Madster Posted November 27, 2009 ID:162904 Share Posted November 27, 2009 I recently purchased Defender Pro 2010 which has Malware Bytes. It came with a license for the programs. The problem is that I think a virus is deleting the mbam.exe file when i install Malware Bytes. I tried updating to a newer Malware Bytes but i cant use the license for some reason. Is there some way to get the mbam.exe 1.39 without the virus deleting it? Link to post Share on other sites More sharing options...
Blade81 Posted November 30, 2009 ID:164073 Share Posted November 30, 2009 Hi,Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt[*]Save both reports to your desktop. Post them back to your topic. Link to post Share on other sites More sharing options...
Madster Posted December 3, 2009 Author ID:165494 Share Posted December 3, 2009 DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 21:06:06.20 on Thu 12/03/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1454 [GMT -8:00]AV: Defender Pro Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}FW: Defender Pro Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Common Files\Defender Pro\Defender Pro Update Service\livesrv.exeC:\Program Files\Defender Pro\Defender Pro\vsserv.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\Intel\Wireless\Bin\RegSrvc.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\WINDOWS\stsystra.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Defender Pro\Defender Pro\bdagent.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Pando Networks\Media Booster\PMB.exeC:\Program Files\DNA\btdna.exeC:\WINDOWS\system32\igfxsrvc.exeC:\PROGRA~1\COMMON~1\AOL\125495~1\EE\AOLHOS~1.EXEC:\Program Files\BigFix\bigfix.exeC:\Program Files\GamersFirst\LIVE!\Live.exeC:\Program Files\Defender Pro\Defender Pro\seccenter.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\PROGRA~1\COMMON~1\AOL\125495~1\EE\AOLServiceHost.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Owner.Manuels\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uSearch Bar = hxxp://www.google.com/ieuStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6927uSearch Page = hxxp://www.google.commDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6927mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6927mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6927mWinlogon: Shell=Explorer.exe logon.exeBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dllBHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dllBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dllBHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Defender Pro Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\defender pro\defender pro\IEToolbar.dllEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exeuRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"mRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [HostManager] c:\program files\common files\aol\1254950612\ee\AOLHostManager.exemRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXEmRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [sigmatelSysTrayApp] stsystra.exemRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exemRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstallmRun: [personalguard] c:\program files\personal guard 2009\personalguard.exemRun: [Defender Pro Antiphishing Helper] "c:\program files\defender pro\defender pro\IEShow.exe"mRun: [DPAgent] "c:\program files\defender pro\defender pro\bdagent.exe"mRun: [gawoviwin] Rundll32.exe "c:\windows\system32\kufubabe.dll",adRun: [Power2GoExpress] NAStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gamers~1.lnk - c:\program files\gamersfirst\live!