Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Windows Security Update Popup


  • This topic is locked This topic is locked
2 replies to this topic

#1 atzero06

atzero06

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 24 December 2009 - 07:12 PM

Just recently I began getting a popup saying that I have viruses to be removed. Also, I am sure that there are several other viruses on my hard drive that I cannot seem to remove. I've tried using MalwareBytes, but whenever I try to actually remove the infected files, the program just shuts down. I have also tried to run SuperAntiSpyware but my pc shuts down whenever I try to open the program. I also have McAfee SecurityCenter, which never detects anything. I am running Windows Vista Ultimate. Thanks in advance for your help!

Also, the RootRepeal scan got stuck at D:\Windows\winsxs and I could not save the report.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Anthony at 18:45:20.27 on Thu 12/24/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.1829 [GMT -5:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k rpcss
D:\Windows\system32\Ati2evxx.exe
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Program Files\Creative\Shared Files\CTAudSvc.exe
D:\Windows\system32\svchost.exe -k GPSvcGroup
D:\Windows\system32\SLsvc.exe
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\system32\taskeng.exe
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\Dwm.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Windows\Explorer.EXE
D:\Windows\system32\rundll32.exe
D:\Windows\system32\Ati2evxx.exe
D:\Windows\system32\taskeng.exe
D:\Windows\msc.exe
D:\Users\Anthony\AppData\Local\Temp\i.exe
D:\Program Files\McAfee\SiteAdvisor\McSACore.exe
D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\Windows\System32\CtHelper.exe
D:\Windows\System32\Ctxfihlp.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\Windows\system32\rundll32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Windows\system32\PnkBstrA.exe
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\System32\TUProgSt.exe
D:\Windows\System32\svchost.exe -k WerSvcGroup
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Windows\system32\SearchIndexer.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Windows\SYSTEM32\CTXFISPI.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Windows\servicing\TrustedInstaller.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
\yaoerac.exe
D:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
d:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
D:\Program Files\Mozilla Firefox\firefox1.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Windows\System32\BiOJPD.exe
D:\Windows\system32\wbem\wmiprvse.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Windows\system32\DllHost.exe
D:\Users\Anthony\Desktop\dds.scr
D:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - d:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] d:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] d:\program files\windows media player\WMPNSCFG.exe
uRun: [yaoerac] d:\users\anthony\yaoerac.exe
uRun: [tuuhieq] d:\users\anthony\tuuhieq.exe
uRun: [LosAlamos] rundll32.exe d:\users\anthony\appdata\local\temp\sshnas.dll,AddAtomAW
uRun: [J8RPLTROBQ] d:\users\anthony\appdata\local\temp\i.exe
mRun: [VolPanel] "d:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [Setup.exe] c:\windows restore\Setup.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [mcagent_exe] "d:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: d:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
mASetup: {20169431-766A-911E-5EFA-4DA282F2F828} - d:\windows\system32\System.exe
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /DeleteRegistration

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2008-6-27 214664]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};d:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
R2 acedrv11;acedrv11;d:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
R2 athsgt;athsgt;d:\windows\system32\drivers\athsgt.sys [2009-4-10 164992]
R2 cpuz132;cpuz132;d:\windows\system32\drivers\cpuz132_x32.sys [2009-11-19 12672]
R2 limsgt;limsgt;d:\windows\system32\drivers\limsgt.sys [2009-4-10 12544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;d:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-21 93320]
R2 McProxy;McAfee Proxy Service;d:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-11-21 359952]
R2 McShield;McAfee Real-time Scanner;d:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-21 144704]
R3 CT20XUT.SYS;CT20XUT.SYS;d:\windows\system32\drivers\CT20XUT.sys [2009-7-14 198168]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;d:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;d:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 73752]
R3 ha20x22k;Creative 20X2 HAL Driver;d:\windows\system32\drivers\ha20x22k.sys [2009-7-14 1227800]
R3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2009-1-15 79816]
R3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2009-1-15 35272]
R3 mferkdk;McAfee Inc. mferkdk;d:\windows\system32\drivers\mferkdk.sys [2009-1-15 34248]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-11-22 135664]
S3 COMMONFX.SYS;COMMONFX.SYS;d:\windows\system32\drivers\COMMONFX.sys [2009-3-4 99352]
S3 COMMONFX;COMMONFX;d:\windows\system32\drivers\COMMONFX.sys [2009-3-4 99352]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;d:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-5-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;d:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-5-7 79360]
S3 CT20XUT;CT20XUT;d:\windows\system32\drivers\CT20XUT.sys [2009-7-14 198168]
S3 CTAUDFX.SYS;CTAUDFX.SYS;d:\windows\system32\drivers\CTAUDFX.sys [2009-3-4 555032]
S3 CTAUDFX;CTAUDFX;d:\windows\system32\drivers\CTAUDFX.sys [2009-3-4 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;d:\windows\system32\drivers\CTERFXFX.sys [2009-3-4 100888]
S3 CTERFXFX;CTERFXFX;d:\windows\system32\drivers\CTERFXFX.sys [2009-3-4 100888]
S3 CTEXFIFX;CTEXFIFX;d:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1353240]
S3 CTHWIUT;CTHWIUT;d:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 73752]
S3 CTSBLFX.SYS;CTSBLFX.SYS;d:\windows\system32\drivers\CTSBLFX.sys [2009-3-4 566296]
S3 CTSBLFX;CTSBLFX;d:\windows\system32\drivers\CTSBLFX.sys [2009-3-4 566296]
S3 FontCache;Windows Font Cache Service;d:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2009-12-16 38224]
S3 mfesmfk;McAfee Inc. mfesmfk;d:\windows\system32\drivers\mfesmfk.sys [2009-1-15 40552]
S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
S4 McSysmon;McAfee SystemGuards;d:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-11-21 606736]

