After installing malwarebytes, it says mbam.exe can't be found!

View previous topic View next topic Go down

After installing malwarebytes, it says mbam.exe can't be found!

Post by MrPewp on 12th February 2010, 2:41 am

I've used Malwarebytes successfully 2 times before, but for some reason, now whenever I click on it, it says it can't find mbam.exe. I installed it again, but the same thing happened. I would greatly appreciate the help!

MrPewp
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2010-01-29
OS OS : Windows XP
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by Belahzur on 12th February 2010, 2:18 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by MrPewp on 14th February 2010, 4:16 am

Here are the results! Thanks alot!

OTL logfile created on: 2/13/2010 10:09:30 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\New Folder
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 15.36 Gb Free Space | 39.32% Space Free | Partition Type: NTFS
Drive D: | 193.82 Gb Total Space | 76.14 Gb Free Space | 39.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 463.76 Gb Total Space | 243.65 Gb Free Space | 52.54% Space Free | Partition Type: FAT32

Computer Name: JAYJUON
Current User Name: Jay Juon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/13 22:07:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\New Folder\OTL.exe
PRC - [2009/05/27 11:00:24 | 000,753,664 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2009/02/10 19:08:00 | 000,168,005 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/02/04 11:47:06 | 000,724,992 | ---- | M] (BIT LEADER) -- C:\Program Files\lg_swupdate\Gilautouc.exe
PRC - [2009/01/10 15:51:22 | 002,830,336 | ---- | M] (LG Electronics) -- C:\Program Files\LG Software\On Screen Display\HotKey.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/17 01:08:50 | 017,676,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/03/14 19:41:18 | 001,241,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Sun\StarOffice 8\program\soffice.bin
PRC - [2008/03/14 19:41:18 | 001,019,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Sun\StarOffice 8\program\soffice.exe
PRC - [2008/02/28 08:48:06 | 000,851,968 | ---- | M] (LG 전자(주)) -- C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
PRC - [2008/02/07 20:47:54 | 000,070,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2007/12/26 01:05:48 | 000,415,072 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2007/12/20 16:02:52 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/12/20 16:02:52 | 000,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2007/12/06 02:20:56 | 001,024,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/08/10 08:37:00 | 000,069,632 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe
PRC - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/21 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2004/10/06 16:56:52 | 000,161,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/10/06 16:56:44 | 001,275,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/10/06 16:56:36 | 000,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/08/03 23:56:50 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2004/06/09 19:31:14 | 000,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/06/09 19:31:08 | 000,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/06/09 19:31:06 | 000,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2001/12/13 08:57:46 | 000,049,152 | ---- | M] () -- C:\Program Files\EmEditor3\EMEDTRAY.EXE
PRC - [2001/12/12 23:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE
PRC - [2001/11/22 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,051,712 | -HS- | M] () -- C:\WINDOWS\system32\zobubabe.dll
MOD - [2010/02/13 22:07:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\New Folder\OTL.exe
MOD - [2007/12/20 15:56:06 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007/12/20 15:53:56 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/07/19 10:15:06 | 000,032,768 | ---- | M] (LG Electronics) -- C:\Program Files\LG Software\On Screen Display\MgHookDll.dll
MOD - [2001/11/21 16:48:40 | 000,995,383 | ---- | M] (Microsoft Corporation) -- C:\Program Files\LG Software\On Screen Display\MFC42.DLL