\Live.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dllIE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: {118F7F7D-5EA7-45C7-A33F-B125361E02E1} = 83.149.115.182TCP: {14638966-F53F-44F3-93B9-3591FDB1BD18} = 83.149.115.182Notify: igfxcui - igfxdev.dllAppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\fejuvizo.dll c:\windows\system32\vuyohasu.dll c:\windows\system32\wepejapu.dll c:\windows\system32\lulakodu.dll c:\windows\system32\suvatonu.dll c:\windows\system32\lelizomo.dll gadibure.dll c:\windows\system32\kufubabe.dllSSODL: bimolijeb - {bb384c94-d13d-48a6-a865-2d4c99a7e695} - SSODL: nevahoraf - {29f1b213-2450-4ce7-b85b-42d590aa25fe} - SSODL: juresilal - {0b282c57-f94c-4af0-b9b7-b9cf208bb247} - SSODL: fenukuval - {c11e37d5-8d46-4c8d-a4ec-2155f3aa0474} - SSODL: buwevegiv - {ce925d02-2b7f-4b92-8592-a670014ccf9e} - SSODL: digowezof - {043389f6-8eae-4e15-a33c-f6a86ef4fa55} - SSODL: pejemikas - {f521f8c7-2324-4ff2-bc16-ce0718619387} - SSODL: mepofogon - {ce8cc709-badb-497e-be6c-e0653ead99fb} - c:\windows\system32\wepejapu.dllSSODL: hunuhises - {fa150700-8ead-4897-a28c-58474597b94f} - c:\windows\system32\suvatonu.dllSSODL: torevudin - {25ddc0dd-4017-4da0-acf9-9d9aab2b81b9} - c:\windows\system32\suvatonu.dllSSODL: yeleyozap - {3a9ed0bc-d8cc-44f4-b279-1e0309f6162d} - c:\windows\system32\suvatonu.dllSSODL: mefuzebok - {702a371f-fcc6-497a-9d34-263e436be379} - c:\windows\system32\suvatonu.dllSSODL: selirufaz - {b85305ae-7175-49bb-b81a-cbc3ec8057d3} - c:\windows\system32\suvatonu.dllSSODL: zowojaged - {215c71c9-1623-48cc-a1b0-e4fb8727d129} - c:\windows\system32\lelizomo.dllSSODL: kigeyipos - {f3300143-dc86-49fb-8ea3-e7bf9f9c5f1b} - c:\windows\system32\lelizomo.dllSSODL: wejarikef - {09f38904-3c63-4f33-8293-6b668cc9fcf8} - c:\windows\system32\kufubabe.dllSTS: {bb384c94-d13d-48a6-a865-2d4c99a7e695}: gahurihorSTS: {29f1b213-2450-4ce7-b85b-42d590aa25fe}: mujuzedijSTS: {0b282c57-f94c-4af0-b9b7-b9cf208bb247}: kupuhivusSTS: {c11e37d5-8d46-4c8d-a4ec-2155f3aa0474}: mujuzedijSTS: {ce925d02-2b7f-4b92-8592-a670014ccf9e}: kupuhivusSTS: {043389f6-8eae-4e15-a33c-f6a86ef4fa55}: gahurihorSTS: {f521f8c7-2324-4ff2-bc16-ce0718619387}: mujuzedijSTS: mujuzedij: {ce8cc709-badb-497e-be6c-e0653ead99fb} - c:\windows\system32\wepejapu.dllSTS: kupuhivus: {fa150700-8ead-4897-a28c-58474597b94f} - c:\windows\system32\suvatonu.dllSTS: jugezatag: {25ddc0dd-4017-4da0-acf9-9d9aab2b81b9} - c:\windows\system32\suvatonu.dllSTS: mujuzedij: {3a9ed0bc-d8cc-44f4-b279-1e0309f6162d} - c:\windows\system32\suvatonu.dllSTS: mujuzedij: {702a371f-fcc6-497a-9d34-263e436be379} - c:\windows\system32\suvatonu.dllSTS: mujuzedij: {b85305ae-7175-49bb-b81a-cbc3ec8057d3} - c:\windows\system32\suvatonu.dllSTS: jugezatag: {215c71c9-1623-48cc-a1b0-e4fb8727d129} - c:\windows\system32\lelizomo.dllSTS: gahurihor: {f3300143-dc86-49fb-8ea3-e7bf9f9c5f1b} - c:\windows\system32\lelizomo.dllSTS: mujuzedij: {09f38904-3c63-4f33-8293-6b668cc9fcf8} - c:\windows\system32\kufubabe.dllLSA: Notification Packages = scecli yobiseha.