:\windows\system32\suvatonu.dll

STS: jugezatag: {215c71c9-1623-48cc-a1b0-e4fb8727d129} - c:\windows\system32\lelizomo.dll

STS: gahurihor: {f3300143-dc86-49fb-8ea3-e7bf9f9c5f1b} - c:\windows\system32\lelizomo.dll

STS: mujuzedij: {09f38904-3c63-4f33-8293-6b668cc9fcf8} - c:\windows\system32\kufubabe.dll

LSA: Notification Packages = scecli yobiseha.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.man\applic~1\mozilla\firefox\profiles\srep8is7.default\

FF - component: c:\program files\mozilla firefox\components\FFComm.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 152328]

R3 bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-7-9 110728]

S3 Arrakis3;Defender Pro Arrakis Server;c:\program files\common files\defender pro\defender pro arrakis server\bin\arrakis3.exe [2009-6-25 183880]

S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\u_sf\gameguard\dump_wmimmc.sys --> c:\ijji\english\u_sf\gameguard\dump_wmimmc.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 XDva300;XDva300;\??\c:\windows\system32\xdva300.sys --> c:\windows\system32\XDva300.sys [?]

=============== Created Last 30 ================

2009-12-03 04:17:26 91648 ----a-w- c:\windows\system32\kufubabe.dll

2009-11-30 06:43:28 376 ----a-w- c:\documents and settings\owner.manuels\Application Dataprivacy.xml

2009-11-29 06:41:05 82944 ---h-tw- c:\windows\system32\c7163f6.dll

2009-11-29 06:41:05 82944 ---h-tw- c:\windows\system32\b28f2f1.dll

2009-11-29 06:41:05 165 ----a-w- c:\windows\system32\msexcr.ini

2009-11-29 06:40:04 82944 ---h-tw- c:\windows\system32\63bfba0.dll

2009-11-29 06:40:04 82944 ---h-tw- c:\windows\system32\14737cd6.dll

2009-11-28 21:45:25 850 ----a-w- c:\documents and settings\owner.manuels\Application DataProductTweaks.xml

2009-11-28 21:45:25 385 ----a-w- c:\documents and settings\owner.manuels\Application Datauser_gensett.xml

2009-11-28 21:26:01 0 d-----w- c:\windows\system32\PreInstall

2009-11-28 21:22:52 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-11-28 09:43:37 0 --sh--w- c:\windows\system32\gigazayu.dll

2009-11-28 08:22:01 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll

2009-11-28 08:22:00 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll

2009-11-28 08:22:00 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll

2009-11-28 08:22:00 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll

2009-11-28 08:22:00 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll

2009-11-28 08:22:00 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll

2009-11-28 08:21:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-11-28 08:04:03 4 ----a-w- c:\windows\system32\aspdict-en.dat

2009-11-28 08:04:03 16 ----a-w- c:\windows\system32\asdict.dat

2009-11-28 08:04:03 0 ----a-w- c:\windows\system32\ab_bl.sig

2009-11-28 08:04:03 0 ----a-w- C:\pcwords2.dat

2009-11-28 08:04:03 0 ----a-w- C:\pcwords.dat

2009-11-28 08:04:03 0 ----a-w- C:\pcconf.ini

2009-11-28 08:04:03 0 ----a-w- C:\pc_sign.slf

2009-11-28 07:55:53 0 d-----w- c:\windows\system32\SoftwareDistribution

2009-11-28 07:45:21 132 ----a-w- c:\windows\system32\rezumatenoi.dat

2009-11-28 06:54:22 850 ----a-w- c:\windows\system32\ProductTweaks.xml

2009-11-28 06:54:22 385 ----a-w- c:\windows\system32\user_gensett.xml

2009-11-28 06:53:55 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender

2009-11-28 06:52:21 3120 ----a-w- c:\windows\system32\Q7CF5GRB.ocx

2009-11-28 06:52:21 3120 ----a-w- c:\windows\HMHS4FFF.ocx

2009-11-28 06:52:05 0 d-----w- c:\docume~1\owner~1.man\applic~1\Defender Pro

2009-11-28 06:51:34 0 d-----w- c:\program files\Defender Pro

2009-11-28 06:51:34 0 d-----w- c:\program files\common files\Defender Pro

2009-11-28 06:51:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Defender Pro

2009-11-28 06:50:59 0 d-----w- c:\program files\common files\BitDefender

2009-11-28 05:41:31 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-11-28 05:41:28 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-11-27 23:14:39 0 d-sh--w- C:\found.000

