Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WMIprrvse, Wbem, Shared C:, C:$, IPC$


  • Please log in to reply
3 replies to this topic

#1 hatecomputers

hatecomputers

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County
  • Local time:08:33 AM

Posted 24 February 2009 - 03:52 AM

it has taken me two weeks to get to this point !@!!!

DDS (Ver_09-02-01.01) - NTFSx86
Run by Adminstrator at 22:35:12.84 on Sun 02/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1390 [GMT -8:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\casecuritycenter.exe
C:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
C:\Program Files\Safer Networking\RunAlyzer\RunAlyzer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Adminstrator\Local Settings\Temporary Internet Files\Content.IE5\MHSIG0YB\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [<NO NAME>]
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
Notify: PFW - UmxWnp.Dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admins~1\applic~1\mozilla\firefox\profiles\ymt6jm1g.default\

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-2-22 26376]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-2-22 21128]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-2-22 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-2-22 21512]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-2-22 32264]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-2-22 144960]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-2-22 242952]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-22 38496]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-2-22 108368]
S3 NRKCTL32;NRKCTL32;c:\program files\wcpuid\wcpuid\nrkctl32.sys [2004-4-1 3968]

=============== Created Last 30 ================

2009-02-22 20:52 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-02-22 20:52 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-02-22 16:57 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-02-22 16:57 <DIR> --d----- c:\program files\Analog Devices
2009-02-22 16:50 <DIR> --d----- c:\program files\MSXML 4.0
2009-02-22 16:45 <DIR> --d----- c:\program files\WCPUID
2009-02-22 16:33 <DIR> --d----- C:\SWTOOLS
2009-02-22 08:12 376 a------- c:\windows\ODBC.INI
2009-02-22 08:12 17,920 a------- c:\windows\system32\mdimon.dll
2009-02-22 08:11 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-02-22 08:11 <DIR> --d----- c:\windows\SHELLNEW
2009-02-22 07:39 2,422 a------- c:\windows\system32\wpa.bak
2009-02-22 07:06 4,444 a------- c:\windows\system32\pid.PNF
2009-02-22 06:37 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-02-22 06:37 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-22 06:37 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-22 06:37 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-22 06:37 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-22 06:37 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-02-22 06:37 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-22 06:37 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-22 06:37 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-22 06:34 <DIR> --d----- c:\program files\CCleaner
2009-02-22 06:28 524 a------- c:\windows\ATICIM.INI
2009-02-22 06:26 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-22 06:19 <DIR> --d----- c:\program files\Safer Networking
2009-02-22 06:15 <DIR> --d----- c:\windows\CAVTemp
2009-02-22 06:12 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-22 06:02 47,582 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-02-22 06:02 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-02-22 06:02 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-02-22 06:02 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-02-22 06:02 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-02-22 06:02 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-02-22 06:02 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-02-22 06:02 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-02-22 06:02 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-22 05:44 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-02-22 05:44 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-02-22 05:42 99,592 a------- c:\windows\system32\isafeif.dll
2009-02-22 05:42 79,424 a------- c:\windows\system32\vetredir.dll
2009-02-22 05:42 75,016 a------- c:\windows\system32\isafprod.dll
2009-02-22 05:42 32,264 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-02-22 05:42 26,376 a------- c:\windows\system32\drivers\vet-filt.sys
2009-02-22 05:42 21,512 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-02-22 05:42 21,128 a------- c:\windows\system32\drivers\vet-rec.sys
2009-02-22 05:42 <DIR> --d----- c:\program files\common files\Scanner
2009-02-22 05:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-02-22 05:41 <DIR> --d----- c:\program files\CA
2009-02-22 04:50 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-22 04:49 5,110 a----r-- c:\windows\system32\e100b325.din
2009-02-22 04:49 145,408 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-02-22 04:49 145,408 a------- c:\windows\system32\drivers\e100b325.sys
2009-02-22 04:49 118,784 a------- c:\windows\system32\Prounstl.exe
2009-02-22 04:49 24,064 a------- c:\windows\system32\IntelNic.dll
2009-02-22 04:49 12,288 a------- c:\windows\system32\e100bmsg.dll
2009-02-22 04:49 <DIR> --d----- C:\drvrtmp
2009-02-22 04:48 <DIR> --d----- C:\Dell
2009-02-22 04:11 <DIR> --d----- c:\program files\support.com
2009-02-22 03:43 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-22 03:43 294,912 -c------ c:\windows\system32\dllcache\dlimport.exe
2009-02-22 03:40 19,569 a------- c:\windows\002868_.tmp
2009-02-22 03:40 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-02-22 03:40 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-02-22 03:34 <DIR> --d----- c:\docume~1\admins~1\applic~1\Malwarebytes
2009-02-22 03:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-22 03:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 03:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 03:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-22 03:24 21,504 a------- c:\windows\system32\hidserv.dll
2009-02-22 03:24 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-02-22 03:24 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-02-22 03:24 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-02-22 03:24 36,864 a------- c:\windows\system32\drivers\hidclass.sys
2009-02-22 03:24 24,960 a------- c:\windows\system32\drivers\hidparse.sys
2009-02-22 03:23 4,736 ac------ c:\windows\system32\dllcache\usbd.sys
2009-02-22 03:23 4,736 a------- c:\windows\system32\drivers\usbd.sys
2009-02-22 03:23 30,208 a------- c:\windows\system32\drivers\usbehci.sys
2009-02-22 03:23 7,168 a------- c:\windows\system32\hccoin.dll
2009-02-22 03:23 143,872 a------- c:\windows\system32\drivers\usbport.sys
2009-02-22 03:23 20,608 a------- c:\windows\system32\drivers\usbuhci.sys
2009-02-22 03:23 74,240 a------- c:\windows\system32\usbui.dll
2009-02-22 03:23 59,520 a------- c:\windows\system32\drivers\usbhub.sys
2009-02-22 02:21 <DIR> --d----- c:\documents and settings\Adminstrator
2009-02-22 02:20 <DIR> --ds---- c:\windows\system32\Microsoft
2009-02-22 02:20 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-22 02:18 76,288 ac------ c:\windows\system32\dllcache\uniime.dll
2009-02-22 02:17 57,399 ac------ c:\windows\system32\dllcache\cplexe.exe
2009-02-22 02:16 16,832 a------- c:\windows\system32\amcompat.tlb
2009-02-22 02:16 316,640 a------- c:\windows\WMSysPr9.prx
2009-02-22 02:16 23,392 a------- c:\windows\system32\nscompat.tlb
2009-02-22 02:16 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-02-22 02:16 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-02-22 02:16 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-02-22 02:16 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-02-22 02:16 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-02-22 02:15 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-02-22 02:15 <DIR> --d----- c:\program files\common files\MSSoap
2009-02-22 02:13 <DIR> --d----- c:\program files\Online Services
2009-02-22 02:13 <DIR> --d----- c:\program files\Messenger
2009-02-22 02:13 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-02-22 02:13 <DIR> --d----- c:\program files\Windows NT
2009-02-21 17:31 <DIR> --d----- c:\program files\common files\ODBC
2009-02-21 17:31 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-02-21 17:31 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-02-22 03:47 170,804 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-02-22 03:46 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-22 02:14 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 22:38:29.46 ===============\