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\owner~1.man\applic~1\mozilla\firefox\profiles\srep8is7.default\FF - component: c:\program files\mozilla firefox\components\FFComm.dllFF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dllFF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dllFF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dllFF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dllFF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dllFF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dllFF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dllFF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dllFF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dllFF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);============= SERVICES / DRIVERS ===============R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 152328]R3 bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-7-9 110728]S3 Arrakis3;Defender Pro Arrakis Server;c:\program files\common files\defender pro\defender pro arrakis server\bin\arrakis3.exe [2009-6-25 183880]S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\u_sf\gameguard\dump_wmimmc.sys --> c:\ijji\english\u_sf\gameguard\dump_wmimmc.sys [?]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 XDva300;XDva300;\??\c:\windows\system32\xdva300.sys --> c:\windows\system32\XDva300.sys [?]=============== Created Last 30 ================2009-12-03 04:17:26 91648 ----a-w- c:\windows\system32\kufubabe.dll2009-11-30 06:43:28 376 ----a-w- c:\documents and settings\owner.manuels\Application Dataprivacy.xml2009-11-29 06:41:05 82944 ---h-tw- c:\windows\system32\c7163f6.dll2009-11-29 06:41:05 82944 ---h-tw- c:\windows\system32\b28f2f1.dll2009-11-29 06:41:05 165 ----a-w- c:\windows\system32\msexcr.ini2009-11-29 06:40:04 82944 ---h-tw- c:\windows\system32\63bfba0.dll2009-11-29 06:40:04 82944 ---h-tw- c:\windows\system32\14737cd6.dll2009-11-28 21:45:25 850 ----a-w- c:\documents and settings\owner.manuels\Application DataProductTweaks.xml2009-11-28 21:45:25 385 ----a-w- c:\documents and settings\owner.manuels\Application Datauser_gensett.xml2009-11-28 21:26:01 0 d-----w- c:\windows\system32\PreInstall2009-11-28 21:22:52 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll2009-11-28 09:43:37 0 --sh--w- c:\windows\system32\gigazayu.dll2009-11-28 08:22:01 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll2009-11-28 08:22:00 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll2009-11-28 08:22:00 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll2009-11-28 08:22:00 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll2009-11-28 08:22:00 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll2009-11-28 08:22:00 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll2009-11-28 08:21:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll2009-11-28 08:04:03 4 ----a-w- c:\windows\system32\aspdict-en.dat2009-11-28 08:04:03 16 ----a-w- c:\windows\system32\asdict.dat2009-11-28 08:04:03 0 ----a-w- c:\windows\system32\ab_bl.sig2009-11-28 08:04:03 0 ----a-w- C:\pcwords2.dat2009-11-28 08:04:03 0 ----a-w- C:\pcwords.dat2009-11-28 08:04:03 0 ----a-w- C:\pcconf.ini2009-11-28 08:04:03 0 ----a-w- C:\pc_sign.slf2009-11-28 07:55:53 0 d-----w- c:\windows\system32\SoftwareDistribution2009-11-28 07:45:21 132 ----a-w- c:\windows\system32\rezumatenoi.dat2009-11-28 06:54:22 850 ----a-w- c:\windows\system32\ProductTweaks.xml2009-11-28 06:54:22 385 ----a-w- c:\windows\system32\user_gensett.xml2009-11-28 06:53:55 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender2009-11-28 06:52:21 3120 ----a-w- c:\windows\system32\Q7CF5GRB.ocx2009-11-28 06:52:21 3120 ----a-w- c:\windows\HMHS4FFF.ocx2009-11-28 06:52:05 0 d-----w- c:\docume~1\owner~1.man\applic~1\Defender