2009-11-26 06:35:21 92160 --sh--w- c:\windows\system32\zifewiba.dll

2009-11-26 06:34:53 38912 --sh--w- c:\windows\system32\nubamiko.dll

2009-11-23 21:31:44 82944 ---h-tw- c:\windows\system32\bd75b0.dll

2009-11-23 21:31:44 82944 ---h-tw- c:\windows\system32\17590d0e.dll

2009-11-23 21:29:50 38400 --sh--w- c:\windows\system32\guyuzera.dll

2009-11-22 04:22:37 444776 ----a-w- c:\windows\system32\d3dx10_35.dll

2009-11-22 04:22:37 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll

2009-11-22 04:22:36 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2009-11-22 04:22:35 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2009-11-22 04:22:23 0 d-----w- c:\windows\Logs

2009-11-22 03:27:53 0 d-----w- c:\program files\DNA

2009-11-22 03:27:53 0 d-----w- c:\docume~1\owner~1.man\applic~1\DNA

2009-11-22 03:27:52 0 d-----w- c:\program files\GamersFirst

2009-11-22 02:18:52 82944 ---h-tw- c:\windows\system32\93b6870.dll

2009-11-22 02:18:52 82944 ---h-tw- c:\windows\system32\306cd857.dll

2009-11-22 02:18:20 82944 ---h-tw- c:\windows\system32\1aef43f4.dll

2009-11-22 02:18:20 82944 ---h-tw- c:\windows\system32\162ba80.dll

2009-11-20 03:40:48 82944 ---h-tw- c:\windows\system32\8adb8.dll

2009-11-20 03:40:48 82944 ---h-tw- c:\windows\system32\34be2d0.dll

2009-11-19 05:07:56 82944 ---h-tw- c:\windows\system32\222f9fe5.dll

2009-11-19 05:07:56 82944 ---h-tw- c:\windows\system32\1913b30.dll

2009-11-18 03:13:59 82944 ---h-tw- c:\windows\system32\a141a58.dll

2009-11-18 03:13:59 82944 ---h-tw- c:\windows\system32\22267368.dll

2009-11-16 06:46:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Nexon

2009-11-16 05:21:39 82944 ---h-tw- c:\windows\system32\582558.dll

2009-11-16 05:21:39 82944 ---h-tw- c:\windows\system32\35cb28a9.dll

2009-11-15 19:59:36 82944 ---h-tw- c:\windows\system32\9bb90a.dll

2009-11-15 19:59:36 82944 ---h-tw- c:\windows\system32\17df39ae.dll

2009-11-12 21:14:24 0 d-----w- c:\program files\Redbana

2009-11-12 05:39:11 82944 ---h-tw- c:\windows\system32\17d08d60.dll

2009-11-12 05:39:11 82944 ---h-tw- c:\windows\system32\11a89f4.dll

2009-11-12 02:16:16 0 d-----w- c:\windows\system32\Adobe

2009-11-11 06:13:46 82944 ---h-tw- c:\windows\system32\4896725.dll

2009-11-11 06:13:46 82944 ---h-tw- c:\windows\system32\2d181734.dll

2009-11-09 19:41:19 82944 ---h-tw- c:\windows\system32\62784dd.dll

2009-11-09 19:41:19 82944 ---h-tw- c:\windows\system32\5d3fcb8.dll

2009-11-09 04:17:14 82944 ---h-tw- c:\windows\system32\d5bf9f0.dll

2009-11-09 04:17:14 82944 ---h-tw- c:\windows\system32\1fd8adc3.dll

2009-11-08 02:26:11 82944 ---h-tw- c:\windows\system32\9f59a21.dll

2009-11-08 02:26:11 82944 ---h-tw- c:\windows\system32\18bce104.dll

2009-11-07 05:45:32 0 d-----w- c:\docume~1\owner~1.man\applic~1\Malwarebytes

2009-11-07 05:42:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-07 05:42:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-11-07 05:42:11 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-07 05:42:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-06 01:15:03 82944 ---h-tw- c:\windows\system32\d48b33d.dll