afraid i will not be able to send so no details here. i will try to repost more info as soon as i am sure that i have crushed the massive schedule of tasks and external management of my computers.

XP SP3 dell bios A7, XP PRO SP3 bios A7, E3415 XP home, lenovo vista basic laptop, behind lynksys router. laptop makes water or low level phone noises...... please help i have been working to kill thesed issuses for over 10 days. no virus scanners pick this up as it is in low mem using FAT12 storage in the hardware abstract layer.

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:33 AM

Posted 08 March 2009 - 10:23 AM

Hello hatecomputers

Welcome to BleepingComputer :thumbup2:
========================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 hatecomputers

hatecomputers
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County
  • Local time:08:33 AM

Posted 12 March 2009 - 07:11 PM

DDS (Ver_09-02-01.01) - NTFSx86
Run by jd at 16:00:40.72 on Thu 03/12/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1906 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\windows live safety center\wlschost.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\jd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZH8C20R\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab

============= SERVICES / DRIVERS ===============

R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2009-3-12 36224]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-12 38496]

=============== Created Last 30 ================

2009-03-12 15:57 <DIR> --d----- c:\users\jd\appdata\roaming\Malwarebytes
2009-03-12 15:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-12 15:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-12 15:57 <DIR> --d----- c:\programdata\Malwarebytes
2009-03-12 15:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-12 15:57 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-12 15:53 <DIR> --dsh--- c:\windows\Installer
2009-03-12 15:50 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-03-12 15:49 162,064 a------- c:\windows\system32\wuwebv.dll
2009-03-12 15:49 31,232 a------- c:\windows\system32\wuapp.exe
2009-03-12 07:02 36,224 a------- c:\windows\system32\drivers\lne100v5.sys
2009-03-12 06:17 <DIR> --d----- c:\users\jd

==================== Find3M ====================

2009-03-12 15:49 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-12 15:49 51,200 a------- c:\windows\inf\infpub.dat
2009-03-12 07:03 86,016 a------- c:\windows\inf\infstor.dat
2008-01-20 18:43 174 a--sh--- c:\program files\desktop.ini
2008-01-20 18:32 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:01:18.73 ===============

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:33 AM

Posted 14 March 2009 - 06:58 AM

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Edited by kahdah, 14 March 2009 - 06:58 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users