Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM Missing - Desktop Background Blue


  • This topic is locked This topic is locked
3 replies to this topic

#1 Andrea0701

Andrea0701

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 14 November 2009 - 10:20 AM

Hello!

Desktop background turned blue - all icons are missing. When I try to run MBAM says the file cannot be found even though I downloaded again. Had a Security Tool trying to run as soon as I checked laptop this AM - would not go away. I use BitDefender as my virus protection but something keeps the laptop running all the time so I figured BitDefender was scanning everything all the time and I disabled the auto updates.

I'm no extreme techie - but I am not a novice either - I keep everything updated, but I cannot manage to keep my system safe! any help you can provide by fixing this current issue and providing absolute must haves in today's world would be greatly appreciated!

I found other posts and I posted the text files from those programs.
I know Security Tool was installed - I found and removed.
I have tried to rename the MBAM exe file - still code 2 error

Here is the DDS log:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Andrea at 8:42:31.01 on Sat 11/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1055 [GMT -6:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BitDefender\BitDefender 2010\uiscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Documents and Settings\Andrea\My Documents\Downloads\OTL.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Andrea\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [A00FBFDB556.exe] c:\docume~1\andrea\locals~1\temp\_A00FBFDB556.exe
mRun: [igfxpers] "c:\windows\system32\igfxpers.exe"
mRun: [High Definition Audio Property Page Shortcut] "c:\windows\system32\CHDAudPropShortcut.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [NapsterShell] "c:\program files\napster\napster.exe" /systray
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [<NO NAME>]
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [zakedeyen] Rundll32.exe "c:\windows\system32\fefiwika.dll",a
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: atfcu.org\www1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Cute%20Knight/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.17.cab
DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} - hxxp://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Cute%20Knight/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://pogo.oberon-media.com/online2/pogo/wedding_dash/WeddingDash.1.0.0.47.cab
TCP: {6DB32106-AE0C-412E-AA8A-CE68998733AD} = 77.74.48.113
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: getebisu.dll c:\windows\system32\fefiwika.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: hipemisub - {6ef39fd6-f769-4d9c-8b13-31fb59e0aaa1} - c:\windows\system32\fefiwika.dll
STS: gahurihor: {6ef39fd6-f769-4d9c-8b13-31fb59e0aaa1} - c:\windows\system32\fefiwika.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli bukujuri.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrea\applic~1\mozilla\firefox\profiles\yrgro4jf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-2 54752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-3-20 3032360]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-5-19 370872]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-9-17 152456]
R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-6 19160]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-9-13 183880]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\drivers\vpnva.sys [2008-5-19 15360]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-3-20 15144]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-11-14 05:41:12 0 d-----w- c:\docume~1\alluse~1\applic~1\07918833
2009-11-14 05:41:03 1209915 --sh--w- c:\windows\system32\dibojine.exe
2009-11-14 05:35:06 40960 ----a-w- C:\kewwr.exe
2009-11-14 05:35:05 52736 ----a-w- C:\aywdthl.exe
2009-11-14 05:35:04 23040 ----a-w- C:\hkkyaekg.exe
2009-11-07 23:42:49 0 d-----w- c:\program files\Oberon Media
2009-11-05 01:20:03 385 ----a-w- c:\documents and settings\andrea\Application Datauser_gensett.xml
2009-11-04 00:45:23 0 d-sh--w- c:\documents and settings\andrea\PrivacIE
2009-11-03 01:12:59 0 d-----w- c:\docume~1\andrea\applic~1\Windows Search
2009-11-03 00:46:29 0 d-sh--w- c:\documents and settings\andrea\IETldCache
2009-11-03 00:44:21 0 d-----w- c:\documents and settings\andrea\Tracing
2009-11-03 00:43:39 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-03 00:43:02 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-11-03 00:41:41 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-03 00:41:30 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-03 00:38:31 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-03 00:26:57 0 d-----w- c:\program files\common files\Windows Live
2009-11-03 00:26:04 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-11-03 00:25:44 0 d-----w- c:\windows\ie8updates
2009-11-03 00:25:29 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-03 00:25:29 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-11-03 00:24:18 0 dc-h--w- c:\windows\ie8
2009-11-03 00:20:19 0 d-----w- c:\program files\Microsoft
2009-11-03 00:17:59 0 d-----w- c:\docume~1\andrea\applic~1\Windows Desktop Search
2009-11-03 00:17:25 0 d-----w- c:\windows\system32\GroupPolicy
2009-11-03 00:17:25 0 d-----w- c:\program files\Windows Desktop Search
2009-11-03 00:16:29 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-11-03 00:16:29 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-11-03 00:16:29 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-11-03 00:03:20 376 ----a-w- c:\documents and settings\andrea\Application Dataprivacy.xml
2009-10-31 19:43:30 0 d-----w- c:\program files\sarfic
2009-10-23 02:33:00 0 d-----w- c:\program files\Cute Knight
2009-10-16 00:22:59 850 ----a-w- c:\documents and settings\andrea\Application DataProductTweaks.xml
2009-10-16 00:21:04 385 ----a-w- c:\windows\system32\user_gensett.xml
2009-10-16 00:18:22 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-10-15 23:54:27 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-10-15 23:54:27 16 ----a-w- c:\windows\system32\asdict.dat
2009-10-15 23:54:27 0 ----a-w- c:\windows\system32\ab_bl.sig
2009-10-15 23:54:27 0 ----a-w- C:\pcwords2.dat
2009-10-15 23:54:27 0 ----a-w- C:\pcwords.dat
2009-10-15 23:54:27 0 ----a-w- C:\pcconf.ini
2009-10-15 23:54:27 0 ----a-w- C:\pc_sign.slf
2009-10-15 23:45:26 0 d-----w- c:\docume~1\andrea\applic~1\BitDefender
2009-10-15 23:44:41 0 d-----w- c:\program files\BitDefender
2009-10-15 23:44:41 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2009-10-15 23:27:05 0 d-----w- c:\program files\common files\BitDefender