2009-11-06 01:15:03 82944 ---h-tw- c:\windows\system32\3656136.dll

2009-11-05 00:04:20 82944 ---h-tw- c:\windows\system32\e2ca2f2.dll

2009-11-05 00:04:20 82944 ---h-tw- c:\windows\system32\136c7920.dll

==================== Find3M ====================

2009-11-28 07:45:06 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys

2009-11-28 07:45:05 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys

2009-11-28 07:40:27 110728 ----a-w- c:\windows\system32\drivers\bdfndisf.sys

2009-11-01 02:40:00 38352 ----a-w- c:\windows\regred.exe

2009-11-01 02:39:59 51197 ----a-w- c:\windows\spoov.exe

2009-11-01 02:39:59 47872 ----a-w- c:\windows\certsystem.exe

2009-11-01 02:39:59 33149 ----a-w- c:\windows\usexplorer.exe

2009-11-01 02:39:59 28320 ----a-w- c:\windows\securits.com

2009-11-01 02:39:59 18941 ----a-w- c:\windows\microsoftdef.dll

2009-10-26 05:01:53 0 ----a-w- c:\docume~1\owner~1.man\applic~1\wklnhst.dat

2009-10-26 03:05:39 139759 ----a-w- c:\windows\hpoins15.dat

2009-10-24 05:11:21 6126 ----a-w- c:\windows\BricoPackFoldersDelete.cmd

2009-10-24 05:11:21 53731 ----a-w- c:\windows\BricoPackUninst.cmd

2009-10-24 04:49:56 218624 ----a-w- c:\windows\system32\uxtheme.dll

2009-10-07 21:35:10 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-10-07 21:24:11 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys

2009-08-09 18:32:07 38400 --sha-w- c:\windows\sokazoya.dll

2009-08-22 04:34:31 38400 --sha-w- c:\windows\system32\bedihidu.dll

2009-08-19 02:52:30 37888 --sha-w- c:\windows\system32\biyuhepe.dll

2009-08-20 03:38:08 52736 --sha-w- c:\windows\system32\dazetaha.dll

2009-08-26 23:39:56 52224 --sha-w- c:\windows\system32\demayoha.dll

2009-08-02 07:28:24 89088 --sha-w- c:\windows\system32\dileloso.dll

2009-08-16 19:58:47 38400 --sha-w- c:\windows\system32\dinibafi.dll

2009-08-13 05:31:43 38912 --sha-w- c:\windows\system32\diwuzisi.dll

2009-08-01 02:43:55 183296 --sha-w- c:\windows\system32\dujujewo.dll

2009-08-15 00:13:55 39424 --sha-w- c:\windows\system32\fuhaleke.dll

2009-08-30 06:44:04 51712 --sha-w- c:\windows\system32\gadibure.dll

2009-08-04 23:59:36 38400 --sha-w- c:\windows\system32\guhegesi.dll

2009-08-28 21:40:56 38400 --sha-w- c:\windows\system32\guvutoho.dll

2009-09-04 04:58:26 61952 --sha-w- c:\windows\system32\haditapo.dll

2009-08-07 22:52:22 38912 --sha-w- c:\windows\system32\henemate.dll

2009-08-26 06:34:22 37888 --sha-w- c:\windows\system32\hutikovu.dll

2009-08-02 20:23:49 89600 --sha-w- c:\windows\system32\jepayala.dll

2009-08-12 01:54:12 89600 --sha-w- c:\windows\system32\jeribejo.dll

2009-08-26 23:39:56 38400 --sha-w- c:\windows\system32\jimekaju.dll

2009-08-07 05:54:01 90112 --sha-w- c:\windows\system32\jobobuwi.dll

2009-08-05 23:55:45 89088 --sha-w- c:\windows\system32\jumidani.dll

2009-08-09 04:49:27 38912 --sha-w- c:\windows\system32\kunuzavi.dll

2009-08-15 19:58:18 51712 --sha-w- c:\windows\system32\lekefoji.dll

2009-08-08 16:48:58 38912 --sha-w- c:\windows\system32\litikusi.dll

2009-08-02 07:28:24 38400 --sha-w- c:\windows\system32\livukafa.dll

2009-08-15 00:13:55 51712 --sha-w- c:\windows\system32\majubilu.dll

2009-08-12 01:54:12 52736 --sha-w- c:\windows\system32\malaruwo.dll

2009-08-10 06:32:01 37888 --sha-w- c:\windows\system32\nanulote.dll

2009-08-20 03:38:08 43520 --sha-w- c:\windows\system32\nevorefa.dll

2009-08-09 04:49:27 89088 --sha-w- c:\windows\system32\nijufagi.dll

2009-08-05 23:55:45 37888 --sha-w- c:\windows\system32\nunoloje.dll

2009-08-01 19:27:55 51712 --sha-w- c:\windows\system32\pasagami.dll

2009-08-01 02:43:55 87040 --sha-w- c:\windows\system32\pefeveli.dll

2009-08-16 07:58:35 38400 --sha-w- c:\windows\system32\petolahu.dll

2009-08-28 21:40:56 91648 --sha-w- c:\windows\system32\pokitiwi.dll

2009-08-07 05:38:03 38912 --sha-w- c:\windows\system32\rawuyona.dll

2009-08-01 19:27:55 88064 --sha-w- c:\windows\system32\reboyuti.dll

2009-08-20 03:38:09 38912 --sha-w- c:\windows\system32\regizogu.dll

2009-08-21 04:14:29 38400 --sha-w- c:\windows\system32\renazuvi.dll

2009-08-20 03:38:08 91648 --sha-w- c:\windows\system32\rinokulo.dll

2009-08-30 06:44:04 51712 --sha-w- c:\windows\system32\romekaye.dll

2009-08-15 19:58:18 38400 --sha-w- c:\windows\system32\sapawoma.dll

2009-08-12 17:31:35 38400 --sha-w- c:\windows\system32\tenagoki.dll

2009-08-04 04:14:18 38912 --sha-w- c:\windows\system32\tepidike.dll

2009-08-10 06:32:01 89088 --sha-w- c:\windows\system32\tihaduza.dll

2009-08-30 06:43:24 38912 --sha-w- c:\windows\system32\tijezaze.dll

2009-08-12 01:54:12 37888 --sha-w- c:\windows\system32\tunayiri.dll

2009-08-07 05:38:03 90112 --sha-w- c:\windows\system32\tupuzeme.dll

2009-08-21 16:34:18 38912 --sha-w- c:\windows\system32\vawopijo.dll

2009-08-23 21:29:23 34816 --sha-w- c:\windows\system32\volorume.dll

2009-08-30 06:43:24 51712 --sha-w- c:\windows\system32\vumeburi.dll

2009-08-07 05:54:01 38912 --sha-w- c:\windows\system32\wanisupa.dll

2009-08-11 06:12:38 90112 --sha-w- c:\windows\system32\wavoyolu.dll

2009-08-11 06:12:38 38400 --sha-w- c:\windows\system32\wefeyubi.dll

2009-08-02 20:23:49 37888 --sha-w- c:\windows\system32\wigenupa.dll

2009-08-23 21:29:21 45056 --sha-w- c:\windows\system32\yigekote.dll

2009-08-30 06:44:04 51712 --sha-w- c:\windows\system32\yobiseha.dll

2009-08-30 06:43:25 91648 --sha-w- c:\windows\system32\yugutoyi.dll

2009-09-04 04:58:25 38400 --sha-w- c:\windows\system32\zebelivu.dll

2009-08-26 06:34:22 45568 --sha-w- c:\windows\system32\zekuboli.dll

============= FINISH: 21:07:40.84 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/7/2009 3:04:27 PM

System Uptime: 12/3/2009 8:57:22 PM (1 hours ago)

Motherboard: Gateway | |

Processor: Genuine Intel® CPU T2250 @ 1.73GHz | uFCPGA2 | 1729/533mhz

Processor: Genuine Intel® CPU T2250 @ 1.73GHz | uFCPGA2 | 1729/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 54 GiB total, 22.955 GiB free.

D: is FIXED (FAT32) - 4 GiB total, 0.968 GiB free.

E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/7/2009 3:04:32 PM - System Checkpoint

RP2: 10/7/2009 7:37:18 PM - Installed MapleStory.

RP3: 10/10/2009 6:17:14 PM - System Checkpoint

RP4: 10/10/2009 11:04:28 PM - Installed Soldier Front

RP5: 10/11/2009 9:55:36 PM - Installed ijji REACTOR

RP6: 10/23/2009 4:57:43 PM - System Checkpoint

RP7: 10/23/2009 10:10:00 PM - BricoPack Automatic Restore Point

RP8: 10/25/2009 6:57:55 PM - Installed HPSU306Stub

RP9: 11/12/2009 11:43:19 AM - System Checkpoint

RP10: 11/12/2009 1:14:24 PM - Installed Audition

RP11: 11/15/2009 6:44:59 PM - System Checkpoint

RP12: 11/18/2009 7:40:55 PM - System Checkpoint

RP13: 11/21/2009 8:22:32 PM - Installed DirectX

RP14: 11/27/2009 10:51:26 PM - Installed Defender Pro 5-in-1

RP15: 11/28/2009 1:23:42 PM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0

Adobe Shockwave Player 11.5

AIO_Scan

America Online (Choose which version to remove)

AOL Coach Version 2.0(Build:20041026.5 en)

AOL Connectivity Services

AOL You've Got Pictures Screensaver

Audition

BigFix

Browser Address Error Redirector

BufferChm

C4200

C4200_doccd

c4200_Help

Combat Arms

Copy

CustomerResearchQFolder

Defender Pro 5-in-1

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DFOLauncher

DNA

DocProc

DocProcQFolder

DVD Solution

eSupportQFolder

GamersFirst LIVE!