=============== Created Last 30 ================

2009-12-24 23:40:14 0 d-----w- d:\program files\Trend Micro
2009-12-24 23:39:38 150 ----a-w- d:\windows\system32\iyKSbF.bat
2009-12-24 23:37:32 188928 ----a-w- d:\windows\system32\BiOJPD.exe
2009-12-24 23:33:18 188928 ----a-w- d:\windows\system32\CaOpxh.exe
2009-12-24 23:33:16 19456 ----a-w- d:\windows\system32\ToQXgl.exe
2009-12-24 23:33:15 63488 ----a-w- d:\windows\system32\jWpveo.exe
2009-12-24 23:33:13 150016 ----a-w- d:\windows\system32\NNFFtc.exe
2009-12-24 23:23:47 150 ----a-w- d:\windows\system32\PkLwzX.bat
2009-12-24 23:22:07 168960 ----a-w- d:\windows\msc.exe
2009-12-24 23:21:46 188928 ----a-w- d:\windows\system32\LXiLMW.exe
2009-12-24 23:09:58 150 ----a-w- d:\windows\system32\NlJGnw.bat
2009-12-24 23:08:11 168960 ----a-w- d:\windows\msb.exe
2009-12-24 23:07:57 188928 ----a-w- d:\windows\system32\FrYFzJ.exe
2009-12-24 22:58:01 201 ----a-w- d:\users\anthony\DTvJxs.bat
2009-12-24 22:56:15 168960 ----a-w- d:\windows\msa.exe
2009-12-24 22:56:00 234496 ----a-w- d:\windows\system32\sshnas.dll
2009-12-24 22:56:00 188928 ----a-w- d:\users\anthony\UijBny.exe
2009-12-24 21:11:31 0 d-----w- d:\users\anthony\appdata\roaming\PC
2009-12-24 20:47:34 2362 --sh--r- d:\users\anthony\qeexoif.exe
2009-12-24 20:47:16 122880 --sh--r- d:\users\anthony\yaoerac.exe
2009-12-17 19:03:51 0 d-----w- d:\program files\Winamp Detect
2009-12-17 19:03:31 0 d-----w- d:\program files\common files\PX Storage Engine
2009-12-17 03:41:31 0 d-----w- d:\users\anthony\appdata\roaming\Malwarebytes
2009-12-17 03:41:28 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 03:41:27 0 d-----w- d:\programdata\Malwarebytes
2009-12-17 03:41:26 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-12-17 03:41:26 0 d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-12-16 04:13:19 0 d-----w- d:\program files\SUPERAntiSpyware
2009-12-13 00:00:56 59 ----a-w- d:\windows\RUNAWAY2.INI
2009-12-12 21:45:13 0 d-----w- d:\programdata\Pendulo Studios
2009-12-12 20:35:17 132096 --sha-r- d:\windows\system32\C_20269E.dll
2009-12-12 19:52:33 0 d-----w- d:\programdata\2DBoy
2009-12-09 01:50:35 24064 ----a-w- d:\windows\system32\nshhttp.dll
2009-12-09 01:50:28 411648 ----a-w- d:\windows\system32\drivers\http.sys
2009-12-09 01:50:28 30720 ----a-w- d:\windows\system32\httpapi.dll
2009-12-08 20:38:45 243712 ----a-w- d:\windows\system32\rastls.dll
2009-11-27 04:40:08 0 d-----w- d:\users\anthony\appdata\roaming\Crayon Physics Deluxe
2009-11-27 02:51:31 1403595302 ----a-w- D:\Donnie.Darko.x264.mZ.mkv