========== Win32 Services (SafeList) ==========

SRV - [2009/02/10 19:08:00 | 000,168,005 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/12/26 01:05:48 | 000,415,072 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2007/12/20 16:02:52 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/08/10 08:37:00 | 000,069,632 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe -- (SRS_PostInstaller)
SRV - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/12/21 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2004/10/06 16:56:48 | 000,173,392 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/10/06 16:56:44 | 001,275,216 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/10/06 16:56:36 | 000,030,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/06/11 17:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/06/09 19:31:14 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/06/09 19:31:12 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/06/09 19:31:08 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/11/22 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (EagleNT)
DRV - [2010/02/05 03:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100205.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/05 03:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100205.002\NAVENG.SYS -- (NAVENG)
DRV - [2009/07/17 12:55:06 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/03/23 19:06:52 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/10 19:08:00 | 006,253,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/11/25 01:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/16 16:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/10/06 23:06:34 | 000,158,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/09/25 04:39:52 | 000,041,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/07/21 09:48:52 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/07/21 09:48:52 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/07/21 09:48:52 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/21 09:48:52 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/07/21 09:48:52 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/07/07 11:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 15:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/12/25 22:38:08 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2007/12/06 02:41:42 | 000,220,032 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/10 08:35:56 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter)
DRV - [2007/07/16 10:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/21 06:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/21 06:30:02 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2006/11/22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006/11/22 09:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2006/11/22 09:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/11 17:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/11 17:28:08 | 000,016,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/03/04 22:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 14:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 14:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2001/08/23 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 06:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [1998/07/10 03:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..network.proxy.autoconfig_url: "file:///c:/sfbay.pac"
FF - prefs.js..network.proxy.ftp: "webcache.sfbay.sun.com "
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "webcache.sfbay.sun.com "
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "webcache.sfbay.sun.com "
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "webcache.sfbay.sun.com "
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/11 20:15:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/09 23:11:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/01 07:28:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/07/17 22:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Mozilla\Extensions
[2010/02/12 00:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay Juon\Application Data\Mozilla\Firefox\Profiles\wob39s4u.default\extensions
[2009/07/28 21:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/07 20:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/02/07 20:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/02/07 20:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2007/03/16 16:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2007/03/16 16:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2007/03/16 16:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2008/11/18 07:04:58 | 000,189,952 | ---- | M] ((주) 그래텍) -- C:\Program Files\Mozilla Firefox\plugins\NPGomtvx_nie.dll
[2008/02/07 20:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2010/01/01 13:35:43 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/02/07 20:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/01/29 23:28:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [jujusozan] C:\WINDOWS\System32\wuboyiki.DLL File not found
O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe (LG Electronics)
O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\autoupdate.exe (BIT LEADER)
O4 - HKLM..\Run: [LG Magnifier] C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG 전자(주))
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [zOSD] C:\Program Files\LG Software\On Screen Display\HotKey.exe (LG Electronics)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Jay Juon\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Yahoo!Mini] C:\Program Files\Yahoo!\Mini\YMiniUpdat2.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EmEditor v3.lnk = C:\Program Files\EmEditor3\EMEDTRAY.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Jay Juon\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bluetooth 장치로 보내기(&One Cool Dude... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Bluetooth로 보내기 - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: lginnotek.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sun.com ([]* in Trusted sites)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [You must be registered and logged in to see this link.] (Musicnotes Viewer)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} [You must be registered and logged in to see this link.] (MeadCo scriptX)
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} [You must be registered and logged in to see this link.] (INISAFEWeb6 V6 Class)
O16 - DPF: {56B0DCF5-77B9-49F6-AD2F-F367D22A7136} [You must be registered and logged in to see this link.] (BWordAxU Control)
O16 - DPF: {599735FD-7340-487C-AD77-85F9838F2E2C} [You must be registered and logged in to see this link.] (LGVoIPQualityX Control)
O16 - DPF: {6A05EEAE-72F8-4288-A5A2-FAC831DC0AC1} [You must be registered and logged in to see this link.] (FileUpDownMass Control)
O16 - DPF: {80572992-B565-4644-A14F-A6BFDEA55599} [You must be registered and logged in to see this link.] (CIDoctorLiveUpdateLuncherCtrl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} [You must be registered and logged in to see this link.] (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_07)
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} Reg Error: Key error. (SG_CAppAtx Control)
O16 - DPF: {A540427E-B803-4842-BC53-9DB140968449} [You must be registered and logged in to see this link.] (27)
O16 - DPF: {B6F0F9BC-AF60-41B4-BFB4-897617910207} [You must be registered and logged in to see this link.] (n5uaEx Control)
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} [You must be registered and logged in to see this link.] (EwsLoader Class)
O16 - DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_07)
O16 - DPF: {CBEAB323-33C7-43A1-8642-412206DD16DF} [You must be registered and logged in to see this link.] (FileUpDown Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [You must be registered and logged in to see this link.] (JuniperSetupSP1 Control)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (zobubabe.dll) - C:\WINDOWS\System32\zobubabe.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\wuboyiki.dll) - C:\WINDOWS\System32\wuboyiki.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O21 - SSODL: yunaderus - {0f23a96d-0ae4-4804-b293-3aebb70df777} - C:\WINDOWS\System32\wuboyiki.dll File not found
O22 - SharedTaskScheduler: {0f23a96d-0ae4-4804-b293-3aebb70df777} - kupuhivus - C:\WINDOWS\System32\wuboyiki.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jay Juon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jay Juon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/16 21:44:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 20:45:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/11 20:45:02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/11 20:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/06 16:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/02/06 16:29:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Application Data\Office Genuine Advantage
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/02/05 11:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/01/30 12:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/30 11:40:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/29 23:33:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/29 23:17:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/29 23:16:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/28 19:01:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/01/24 22:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/01/23 20:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Juon\Application Data\Malwarebytes