Google Desktop

Google Toolbar for Internet Explorer

gtw_logo

High Definition Audio Driver Package - KB888111

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 10 (KB910393)

Hotfix for Windows XP (KB888795)

Hotfix for Windows XP (KB891593)

Hotfix for Windows XP (KB893357)

Hotfix for Windows XP (KB895953)

Hotfix for Windows XP (KB895961)

Hotfix for Windows XP (KB896256)

Hotfix for Windows XP (KB899337)

Hotfix for Windows XP (KB899510)

Hotfix for Windows XP (KB902841)

Hotfix for Windows XP (KB910728)

Hotfix for Windows XP (KB912024)

Hotfix for Windows XP (KB914906)

HP Customer Participation Program 9.0

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Smart Web Printing

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

ijji REACTOR

Intel Matrix Storage Manager

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

J2SE Runtime Environment 5.0 Update 2

Malwarebytes' Anti-Malware

MapleStory

MarketResearch

mCore

mDriver

mDrWiFi

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Starter Edition 2006

Microsoft Digital Image Starter Edition 2006 Editor

Microsoft Digital Image Starter Edition 2006 Library

Microsoft Money 2006

Microsoft Office Standard Edition 2003

Microsoft Works

mIWA

mLogView

mMHouse

Motorola SM56 Data Fax Modem

Mozilla Firefox (3.5.5)

mPfMgr

mPfWiz

mProSafe

mWlsSafe

mXML

mZConfig

Napster

Napster Burn Engine

Pando Media Booster

Personal Guard 2009

Power2Go 4.0

PowerDVD

PS_AIO_ProductContext

PS_AIO_Software

PS_AIO_Software_min

PSSWCORE

Pure Networks Port Magic

QuickTime

RealPlayer Basic

Recovery Software Suite Gateway

Scan

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB973354)

SigmaTel Audio

Soldier Front

SolutionCenter

Sonic Encoders

Status

Synaptics Pointing Device Driver

System Requirements Lab

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

Toolbox

TrayApp

UnloadSupport

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB910437)

Update for Windows XP (KB912945)

Update Rollup 2 for Windows XP Media Center Edition 2005

VideoToolkit01

Viewpoint Media Player

War Rock

WebFldrs XP

WebReg

Windows Backup Utility

Windows Genuine Advantage Validation Tool

Windows Installer 3.1 (KB893803)

Windows Media Format Runtime

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888239

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Media Center Edition 2005 KB914548

Windows XP Media Center Edition 2005 KB973768

WinRAR archiver

==== Event Viewer Messages From Past Week ========

12/3/2009 8:58:29 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86333 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.73:123->207.46.232.182:123) is working properly.

11/29/2009 4:25:27 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86331 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.73:123->207.46.232.182:123) is working properly.

11/29/2009 10:43:09 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86330 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.73:123->207.46.232.182:123) is working properly.

11/28/2009 12:19:58 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).

11/28/2009 12:19:58 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

11/28/2009 12:19:58 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

11/28/2009 12:19:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde

11/28/2009 12:18:42 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/28/2009 1:38:20 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86330 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.73:123->207.46.197.32:123) is working properly.

11/27/2009 10:54:48 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

11/27/2009 10:51:34 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .

11/27/2009 10:51:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI8B.tmp. Reference error message: The operation completed successfully. .

11/27/2009 10:51:34 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

11/27/2009 1:54:29 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 2 time(s).

11/27/2009 1:54:13 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

11/27/2009 1:52:20 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

11/27/2009 1:40:07 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86329 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.73:123->207.46.197.32:123) is working properly.

==== End Of File ===========================

Umm i think this is the stuff o.O

Link to post
Share on other sites

Hi again,

DNA

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs. If you aren't going to uninstall you still have to make sure none of P2P file sharing programs is running while this cleaning process is not ready.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.