Jump to content

Recommended Posts

So, I started an earlier topic on this matter, but it was in the wrong section. I have the link here, just so people can go back and see what it was.

http://forums.malwarebytes.org/index.php?showtopic=81752&st=0&gopid=415780entry415780

I tried doing as they instructed, installing your guy's malware program, but the exact same problem happened. I downloaded it with a different computer, onto a thumb drive, then moved it from the thumb drive to the desktop of the infected computer, and when I tried to run it, I go the same error message asking me what program I wanted to open it with. I'll re-upload the error message on this thread as well, just in case it didn't get moved over well. The image is from another malware program I tried to run, but aside from the file being listed, everything else with teh error message is virtually identical. To recap from my earlier post, any program I try to run brings up this same error message. Internet browser, office, even system restore points. Any help on this?

post-76625-0-56895000-1302738081.jpg

Link to post
Share on other sites

  • Staff

Hi,

It's your file associations which are messed up by malware.

Malwarebytes does fix this though, so to get mbam to run, navigate to the C:\Program Files\Malwarebytes' Antimalware folder.

There, locate the file mbam.exe and rename it to mbam.com

Please make sure you renamed it properly, it has to be with a .com extension at the end, not mbam.com.exe

Then doubleclick mbam.com and it should be able to run.

Then scan with malwarebytes, let it remove everything it is finding and then reboot.

Post the log from Malwarebytes in your next reply.

Link to post
Share on other sites

On a side note, I've been reading a lot about this particular virus/malware is that it does not seem to infect other files, such as word documents, pictures, MP3s, etc, that you already have on your computer, so as long as you only backup individual files, as opposed to whole directories, it almost sounds like it would worth it to just back up whats important and reformat?

Link to post
Share on other sites

  • Staff

Hi,

No need to backup and reformat at all. It's only the file associations which are broken. Most malware is already gone, otherwise you wouldn't get the "open with". That's why you need to tweak here a bit anyway first, to get mbam running so it can fix the file associations and delete leftovers.

Hey! Thanks for the help! I just tried to install it to run it, but even just the installation file that you download to install the malware gives me that error message response to just install it. 

I thought you already had malwarebytes installed.

In case you have malwarebytes already installed, please perform the instructions I gave you earlier.

In case you didn't have malwarebytes installed, rename the installer to a .com extension, for exaample installer.com, then install it, then navigate to the C:\Program Files\Malwarebytes' Antimalware folder.

There, locate the file mbam.exe and rename it to mbam.com

Please make sure you renamed it properly, it has to be with a .com extension at the end, not mbam.com.exe

Then doubleclick mbam.com and it should be able to run.

Then scan with malwarebytes, let it remove everything it is finding and then reboot.

Link to post
Share on other sites

All righty, I tried changing it to a .com, but it's still not allowing me to run it, its still giving me the same 'open with' error message. That being said, the actual file name itself, when displayed on the desktop, reads as 'mbam-setup.com', yet in the error message, its referred to as 'mbam-setup.com.ex' The way you change its extension is just the same way you would normally change the file name, right? You right click on the name, choose rename file, and then type in the name of the file, a period,and then the file extension...at least, that's what I've been doing.

Link to post
Share on other sites

  • Staff
That being said, the actual file name itself, when displayed on the desktop, reads as 'mbam-setup.com', yet in the error message, its referred to as 'mbam-setup.com.ex'

Let's enable showing file extensions first..

http://askabouttech.com/how-to-show-file-extension-in-windows-7/

That way, you will be able to rename it properly.

Yes, for the files you want to rename.., rightclick the file, choose rename. Then, empty out the .exe part in the filename and replace that with .com instead.

Link to post
Share on other sites

  • Staff

Hi,

That's great to hear.

I assume you have also told Malwarebytes to remove what it found? Because in your log, it says, "No action Taken", unless you saved the log before applying the removal.

Anyway, as an extra check for other leftovers; please do the following..

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Copy and paste the contents of DDS.txt in your next reply. Do not copy and paste the contents of Attach.txt, but attach it to your reply instead.

Link to post
Share on other sites

  • Staff

Hi,

It looks like association for .scr files is probabably set to open in notepad instead. This happens in most cases where people have iolo system mechanics installed or another third party tool which "disables" scr files.

To restore this association again, download the following file: http://www.dougknox.com/xp/fileassoc/xp_scr_fix.zip

Unzip it to your desktop. Inside, doubleclick the xp_scr_fix.reg and allow it to have it merged into the registry. Then you should be able to run DDS properly.