[2010/01/23 20:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/23 19:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/24 09:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2009/07/20 21:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
[2009/07/20 19:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/07/16 21:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/16 21:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/16 21:44:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/16 21:44:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\Documents and Settings\Jay Juon\My Documents\*.tmp files -> C:\Documents and Settings\Jay Juon\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,061,952 | -HS- | M] () -- C:\WINDOWS\System32\kilitajo.dll
[2099/01/01 12:00:00 | 000,051,712 | -HS- | M] () -- C:\WINDOWS\System32\zovuyumu.dll
[2099/01/01 12:00:00 | 000,051,712 | -HS- | M] () -- C:\WINDOWS\System32\zobubabe.dll
[2099/01/01 12:00:00 | 000,051,712 | -HS- | M] () -- C:\WINDOWS\System32\zahuyoru.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\sofokujo.dll
[2010/02/13 22:08:18 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vevayadi
[2010/02/13 22:00:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\cnxizklu.job
[2010/02/13 12:30:10 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE Design Works 1.job
[2010/02/13 12:00:09 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\SyncBackSE OutLook 1.job
[2010/02/11 23:47:34 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Chapter 8 Review.doc
[2010/02/11 20:45:06 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/11 20:34:00 | 000,000,952 | ---- | M] () -- C:\WINDOWS\lgcenter.ini
[2010/02/11 20:33:46 | 000,009,273 | ---- | M] () -- C:\WINDOWS\lg_up.ini
[2010/02/11 20:33:22 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/02/11 20:33:17 | 000,196,023 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/11 20:33:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/11 20:32:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/11 20:32:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/11 20:31:41 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\NTUSER.DAT
[2010/02/11 20:31:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jay Juon\ntuser.ini
[2010/02/11 17:12:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Latin Translation.doc
[2010/02/10 12:04:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 20:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/06 23:47:05 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 9.lnk
[2010/02/06 16:28:32 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/02/04 16:31:25 | 000,058,952 | ---- | M] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/03 23:15:34 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Extra Credit.doc
[2010/02/02 01:12:43 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Science 8C.doc
[2010/02/01 22:10:40 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\strange fruit reaction.doc
[2010/02/01 16:52:43 | 000,240,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/30 17:39:52 | 004,266,856 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\IconCache.db
[2010/01/29 23:28:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/29 23:28:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/29 23:17:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/29 23:14:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/26 15:16:42 | 000,069,552 | -H-- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/01/25 00:55:59 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\The Giver Typed Exam.doc
[2010/01/25 00:40:51 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Table of Contents.doc
[2010/01/21 21:46:01 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\The Giver Exam.doc
[2010/01/21 21:10:27 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\~$e Giver Exam.doc
[2010/01/21 19:04:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\.sys
[2010/01/19 22:30:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\~$e Declaration of Great Injustice.doc
[2010/01/19 22:30:11 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\cardfortravis10.doc
[2010/01/19 22:30:11 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\~$rdfortravis10.doc
[2010/01/17 20:16:31 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Title Page.doc
[2010/01/17 00:29:22 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Purpose and Hypothesis.doc
[2010/01/16 23:55:46 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Materials.doc
[2010/01/16 23:43:17 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Fair Chart.doc
[2010/01/16 23:32:09 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Safety Sheet.doc
[2010/01/16 23:17:40 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Methods of Procedure.doc
[2010/01/16 23:16:44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Conclusion.doc
[2010/01/16 23:16:29 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\Acknowledgements.doc
[2010/01/15 01:01:50 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Jay Juon\My Documents\The Declaration of Great Injustice.doc
[1 C:\Documents and Settings\Jay Juon\My Documents\*.tmp files -> C:\Documents and Settings\Jay Juon\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,061,952 | -HS- | C] () -- C:\WINDOWS\System32\kilitajo.dll
[2099/01/01 12:00:00 | 000,051,712 | -HS- | C] () -- C:\WINDOWS\System32\zovuyumu.dll
[2099/01/01 12:00:00 | 000,051,712 | -HS- | C] () -- C:\WINDOWS\System32\zobubabe.dll
[2099/01/01 12:00:00 | 000,051,712 | -HS- | C] () -- C:\WINDOWS\System32\zahuyoru.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\sofokujo.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\vevayadi
[2010/02/13 19:42:15 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\cnxizklu.job
[2010/02/11 20:45:06 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/11 17:12:20 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Latin Translation.doc
[2010/02/09 00:25:24 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Chapter 8 Review.doc
[2010/02/03 23:15:34 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Extra Credit.doc
[2010/02/02 01:12:42 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Science 8C.doc
[2010/02/01 22:10:40 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\strange fruit reaction.doc
[2010/01/29 23:17:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/29 23:17:49 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/01/29 23:16:51 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/29 23:16:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/26 15:16:42 | 000,069,552 | -H-- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/01/25 00:55:59 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\The Giver Typed Exam.doc
[2010/01/21 21:10:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\~$e Giver Exam.doc
[2010/01/21 19:04:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\.sys
[2010/01/21 16:57:06 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\The Giver Exam.doc
[2010/01/19 22:30:22 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\~$e Declaration of Great Injustice.doc
[2010/01/19 22:30:11 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\~$rdfortravis10.doc
[2010/01/19 22:30:10 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\cardfortravis10.doc
[2010/01/16 23:43:17 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\Science Fair Chart.doc
[2010/01/14 22:22:35 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Jay Juon\My Documents\The Declaration of Great Injustice.doc
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/25 09:24:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/07/20 17:04:36 | 000,000,147 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/07/20 17:04:36 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/07/20 17:04:18 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5250DN.INI
[2009/07/20 17:03:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll
[2009/07/18 03:36:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/07/18 03:36:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2009/07/18 03:26:21 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/07/18 03:26:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/07/18 03:26:19 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/17 13:05:54 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2009/07/17 12:56:42 | 000,000,255 | ---- | C] () -- C:\WINDOWS\PACsFile001.dll
[2009/07/17 12:55:06 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/07/17 12:17:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\cuteshell.dll
[2009/07/17 12:17:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\amcis.dll
[2009/07/17 05:44:24 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2009/07/17 05:44:23 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2009/07/17 05:39:23 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Jay Juon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/16 22:58:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/16 22:07:51 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/07/16 22:00:06 | 000,009,273 | ---- | C] () -- C:\WINDOWS\lg_up.ini
[2009/07/16 21:55:45 | 000,000,952 | ---- | C] () -- C:\WINDOWS\lgcenter.ini
[2008/11/21 21:51:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/21 21:51:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/11/21 21:51:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/21 21:51:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/20 15:56:26 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/08/10 08:35:56 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2007/08/10 08:35:24 | 000,044,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2007/07/16 10:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 10:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/02/17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >

MrPewp
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2010-01-29
OS OS : Windows XP
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by MrPewp on 14th February 2010, 4:17 am

OTL Extras logfile created on: 2/13/2010 10:10:38 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\New Folder
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 15.36 Gb Free Space | 39.32% Space Free | Partition Type: NTFS
Drive D: | 193.82 Gb Total Space | 76.14 Gb Free Space | 39.29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 463.76 Gb Total Space | 243.65 Gb Free Space | 52.54% Space Free | Partition Type: FAT32

Computer Name: JAYJUON
Current User Name: Jay Juon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [GomAudio.Add] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe /add "%1" ((주)그래텍)
Directory [GomAudio.AddCur] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe /addcur "%1" ((주)그래텍)
Directory [GomAudio.Play] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe "%1" ((주)그래텍)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56682:TCP" = 56682:TCP:*:Enabled:Pando Media Booster
"56682:UDP" = 56682:UDP:*:Enabled:Pando Media Booster
"59026:TCP" = 59026:TCP:*:Enabled:Pando Media Booster
"59026:UDP" = 59026:UDP:*:Enabled:Pando Media Booster
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\GlobalSCAPE\CuteFTP\cutftp32.exe" = C:\Program Files\GlobalSCAPE\CuteFTP\cutftp32.exe:*:Enabled:Winsock FTP Client -- (GlobalSCAPE, Inc.)
"C:\Program Files\AirPort\APAgent.exe" = C:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\WINDOWS\system32\IDOCTOR\PLUSUP_2.9\AGENT\ServiceiDoctorPro.exe" = C:\WINDOWS\system32\IDOCTOR\PLUSUP_2.9\AGENT\ServiceiDoctorPro.exe:*:Enabled:ServiceiDoctorPro Module -- ()
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Documents and Settings\Jay Juon\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Jay Juon\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\WINDOWS\system32\[You must be registered and logged in to see this link.] = C:\WINDOWS\system32\[You must be registered and logged in to see this link.] Transfer Program -- (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Nexon\DFO\DFO.exe" = C:\Nexon\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online -- (neople)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{064EDB7B-199E-11D5-8116-00104BB1EBBC}" = CAM350 v7.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{15488D31-3029-4989-A1FF-3F92EED4B239}" = Rose Online 1.0.243.4
"{1CD870CF-D67A-4691-962A-56E202D66733}" = StarOffice 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{28F39401-7ED4-43D7-AE2D-DBA4368BE3A8}" = WOW HD and TSXT Filter Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37AA9BAB-F448-4BB2-9B8F-9B050A106D49}" = LG Magnifier
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42463523-DF77-46C0-BB0C-2B2D52310948}" = Si8000 Multiple Dielectric Controlled Impedance Design System
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{637AF5A9-CFD1-43D7-A622-8F93954E92E3}" = AirPort
"{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}" = Mobile Broadband Generic Drivers
"{693EED88-4736-4BA5-8D71-1CCDBE2858F0}" = Brother HL-5250DN
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142070}" = Java 2 Runtime Environment, SE v1.4.2_07
"{7BA20EF6-AE4E-4408-B083-7AE999E92D73}" = VZAccess Manager for Novatel
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6CCAEF5-F141-4BBE-A6DA-EA8A8362C7A6}" = MapleStory
"{AC73C2D7-D10C-40F5-AD67-3E957EE9B6BC}" = On Screen Display
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{B06E2E79-9F96-4C3C-8849-83899B0235AC}" = i-Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EDFC2B0F-E239-4DC2-B511-1E654AA6AE84}" = CAM350 9.5
"{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"AC3Filter" = AC3Filter (remove only)
"ACDSee" = ACDSee
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALUpdate
"ALZip_is1" = ALZip
"Combat Arms" = Combat Arms
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.1
"CuteFTP" = CuteFTP
"DFO" = DFOLauncher
"EmEditor v3" = EmEditor v3
"EzManual" = EzManual
"FileZilla Client" = FileZilla Client 3.0.0
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"GOM Player" = GOM Player
"GomAudio" = GOM Audio
"GomRecorder" = GOM RECORDER
"HASP Device Drivers" = HASP Device Drivers
"Juniper Network Connect 5.5.0" = Juniper Networks Network Connect 5.5.0
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MessageSave" = MessageSave (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"NVIDIA Drivers" = NVIDIA Drivers
"SignGATE EWS" = SignGATE EWS v3.2
"SyncBackSE_is1" = SyncBackSE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnINISafeWeb6" = INISafeWeb 6.0
"WIC" = Windows Imaging Component
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! 미니" = Yahoo! 미니