Pro2009-11-28 06:51:34 0 d-----w- c:\program files\Defender Pro2009-11-28 06:51:34 0 d-----w- c:\program files\common files\Defender Pro2009-11-28 06:51:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Defender Pro2009-11-28 06:50:59 0 d-----w- c:\program files\common files\BitDefender2009-11-28 05:41:31 5632 ----a-w- c:\windows\system32\ptpusb.dll2009-11-28 05:41:28 159232 ----a-w- c:\windows\system32\ptpusd.dll2009-11-27 23:14:39 0 d-sh--w- C:\found.0002009-11-26 06:35:21 92160 --sh--w- c:\windows\system32\zifewiba.dll2009-11-26 06:34:53 38912 --sh--w- c:\windows\system32\nubamiko.dll2009-11-23 21:31:44 82944 ---h-tw- c:\windows\system32\bd75b0.dll2009-11-23 21:31:44 82944 ---h-tw- c:\windows\system32\17590d0e.dll2009-11-23 21:29:50 38400 --sh--w- c:\windows\system32\guyuzera.dll2009-11-22 04:22:37 444776 ----a-w- c:\windows\system32\d3dx10_35.dll2009-11-22 04:22:37 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll2009-11-22 04:22:36 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll2009-11-22 04:22:35 81768 ----a-w- c:\windows\system32\xinput1_3.dll2009-11-22 04:22:23 0 d-----w- c:\windows\Logs2009-11-22 03:27:53 0 d-----w- c:\program files\DNA2009-11-22 03:27:53 0 d-----w- c:\docume~1\owner~1.man\applic~1\DNA2009-11-22 03:27:52 0 d-----w- c:\program files\GamersFirst2009-11-22 02:18:52 82944 ---h-tw- c:\windows\system32\93b6870.dll2009-11-22 02:18:52 82944 ---h-tw- c:\windows\system32\306cd857.dll2009-11-22 02:18:20 82944 ---h-tw- c:\windows\system32\1aef43f4.dll2009-11-22 02:18:20 82944 ---h-tw- c:\windows\system32\162ba80.dll2009-11-20 03:40:48 82944 ---h-tw- c:\windows\system32\8adb8.dll2009-11-20 03:40:48 82944 ---h-tw- c:\windows\system32\34be2d0.dll2009-11-19 05:07:56 82944 ---h-tw- c:\windows\system32\222f9fe5.dll2009-11-19 05:07:56 82944 ---h-tw- c:\windows\system32\1913b30.dll2009-11-18 03:13:59 82944 ---h-tw- c:\windows\system32\a141a58.dll2009-11-18 03:13:59 82944 ---h-tw- c:\windows\system32\22267368.dll2009-11-16 06:46:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Nexon2009-11-16 05:21:39 82944 ---h-tw- c:\windows\system32\582558.dll2009-11-16 05:21:39 82944 ---h-tw- c:\windows\system32\35cb28a9.dll2009-11-15 19:59:36 82944 ---h-tw- c:\windows\system32\9bb90a.dll2009-11-15 19:59:36 82944 ---h-tw- c:\windows\system32\17df39ae.dll2009-11-12 21:14:24 0 d-----w- c:\program files\Redbana2009-11-12 05:39:11 82944 ---h-tw- c:\windows\system32\17d08d60.dll2009-11-12 05:39:11 82944 ---h-tw- c:\windows\system32\11a89f4.dll2009-11-12 02:16:16 0 d-----w- c:\windows\system32\Adobe2009-11-11 06:13:46 82944 ---h-tw- c:\windows\system32\4896725.dll2009-11-11 06:13:46 82944 ---h-tw- c:\windows\system32\2d181734.dll2009-11-09 19:41:19 82944 ---h-tw- c:\windows\system32\62784dd.dll2009-11-09 19:41:19 82944 ---h-tw- c:\windows\system32\5d3fcb8.dll2009-11-09 04:17:14 82944 ---h-tw- c:\windows\system32\d5bf9f0.dll2009-11-09 04:17:14 82944 ---h-tw- c:\windows\system32\1fd8adc3.dll2009-11-08 02:26:11 82944 ---h-tw- c:\windows\system32\9f59a21.dll2009-11-08 02:26:11 82944 ---h-tw- c:\windows\system32\18bce104.dll2009-11-07 05:45:32 0 d-----w- c:\docume~1\owner~1.man\applic~1\Malwarebytes2009-11-07 05:42:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-11-07 05:42:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2009-11-07 05:42:11 19096 ----a-w- c:\windows\system32\drivers\mbam.sys2009-11-07 05:42:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2009-11-06 01:15:03 