==================== Find3M ====================

2009-11-12 15:14:12 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-11-12 15:14:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-08 20:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:57:00 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2009-10-08 20:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 20:56:56 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
2009-09-30 12:05:54 87188 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-08-29 08:08:21 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 08:08:20 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-08-29 08:08:18 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-29 08:08:18 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-29 08:08:18 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 08:08:18 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-08-29 08:08:17 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 08:08:16 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 08:08:13 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-29 07:36:24 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2007-04-22 19:38:10 88 --sh--r- c:\windows\system32\AA8CB4EC2F.sys
2009-08-14 05:35:20 52736 --sha-w- c:\windows\system32\bukujuri.dll
2007-07-20 07:52:10 168 -csh--r- c:\windows\system32\F4080F21CC.sys
2009-08-14 05:35:20 52736 --sha-w- c:\windows\system32\getebisu.dll
2007-07-20 07:57:08 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-14 05:40:29 39424 --sha-w- c:\windows\system32\miwuzulu.dll
2009-08-14 05:35:20 52736 --sha-w- c:\windows\system32\pavutaya.dll
2009-08-14 05:40:29 248832 --sha-w- c:\windows\system32\veharuno.exe
2009-08-14 05:40:30 45056 --sha-w- c:\windows\system32\zukoyeki.dll
2008-08-29 08:07:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 8:43:45.25 ===============

Attached Files


Edited by Andrea0701, 14 November 2009 - 07:21 PM.


BC AdBot (Login to Remove)

 


#2 Andrea0701

Andrea0701
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 15 November 2009 - 10:13 AM

I think I fixed it - I read several posts on MBAM's website - found a script that ran in safe mode that took out most of the .dll's that were part of the rootkit. Most importantly it allowed me to download Malware again - this time with the exe attached. I also renamed the folder while downloading. I used a very long name which seemed to be the key. Scanned and deleted what I knew MBAM would find! YEAH! Still having some residual problems on some of my websites. But at least I am not being redirectedd - MBAM will run every night again and BitDefender is still working ok.

Let me know if you would like any logs - if no reply I will consider the issue resolved.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:59 PM

Posted 21 November 2009 - 10:43 PM

Hello Andrea0701,

I dont think your computer is clean yet. :(

Post the last Malwarebytes log so I can see what it removed.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire MBAM report to this thread.

***********

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.


***********
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

Edited by SifuMike, 21 November 2009 - 10:45 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:59 PM

Posted 10 December 2009 - 07:21 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users