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/4/2010 6:58:55 PM | Computer Name = JAYJUON | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/4/2010 9:29:44 PM | Computer Name = JAYJUON | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 12:01:34 AM | Computer Name = JAYJUON | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 12:01:34 AM | Computer Name = JAYJUON | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2010 12:36:18 AM | Computer Name = JAYJUON | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2010 11:26:13 PM | Computer Name = JAYJUON | Source = Application Hang | ID = 1002
Description = Hanging application Paint Shop Pro 9.exe, version 9.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2010 11:09:26 PM | Computer Name = JAYJUON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x001f04c3.

Error - 2/9/2010 7:20:02 PM | Computer Name = JAYJUON | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/9/2010 10:00:38 PM | Computer Name = JAYJUON | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/9/2010 10:00:39 PM | Computer Name = JAYJUON | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/7/2010 1:51:24 AM | Computer Name = JAYJUON | Source = Print | ID = 6161
Description = The document [You must be registered and logged in to see this link.] owned by Jay Juon failed
to print on printer Brother HL-1440 series. Data type: NT EMF 1.008. Size of the
spool file in bytes: 1421096. Number of bytes printed: 1420992. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\JAYJUON.
Win32 error code returned by the print processor: 183 (0xb7).

Error - 2/7/2010 2:01:00 AM | Computer Name = JAYJUON | Source = Print | ID = 6161
Description = The document [You must be registered and logged in to see this link.] owned by Jay Juon failed
to print on printer Brother HL-1440 series. Data type: NT EMF 1.008. Size of the
spool file in bytes: 1421096. Number of bytes printed: 1420992. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\JAYJUON.
Win32 error code returned by the print processor: 183 (0xb7).

Error - 2/7/2010 11:38:18 PM | Computer Name = JAYJUON | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%20

Error - 2/8/2010 1:34:01 AM | Computer Name = JAYJUON | Source = Print | ID = 6161
Description = The document [You must be registered and logged in to see this link.] owned by Jay Juon failed
to print on printer Brother HL-1440 series. Data type: NT EMF 1.008. Size of the
spool file in bytes: 1421096. Number of bytes printed: 1420992. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\JAYJUON.
Win32 error code returned by the print processor: 183 (0xb7).

Error - 2/8/2010 1:47:54 AM | Computer Name = JAYJUON | Source = Print | ID = 6161
Description = The document [You must be registered and logged in to see this link.] owned by Jay Juon failed
to print on printer Brother HL-1440 series. Data type: NT EMF 1.008. Size of the
spool file in bytes: 1421096. Number of bytes printed: 1420992. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\JAYJUON.
Win32 error code returned by the print processor: 183 (0xb7).

Error - 2/8/2010 2:00:26 AM | Computer Name = JAYJUON | Source = Print | ID = 6161
Description = The document [You must be registered and logged in to see this link.] owned by Jay Juon failed
to print on printer Brother HL-1440 series. Data type: NT EMF 1.008. Size of the
spool file in bytes: 1421096. Number of bytes printed: 1420992. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\JAYJUON.
Win32 error code returned by the print processor: 183 (0xb7).

Error - 2/8/2010 2:00:09 PM | Computer Name = JAYJUON | Source = Print | ID = 6161
Description = The document [You must be registered and logged in to see this link.] owned by Jay Juon failed
to print on printer Brother HL-1440 series. Data type: NT EMF 1.008. Size of the
spool file in bytes: 1421096. Number of bytes printed: 1420992. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\JAYJUON.
Win32 error code returned by the print processor: 183 (0xb7).