Also, make sure no other 3rd party program is blocking DDS, so it's good to temporary disable your Antivirus or any other security application running in the background.

Link to post
Share on other sites

Awesome! That did the trick, here are the logs as requested....first off is the one labeled as 'dds.txt'

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by HP_Administrator at 15:27:21.13 on 2011/04/16

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3518.2639 [GMT -8:00]

.

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\V0610Mon.exe

D:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\dcmsvc\dcmsvc.exe

C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ehome\RMSysTry.exe

D:\PROGRA~1\MICROS~2\rapimgr.exe

D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

D:\Program Files\Logitech\SetPoint\SetPoint.exe

svchost.exe

D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Borland\Interbase\Bin\IBGuard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe

C:\WINDOWS\ehome\RMSvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Zune\ZuneBusEnum.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Borland\Interbase\Bin\IBServer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

c:\windows\system\hpsysdrv.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\MUSHclient\mushclient.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uRun: [H/PC Connection Agent] "d:\program files\microsoft activesync\wcescomm.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [V0610Mon.exe] c:\windows\V0610Mon.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe

mRun: [PowerPanel Personal Edition User Interaction] c:\program files\cyberpower powerpanel personal edition\pppeuser.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRunOnce: [VF0610Inst] RunDll32.exe c:\windows\system32\V0610Pin.dll,RunDLL32EP 515

StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\PowerReg Scheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - d:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\micros~2\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\micros~2\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: trymedia.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\0vnw8gth.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2341904&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - google.com

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\hp_administrator\application data\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\hp_administrator\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\0vnw8gth.default\extensions\runtime@panda3d.org\platform\winnt_x86-msvc\plugins\nppanda3d.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Stealther: {4776510a-a1f4-41f3-a3c8-35b474ecef23} - %profile%\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}

FF - Ext: Go Green: fzamaan@gmail.com - %profile%\extensions\fzamaan@gmail.com

FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com

FF - Ext: Panda3D Game Engine Plug-In: runtime@panda3d.org - %profile%\extensions\runtime@panda3d.org

FF - Ext: Surf Canyon - Search Engine Assistant: {75623d5d-4683-402a-b610-ac4bab767c86} - %profile%\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Personas Interactive: btpersonas@brandthunder.com - %profile%\extensions\btpersonas@brandthunder.com

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-11 96408]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-12-14 10384]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-12-14 143936]

R3 V0610Afx;Creative Camera VF0610 Audio Effects Driver;c:\windows\system32\drivers\V0610Afx.sys [2009-12-14 160256]

R3 V0610Vid;Creative Live! Cam Socialize HD Driver;c:\windows\system32\drivers\V0610Vid.sys [2009-12-14 274624]

S3 ewdmaudn;ewdmaudn;c:\docume~1\hp_adm~1\locals~1\temp\ewdmaudn.sys [2009-6-21 31744]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]

.

=============== Created Last 30 ================

.

2011-04-15 07:58:37 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes

2011-04-15 07:58:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-15 07:58:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-15 07:58:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-15 07:58:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-12 23:04:26 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-04-12 23:04:26 -------- d-----w- c:\windows\system32\wbem\Repository

2011-04-07 20:10:06 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR

2011-04-07 20:10:04 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT

2011-04-07 20:10:02 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL

2011-04-07 20:10:00 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT

2011-04-07 20:09:58 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE

2011-04-07 20:09:56 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR

2011-04-07 20:09:54 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES

2011-04-07 20:09:22 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2011-04-07 20:09:02 -------- d-----w- c:\windows\system32\drivers\umdf\en-US

2011-04-07 20:07:40 62976 ------w- c:\windows\system32\dllcache\cdrom.sys

2011-04-07 20:07:40 465920 ------w- c:\windows\system32\imapi2fs.dll

2011-04-07 20:07:40 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll

2011-04-07 20:07:40 317952 ------w- c:\windows\system32\imapi2.dll

2011-04-07 20:07:40 317952 ------w- c:\windows\system32\dllcache\imapi2.dll

2011-03-31 21:35:26 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll

2011-03-31 21:35:26 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll

2011-03-31 21:35:26 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe

2011-03-31 21:35:26 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll

2011-03-31 21:35:26 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll

2011-03-31 21:35:24 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll

2011-03-31 21:35:24 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll

.

==================== Find3M ====================

.

2011-02-05 02:48:32 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-05 02:48:30 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

.

============= FINISH: 15:27:33.99 ===============

And I'll attach the other one to the post. Thanks for all the help!

Attach.txt

Link to post
Share on other sites

  • Staff

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.