==================== Find3M ====================

2009-11-24 02:44:29 604488 ----a-w- d:\windows\system32\TUProgSt.exe
2009-11-24 02:44:23 361288 ----a-w- d:\windows\system32\TuneUpDefragService.exe
2009-11-24 02:28:41 51200 ----a-w- d:\windows\inf\infpub.dat
2009-11-24 02:28:41 143360 ----a-w- d:\windows\inf\infstrng.dat
2009-11-24 02:27:38 86016 ----a-w- d:\windows\inf\infstor.dat
2009-11-21 06:40:20 916480 ----a-w- d:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- d:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- d:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- d:\windows\system32\ieUnatt.exe
2009-11-16 11:25:58 17224 ----a-w- d:\windows\system32\authuitu.dll
2009-11-16 11:25:48 29000 ----a-w- d:\windows\system32\uxtuneup.dll
2009-11-12 03:49:41 138464 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2009-11-12 03:49:33 111928 ----a-w- d:\windows\system32\PnkBstrB.exe
2009-11-10 02:49:28 87608 ----a-w- d:\users\anthony\appdata\roaming\inst.exe
2009-11-10 02:49:28 47360 ----a-w- d:\users\anthony\appdata\roaming\pcouffin.sys
2009-11-04 21:54:12 79816 ----a-w- d:\windows\system32\drivers\mfeavfk.sys
2009-11-04 21:54:12 40552 ----a-w- d:\windows\system32\drivers\mfesmfk.sys
2009-11-04 21:54:12 35272 ----a-w- d:\windows\system32\drivers\mfebopk.sys
2009-11-04 21:54:12 214664 ----a-w- d:\windows\system32\drivers\mfehidk.sys
2009-11-03 01:15:03 665600 ----a-w- d:\windows\inf\drvindex.dat
2009-11-03 01:14:53 0 ---ha-w- d:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-03 01:14:43 0 ---ha-w- d:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-29 09:17:42 2048 ----a-w- d:\windows\system32\tzres.dll
2009-10-11 09:17:27 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-10-08 21:08:01 555520 ----a-w- d:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- d:\windows\system32\oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- d:\windows\system32\oleaccrc.dll
2009-10-01 01:02:17 2537472 ----a-w- d:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- d:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- d:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- d:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- d:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- d:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- d:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- d:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- d:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- d:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- d:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- d:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:50 226816 ----a-w- d:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- d:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- d:\windows\system32\WpdConns.dll
2009-09-30 03:58:10 442368 ----a-w- d:\windows\system32\ATIDEMGX.dll
2009-09-30 03:56:14 159744 ----a-w- d:\windows\system32\atitmmxx.dll
2009-09-30 03:55:56 348160 ----a-w- d:\windows\system32\atipdlxx.dll
2009-09-30 03:55:42 274432 ----a-w- d:\windows\system32\Oemdspif.dll
2009-09-30 03:55:34 12288 ----a-w- d:\windows\system32\atimuixx.dll
2009-09-30 03:55:26 43520 ----a-w- d:\windows\system32\ati2edxx.dll
2009-09-30 03:55:14 278528 ----a-w- d:\windows\system32\Ati2evxx.dll
2009-09-30 03:54:10 733184 ----a-w- d:\windows\system32\Ati2evxx.exe
2009-09-30 03:42:48 3839488 ----a-w- d:\windows\system32\atiumdag.dll
2009-09-30 03:26:12 4946432 ----a-w- d:\windows\system32\atiumdva.dll
2009-09-30 03:14:36 51712 ----a-w- d:\windows\system32\amdpcom32.dll
2009-09-30 03:14:04 135168 ----a-w- d:\windows\system32\atiadlxx.dll
2009-09-30 02:51:38 11513856 ----a-w- d:\windows\system32\atioglxx.dll
2009-09-30 02:11:06 53248 ----a-w- d:\windows\system32\aticalrt.dll
2009-09-30 02:10:52 53248 ----a-w- d:\windows\system32\aticalcl.dll
2009-09-30 02:09:46 3235840 ----a-w- d:\windows\system32\aticaldd.dll
2008-01-21 02:41:56 174 --sha-w- d:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- d:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- d:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- d:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- d:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- d:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- d:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- d:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- d:\windows\inf\perflib\0000\perfc.dat
2008-08-29 22:57:33 220 --sha-w- d:\windows\dwin.sys
2008-04-09 23:35:35 8192 --sha-w- d:\windows\users\default\NTUSER.DAT

============= FINISH: 18:47:16.49 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:03 AM

Posted 26 December 2009 - 06:17 AM

Hi,

Please rename mbam.exe present in the C:\Program Files\Malwarebytes Antimalware folder to explorer.exe
Then launch it from there.
If the program still closes, try to run mbam from Windows safe mode.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:03 AM

Posted 22 January 2010 - 08:32 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users