Error - 2/9/2010 7:38:30 PM | Computer Name = JAYJUON | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%20

Error - 2/10/2010 2:21:50 PM | Computer Name = JAYJUON | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%20

Error - 2/11/2010 10:33:01 PM | Computer Name = JAYJUON | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%20


< End of report >

MrPewp
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2010-01-29
OS OS : Windows XP
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by Belahzur on 14th February 2010, 10:32 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKLM..\Run: [jujusozan] C:\WINDOWS\System32\wuboyiki.DLL File not found
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O20 - AppInit_DLLs: (zobubabe.dll) - C:\WINDOWS\System32\zobubabe.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\wuboyiki.dll) - C:\WINDOWS\System32\wuboyiki.dll File not found
    O21 - SSODL: yunaderus - {0f23a96d-0ae4-4804-b293-3aebb70df777} - C:\WINDOWS\System32\wuboyiki.dll File not found
    O22 - SharedTaskScheduler: {0f23a96d-0ae4-4804-b293-3aebb70df777} - kupuhivus - C:\WINDOWS\System32\wuboyiki.dll File not found
    [2099/01/01 12:00:00 | 000,061,952 | -HS- | M] () -- C:\WINDOWS\System32\kilitajo.dll
    [2099/01/01 12:00:00 | 000,051,712 | -HS- | M] () -- C:\WINDOWS\System32\zovuyumu.dll
    [2099/01/01 12:00:00 | 000,051,712 | -HS- | M] () -- C:\WINDOWS\System32\zobubabe.dll
    [2099/01/01 12:00:00 | 000,051,712 | -HS- | M] () -- C:\WINDOWS\System32\zahuyoru.dll
    [2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\sofokujo.dll
    [2010/02/13 22:08:18 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\vevayadi
    [2010/02/13 22:00:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\cnxizklu.job



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by MrPewp on 16th February 2010, 1:07 am

Here yah go! Big Grin

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jujusozan deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:zobubabe.dll deleted successfully.
C:\WINDOWS\system32\zobubabe.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\wuboyiki.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\yunaderus deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f23a96d-0ae4-4804-b293-3aebb70df777}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0f23a96d-0ae4-4804-b293-3aebb70df777} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f23a96d-0ae4-4804-b293-3aebb70df777}\ not found.
C:\WINDOWS\system32\kilitajo.dll moved successfully.
C:\WINDOWS\system32\zovuyumu.dll moved successfully.
C:\WINDOWS\system32\zobubabe.dll moved successfully.
C:\WINDOWS\system32\zahuyoru.dll moved successfully.
C:\WINDOWS\system32\sofokujo.dll moved successfully.
C:\WINDOWS\system32\vevayadi moved successfully.
C:\WINDOWS\tasks\cnxizklu.job moved successfully.

OTL by OldTimer - Version 3.1.28.0 log created on 02152010_190408

MrPewp
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2010-01-29
OS OS : Windows XP
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by Belahzur on 16th February 2010, 9:49 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by MrPewp on 19th February 2010, 12:54 am

Sorry for the long wait. Here it is!

ComboFix 10-02-18.07 - Jay Juon 8/2010 Thu 18:39:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.2045.1387 [GMT -6:00]
Running from: c:\documents and settings\Jay Juon\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\VB6KO.DLL
c:\windows\system32\WORK.DAT
c:\windows\system32\wupd.dat
c:\windows\system32\zahuyoru.dll
c:\windows\system32\zobubabe.dll

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 )))))))))))))))))))))))))))))))
.