82944 ---h-tw- c:\windows\system32\d48b33d.dll2009-11-06 01:15:03 82944 ---h-tw- c:\windows\system32\3656136.dll2009-11-05 00:04:20 82944 ---h-tw- c:\windows\system32\e2ca2f2.dll2009-11-05 00:04:20 82944 ---h-tw- c:\windows\system32\136c7920.dll==================== Find3M ====================2009-11-28 07:45:06 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys2009-11-28 07:45:05 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys2009-11-28 07:40:27 110728 ----a-w- c:\windows\system32\drivers\bdfndisf.sys2009-11-01 02:40:00 38352 ----a-w- c:\windows\regred.exe2009-11-01 02:39:59 51197 ----a-w- c:\windows\spoov.exe2009-11-01 02:39:59 47872 ----a-w- c:\windows\certsystem.exe2009-11-01 02:39:59 33149 ----a-w- c:\windows\usexplorer.exe2009-11-01 02:39:59 28320 ----a-w- c:\windows\securits.com2009-11-01 02:39:59 18941 ----a-w- c:\windows\microsoftdef.dll2009-10-26 05:01:53 0 ----a-w- c:\docume~1\owner~1.man\applic~1\wklnhst.dat2009-10-26 03:05:39 139759 ----a-w- c:\windows\hpoins15.dat2009-10-24 05:11:21 6126 ----a-w- c:\windows\BricoPackFoldersDelete.cmd2009-10-24 05:11:21 53731 ----a-w- c:\windows\BricoPackUninst.cmd2009-10-24 04:49:56 218624 ----a-w- c:\windows\system32\uxtheme.dll2009-10-07 21:35:10 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys2009-10-07 21:24:11 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys2009-08-09 18:32:07 38400 --sha-w- c:\windows\sokazoya.dll2009-08-22 04:34:31 38400 --sha-w- c:\windows\system32\bedihidu.dll2009-08-19 02:52:30 37888 --sha-w- c:\windows\system32\biyuhepe.dll2009-08-20 03:38:08 52736 --sha-w- c:\windows\system32\dazetaha.dll2009-08-26 23:39:56 52224 --sha-w- c:\windows\system32\demayoha.dll2009-08-02 07:28:24 89088 --sha-w- c:\windows\system32\dileloso.dll2009-08-16 19:58:47 38400 --sha-w- c:\windows\system32\dinibafi.dll2009-08-13 05:31:43 38912 --sha-w- c:\windows\system32\diwuzisi.dll2009-08-01 02:43:55 183296 --sha-w- c:\windows\system32\dujujewo.dll2009-08-15 00:13:55 39424 --sha-w- c:\windows\system32\fuhaleke.dll2009-08-30 06:44:04 51712 --sha-w- c:\windows\system32\gadibure.dll2009-08-04 23:59:36 38400 --sha-w- c:\windows\system32\guhegesi.dll2009-08-28 21:40:56 38400 --sha-w- c:\windows\system32\guvutoho.dll2009-09-04 04:58:26 61952 --sha-w- c:\windows\system32\haditapo.dll2009-08-07 22:52:22 38912 --sha-w- c:\windows\system32\henemate.dll2009-08-26 06:34:22 37888 --sha-w- c:\windows\system32\hutikovu.dll2009-08-02 20:23:49 89600 --sha-w- c:\windows\system32\jepayala.dll2009-08-12 01:54:12 89600 --sha-w- c:\windows\system32\jeribejo.dll2009-08-26 23:39:56 38400 --sha-w- c:\windows\system32\jimekaju.dll2009-08-07 05:54:01 90112 --sha-w- c:\windows\system32\jobobuwi.dll2009-08-05 23:55:45 89088 --sha-w- c:\windows\system32\jumidani.dll2009-08-09 04:49:27 38912 --sha-w- c:\windows\system32\kunuzavi.dll2009-08-15 19:58:18 51712 --sha-w- c:\windows\system32\lekefoji.dll2009-08-08 16:48:58 38912 --sha-w- c:\windows\system32\litikusi.dll2009-08-02 07:28:24 38400 --sha-w- c:\windows\system32\livukafa.dll2009-08-15 00:13:55 51712 --sha-w- c:\windows\system32\majubilu.dll2009-08-12 01:54:12 52736 --sha-w- c:\windows\system32\malaruwo.dll2009-08-10 06:32:01 37888 --sha-w- c:\windows\system32\nanulote.dll2009-08-20 03:38:08 43520 --sha-w- c:\windows\system32\nevorefa.dll2009-08-09 04:49:27 89088 --sha-w- c:\windows\system32\nijufagi.dll2009-08-05 23:55:45 37888 --sha-w- c:\windows\system32\nunoloje.dll2009-08-01 19:27:55 51712 --sha-w- c:\windows\system32\pasagami.dll2009-08-01 02:43:55 87040 --sha-w- c:\windows\system32\pefeveli.dll2009-08-16 07:58:35 38400 --sha-w- c:\windows\system32\petolahu.dll2009-08-28 21:40:56 91648 --sha-w- c:\windows\system32\pokitiwi.dll2009-08-07 05:38:03 38912 --sha-w- c:\windows\system32\rawuyona.dll2009-08-01 19:27:55 88064 --sha-w- c:\windows\system32\reboyuti.dll2009-08-20 03:38:09 38912 --sha-w- c:\windows\system32\regizogu.dll2009-08-21 04:14:29 38400 --sha-w- c:\windows\system32\renazuvi.dll2009-08-20 03:38:08 91648 --sha-w- c:\windows\system32\rinokulo.dll2009-08-30 06:44:04 51712 --sha-w- c:\windows\system32\romekaye.dll2009-08-15 19:58:18 38400 --sha-w- c:\windows\system32\sapawoma.dll2009-08-12 17:31:35 38400 --sha-w- c:\windows\system32\tenagoki.dll2009-08-04 04:14:18 38912 --sha-w- c:\windows\system32\tepidike.dll2009-08-10 06:32:01 89088 --sha-w- c:\windows\system32\tihaduza.dll2009-08-30 06:43:24 38912 --sha-w- c:\windows\system32\tijezaze.dll2009-08-12 01:54:12 37888 --sha-w- c:\windows\system32\tunayiri.dll2009-08-07 05:38:03 90112 --sha-w- c:\windows\system32\tupuzeme.dll2009-08-21 16:34:18 38912 --sha-w- c:\windows\system32\vawopijo.dll2009-08-23 21:29:23 34816 --sha-w- c:\windows\system32\volorume.dll2009-08-30 06:43:24 51712 --sha-w- c:\windows\system32\vumeburi.dll2009-08-07 05:54:01 38912 --sha-w- c:\windows\system32\wanisupa.dll2009-08-11 06:12:38 90112 --sha-w- c:\windows\system32\wavoyolu.dll2009-08-11 06:12:38 38400 --sha-w- c:\windows\system32\wefeyubi.dll2009-08-02 20:23:49 37888 --sha-w- c:\windows\system32\wigenupa.dll2009-08-23 21:29:21 45056 --sha-w- c:\windows\system32\yigekote.dll2009-08-30 06:44:04 51712 --sha-w- c:\windows\system32\yobiseha.dll2009-08-30 06:43:25 91648 --sha-w- c:\windows\system32\yugutoyi.dll2009-09-04 04:58:25 38400 --sha-w- c:\windows\system32\zebelivu.dll2009-08-26 06:34:22 45568 --sha-w- c:\windows\system32\zekuboli.dll============= FINISH: 21:07:40.84 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-12-01.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 10/7/2009 3:04:27 PMSystem Uptime: 12/3/2009 8:57:22 PM (1 hours ago)Motherboard: Gateway | | Processor: Genuine Intel® CPU T2250 @ 1.73GHz | uFCPGA2 | 1729/533mhzProcessor: Genuine Intel® CPU T2250 @ 1.73GHz | uFCPGA2 | 1729/533mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 54 GiB total, 22.955 GiB free.D: is FIXED (FAT32) - 4 GiB total, 0.968 GiB free.E: is CDROM (CDFS)==== Disabled Device Manager Items ================= System Restore Points ===================RP1: 10/7/2009 3:04:32 PM - System CheckpointRP2: 10/7/2009 7:37:18 PM - Installed MapleStory.RP3: 10/10/2009 6:17:14 PM - System CheckpointRP4: 10/10/2009 11:04:28 PM - Installed Soldier FrontRP5: 10/11/2009 9:55:36 PM - Installed ijji REACTORRP6: 10/23/2009 4:57:43 PM - System CheckpointRP7: 10/23/2009 10:10:00 PM - BricoPack Automatic Restore PointRP8: 10/25/2009 6:57:55 PM - Installed HPSU306StubRP9: 11/12/2009 11:43:19 AM - System CheckpointRP10: 11/12/2009 1:14:24 PM - Installed AuditionRP11: 11/15/2009 6:44:59 PM - System CheckpointRP12: 11/18/2009 7:40:55 PM - System CheckpointRP13: 11/21/2009 8:22:32 PM - Installed DirectXRP14: 11/27/2009 10:51:26 PM - Installed Defender Pro 5-in-1RP15: 11/28/2009 1:23:42 PM - Software Distribution Service 3.0==== Installed Programs ======================32 Bit HP CIO Components InstallerAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 7.0Adobe Shockwave Player 11.5AIO_ScanAmerica Online (Choose