2010-02-18 04:40 . 2010-02-18 04:40 -------- d-----w- c:\program files\uTorrent
2010-02-18 04:36 . 2010-02-19 00:46 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\uTorrent
2010-02-12 02:45 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 02:45 . 2010-02-12 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-12 02:45 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-06 22:29 . 2010-02-06 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-06 22:29 . 2010-02-06 22:29 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\Office Genuine Advantage
2010-01-30 18:12 . 2010-01-30 18:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-26 23:01 . 2010-01-26 23:01 -------- d-----w- c:\documents and settings\HelpAssistant\EurekaLog
2010-01-25 04:55 . 2010-01-25 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-01-24 02:06 . 2010-01-24 02:06 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\Malwarebytes
2010-01-24 02:06 . 2010-01-24 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-24 01:58 . 2010-01-24 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-22 01:04 . 2010-01-22 01:04 0 ----a-w- c:\windows\system32\drivers\.sys
2010-01-21 02:23 . 2010-01-21 02:23 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 00:49 . 2009-07-17 03:59 -------- d-----w- c:\program files\lg_swupdate
2010-02-19 00:49 . 2009-07-29 00:33 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\StarOffice8
2010-02-19 00:47 . 2009-07-17 11:57 -------- d-----w- c:\program files\Symantec AntiVirus
2010-02-16 00:05 . 2009-11-08 02:45 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-09 23:07 . 2009-11-08 02:45 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-04 22:31 . 2009-07-17 04:40 58952 ----a-w- c:\documents and settings\Jay Juon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-30 05:14 . 2010-01-05 19:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 03:05 . 2009-07-17 18:07 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\AdobeUM
2010-01-05 00:49 . 2009-08-20 13:18 53352 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-02 19:47 . 2009-11-08 02:45 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-01-02 19:47 . 2009-11-08 02:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-01-02 19:47 . 2009-11-08 02:45 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-01-02 17:53 . 2009-11-08 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-01-01 20:01 . 2009-11-08 02:45 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-12-31 16:14 . 2004-08-04 04:14 352640 ------w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:42 . 2004-08-04 05:56 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 05:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-22 04:12 . 2009-12-22 04:12 1790688 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\NMService.exe
2009-12-22 04:12 . 2009-12-22 04:12 1700584 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\nmconew.dll
2009-12-16 12:58 . 2009-07-17 03:40 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-04 05:56 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 18:11 . 2004-08-04 04:18 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:35 . 2004-08-03 22:59 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-04 04:15 453760 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2004-08-04 05:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ------w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-04 05:56 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 05:56 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-23 12:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:36 . 2004-08-04 05:56 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo!Mini"="c:\program files\Yahoo!\Mini\YMiniUpdat2.exe" [2009-09-01 777728]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-01 2935480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LG Intelligent Update"="c:\program files\lg_swupdate\autoupdate.exe" [2008-07-17 126976]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-11 13594624]
"nwiz"="nwiz.exe" [2009-02-11 1657376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2008-02-28 851968]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2009-01-10 2830336]
"zOSD"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2009-01-10 2830336]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Jay Juon\Start Menu\Programs\Startup\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2008-1-21 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-20 576104]
EmEditor v3.lnk - c:\program files\EmEditor3\EMEDTRAY.EXE [2001-12-13 49152]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2009-8-5 6144]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP\\cutftp32.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\IDOCTOR\\PLUSUP_2.9\\AGENT\\ServiceiDoctorPro.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Documents and Settings\\Jay Juon\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.]
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=
"c:\\Nexon\\Combat Arms\\Engine.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
"56682:TCP"= 56682:TCP:Pando Media Booster
"56682:UDP"= 56682:UDP:Pando Media Booster
"59026:TCP"= 59026:TCP:Pando Media Booster
"59026:UDP"= 59026:UDP:Pando Media Booster
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [8/22/2006 12:00 AM 316992]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe [8/10/2007 8:37 AM 69632]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/16/2009 10:04 PM 41376]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [7/16/2009 10:09 PM 158720]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [8/10/2007 8:35 AM 22528]
S1 {C166FB67-755A-446A-B788-301F84B7FA76};{C166FB67-755A-446A-B788-301F84B7FA76};\??\c:\windows\system32\drivers\Services\Tcpip\Parameters\Interfaces\{C166FB67-755A-446A-B788-301F84B7FA76}.sys --> c:\windows\system32\drivers\Services\Tcpip\Parameters\Interfaces\{C166FB67-755A-446A-B788-301F84B7FA76}.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/26/2009 7:26 AM 12672]
S3 npkakl;npkakl;\??\c:\windows\system32\npkakl.sys --> c:\windows\system32\npkakl.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 11:23 AM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 10:08 AM 174336]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/6/2004 4:56 PM 173392]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\Jay Juon\Desktop\SysProt\SysProtDrv.sys --> c:\documents and settings\Jay Juon\Desktop\SysProt\SysProtDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-18 c:\windows\Tasks\SyncBackSE Design Works 1.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2009-09-21 20:59]

2010-02-18 c:\windows\Tasks\SyncBackSE OutLook 1.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2009-09-21 20:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Bluetooth 장치로 보내기(&One Cool Dude... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Bluetooth로 보내기 - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lginnotek.com
Trusted Zone: sun.com
TCP: {E8077C1D-21D7-453B-9325-1EA7E4B52FD5} = 10.0.1.1
TCP: {F9BB1889-2F73-4C0A-A2D8-13CF12E5F052} = 10.0.1.1
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - [You must be registered and logged in to see this link.]
DPF: {56B0DCF5-77B9-49F6-AD2F-F367D22A7136} - [You must be registered and logged in to see this link.]
DPF: {599735FD-7340-487C-AD77-85F9838F2E2C} - [You must be registered and logged in to see this link.]
DPF: {6A05EEAE-72F8-4288-A5A2-FAC831DC0AC1} - [You must be registered and logged in to see this link.]
DPF: {80572992-B565-4644-A14F-A6BFDEA55599} - [You must be registered and logged in to see this link.]
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E}
DPF: {A540427E-B803-4842-BC53-9DB140968449} - [You must be registered and logged in to see this link.]
DPF: {B6F0F9BC-AF60-41B4-BFB4-897617910207} - [You must be registered and logged in to see this link.]
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} - [You must be registered and logged in to see this link.]
DPF: {CBEAB323-33C7-43A1-8642-412206DD16DF} - [You must be registered and logged in to see this link.]
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jay Juon\Application Data\Mozilla\Firefox\Profiles\wob39s4u.default\
FF - prefs.js: network.proxy.ftp - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\j2re1.4.2_07\bin\NPJPI142_07.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGomtvx_nie.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{c42da175-cdb4-4ca8-b1c2-7b3c7220f162} - zovuyumu.dll
HKLM-Run-hekajanade - zahuyoru.dll
SafeBoot-????淀??????