which version to remove)AOL Coach Version 2.0(Build:20041026.5 en)AOL Connectivity ServicesAOL You've Got Pictures ScreensaverAuditionBigFixBrowser Address Error RedirectorBufferChmC4200C4200_doccdc4200_HelpCombat ArmsCopyCustomerResearchQFolderDefender Pro 5-in-1Destination ComponentDeviceDiscoveryDeviceManagementQFolderDFOLauncherDNADocProcDocProcQFolderDVD SolutioneSupportQFolderGamersFirst LIVE!Google DesktopGoogle Toolbar for Internet Explorergtw_logoHigh Definition Audio Driver Package - KB888111Hotfix for Windows Media Player 10 (KB903157)Hotfix for Windows Media Player 10 (KB910393)Hotfix for Windows XP (KB888795)Hotfix for Windows XP (KB891593)Hotfix for Windows XP (KB893357)Hotfix for Windows XP (KB895953)Hotfix for Windows XP (KB895961)Hotfix for Windows XP (KB896256)Hotfix for Windows XP (KB899337)Hotfix for Windows XP (KB899510)Hotfix for Windows XP (KB902841)Hotfix for Windows XP (KB910728)Hotfix for Windows XP (KB912024)Hotfix for Windows XP (KB914906)HP Customer Participation Program 9.0HP Imaging Device Functions 9.0HP OCR Software 9.0HP Photosmart All-In-One Software 9.0HP Photosmart Essential 2.01HP Photosmart Essential2.01HP Smart Web PrintingHP Solution Center 9.0HP UpdateHPProductAssistantHPSSupplyijji REACTORIntel Matrix Storage ManagerIntel® Graphics Media Accelerator DriverIntel® PROSet/Wireless SoftwareJ2SE Runtime Environment 5.0 Update 2Malwarebytes' Anti-MalwareMapleStoryMarketResearchmCoremDrivermDrWiFimHelpMicrosoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft Digital Image Library 9 - BlockerMicrosoft Digital Image Starter Edition 2006Microsoft Digital Image Starter Edition 2006 EditorMicrosoft Digital Image Starter Edition 2006 LibraryMicrosoft Money 2006Microsoft Office Standard Edition 2003Microsoft WorksmIWAmLogViewmMHouseMotorola SM56 Data Fax ModemMozilla Firefox (3.5.5)mPfMgrmPfWizmProSafemWlsSafemXMLmZConfigNapsterNapster Burn EnginePando Media BoosterPersonal Guard 2009Power2Go 4.0PowerDVDPS_AIO_ProductContextPS_AIO_SoftwarePS_AIO_Software_minPSSWCOREPure Networks Port MagicQuickTimeRealPlayer BasicRecovery Software Suite GatewayScanSecurity Update for Windows Media Player (KB911564)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows XP (KB893756)Security Update for Windows XP (KB896424)Security Update for Windows XP (KB899587)Security Update for Windows XP (KB899588)Security Update for Windows XP (KB899591)Security Update for Windows XP (KB901214)Security Update for Windows XP (KB903235)Security Update for Windows XP (KB904706)Security Update for Windows XP (KB905915)Security Update for Windows XP (KB908519)Security Update for Windows XP (KB908531)Security Update for Windows XP (KB911280)Security Update for Windows XP (KB911562)Security Update for Windows XP (KB911567)Security Update for Windows XP (KB912812)Security Update for Windows XP (KB912919)Security Update for Windows XP (KB913580)Security Update for Windows XP (KB914389)Security Update for Windows XP (KB916281)Security Update for Windows XP (KB917344)Security Update for Windows XP (KB917953)Security Update for Windows XP (KB918439)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB973354)SigmaTel AudioSoldier FrontSolutionCenterSonic EncodersStatusSynaptics Pointing Device DriverSystem Requirements LabTexas Instruments PCIxx21/x515/xx12 drivers.TIPCIToolboxTrayAppUnloadSupportUpdate for Windows XP (KB894391)Update for Windows XP (KB896727)Update for Windows XP (KB898461)Update for Windows XP (KB910437)Update for Windows XP (KB912945)Update Rollup 2 for Windows XP Media Center Edition 2005VideoToolkit01Viewpoint Media PlayerWar RockWebFldrs XPWebRegWindows Backup UtilityWindows Genuine Advantage Validation ToolWindows Installer 3.1 (KB893803)Windows Media Format RuntimeWindows XP Hotfix - KB834707Windows XP Hotfix - KB867282Windows XP Hotfix - KB873333Windows XP Hotfix - KB873339Windows XP Hotfix - KB885250Windows XP Hotfix - KB885835Windows XP Hotfix - KB885836Windows XP Hotfix - KB887472Windows XP Hotfix - KB888113Windows XP Hotfix - KB888239Windows XP Hotfix - KB888302Windows XP Hotfix - KB890047Windows XP Hotfix - KB890175Windows XP Hotfix - KB890859Windows XP Hotfix - KB890923Windows XP Hotfix - KB891781Windows XP Hotfix - KB893066Windows XP Hotfix - KB893086Windows XP Media Center Edition 2005 KB914548Windows XP Media Center Edition 2005 KB973768WinRAR archiver==== Event Viewer Messages From Past Week ========12/3/2009 8:58:29 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86333 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.73:123->207.46.232.182:123) is working properly.11/29/2009 4:25:27 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86331 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.73:123->207.46.232.182:123) is working properly.11/29/2009 10:43:09 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86330 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.73:123->207.46.232.182:123) is working properly.11/28/2009 12:19:58 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).11/28/2009 12:19:58 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).11/28/2009 12:19:58 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).11/28/2009 12:19:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde11/28/2009 12:18:42 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.11/28/2009 1:38:20 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86330 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.73:123->207.46.197.32:123) is working properly.11/27/2009 10:54:48 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}11/27/2009 10:51:34 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .11/27/2009 10:51:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI8B.tmp. Reference error message: The operation completed successfully. .11/27/2009 10:51:34 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.11/27/2009 1:54:29 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 2 time(s).11/27/2009 1:54:13 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).11/27/2009 1:52:20 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.11/27/2009 1:40:07 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86329 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.73:123->207.46.197.32:123) is working properly.==== End Of File ===========================Umm i think this is the stuff o.O Link to post Share on other sites More sharing options...
Blade81 Posted December 3, 2009 ID:165504 Share Posted December 3, 2009 Hi again,DNAAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs. If you aren't going to uninstall you still have to make sure none of P2P file sharing programs is running while this cleaning process is not ready.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 16, 2009 Root Admin ID:171479 Share Posted December 16, 2009 Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you. Link to post Share on other sites More sharing options...
Recommended Posts