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-18 18:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot\Minimal\MmIn*?듍m ?*NtfIH ?
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot\Network\MmIn*?듍m ?*NtfIH ?
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MmIn*?듍m ?*NtfIH ?
"ImagePath"=expand:"\\??\\c:\\WINDOWS\\system32\\drivers\\????淀?\02?????.sys"
"Start"=dword:00000001
"Type"=dword:00000001
"ErrorControl"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\brss01a.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\conime.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Sun\StarOffice 8\program\soffice.exe
c:\program files\Sun\StarOffice 8\program\soffice.BIN
c:\program files\lg_swupdate\Gilautouc.exe
.
**************************************************************************
.
Completion time: 2010-02-18 18:53:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-19 00:53

Pre-Run: 15,474,544,640 bytes free
Post-Run: 16,901,279,744 bytes free

- - End Of File - - 10A868250FF8BE3ED14FAEA8D71EDBED

MrPewp
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2010-01-29
OS OS : Windows XP
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by Belahzur on 19th February 2010, 11:20 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    {C166FB67-755A-446A-B788-301F84B7FA76}
    npkakl

    DDS::
    uStart Page = about:blank
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E}

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by MrPewp on 20th February 2010, 1:00 am

Here yah are, sir! Big Grin

ComboFix 10-02-19.03 - Jay Juon 9/2010 Fri 18:45:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.2045.1405 [GMT -6:00]
Running from: c:\documents and settings\Jay Juon\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jay Juon\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPKAKL
-------\Service_{C166FB67-755A-446A-B788-301F84B7FA76}
-------\Service_npkakl


((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 )))))))))))))))))))))))))))))))
.

2010-02-19 05:56 . 2010-02-19 05:56 -------- d-----w- c:\program files\VideoLAN
2010-02-18 04:40 . 2010-02-18 04:40 -------- d-----w- c:\program files\uTorrent
2010-02-18 04:36 . 2010-02-20 00:49 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\uTorrent
2010-02-12 02:45 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 02:45 . 2010-02-12 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-12 02:45 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-06 22:29 . 2010-02-06 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-06 22:29 . 2010-02-06 22:29 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\Office Genuine Advantage
2010-01-30 18:12 . 2010-01-30 18:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-26 23:01 . 2010-01-26 23:01 -------- d-----w- c:\documents and settings\HelpAssistant\EurekaLog
2010-01-25 04:55 . 2010-01-25 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-01-24 02:06 . 2010-01-24 02:06 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\Malwarebytes
2010-01-24 02:06 . 2010-01-24 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-24 01:58 . 2010-01-24 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-22 01:04 . 2010-01-22 01:04 0 ----a-w- c:\windows\system32\drivers\.sys
2010-01-21 02:23 . 2010-01-21 02:23 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 00:52 . 2009-07-17 03:59 -------- d-----w- c:\program files\lg_swupdate
2010-02-20 00:51 . 2009-07-29 00:33 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\StarOffice8
2010-02-20 00:50 . 2009-07-17 11:57 -------- d-----w- c:\program files\Symantec AntiVirus
2010-02-16 00:05 . 2009-11-08 02:45 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-09 23:07 . 2009-11-08 02:45 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-04 22:31 . 2009-07-17 04:40 58952 ----a-w- c:\documents and settings\Jay Juon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-30 05:14 . 2010-01-05 19:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 03:05 . 2009-07-17 18:07 -------- d-----w- c:\documents and settings\Jay Juon\Application Data\AdobeUM
2010-01-05 00:49 . 2009-08-20 13:18 53352 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-02 19:47 . 2009-11-08 02:45 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-01-02 19:47 . 2009-11-08 02:45 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-01-02 19:47 . 2009-11-08 02:45 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-01-02 17:53 . 2009-11-08 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-01-01 20:01 . 2009-11-08 02:45 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-12-31 16:14 . 2004-08-04 04:14 352640 ------w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:42 . 2004-08-04 05:56 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 05:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-22 04:12 . 2009-12-22 04:12 1790688 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\NMService.exe
2009-12-22 04:12 . 2009-12-22 04:12 1700584 ----a-w- c:\documents and settings\All Users\Application Data\Nexon\Common\nmconew.dll
2009-12-16 12:58 . 2009-07-17 03:40 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-04 05:56 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 18:11 . 2004-08-04 04:18 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:35 . 2004-08-03 22:59 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-04 04:15 453760 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2004-08-04 05:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ------w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-04 05:56 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 05:56 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-23 12:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ------w- c:\windows\system32\tsbyuv.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo!Mini"="c:\program files\Yahoo!\Mini\YMiniUpdat2.exe" [2009-09-01 777728]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-01 2935480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LG Intelligent Update"="c:\program files\lg_swupdate\autoupdate.exe" [2008-07-17 126976]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-11 13594624]
"nwiz"="nwiz.exe" [2009-02-11 1657376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2008-02-28 851968]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2009-01-10 2830336]
"zOSD"="c:\program files\LG Software\On Screen Display\HotKey.exe" [2009-01-10 2830336]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Jay Juon\Start Menu\Programs\Startup\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2008-1-21 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-20 576104]
EmEditor v3.lnk - c:\program files\EmEditor3\EMEDTRAY.EXE [2001-12-13 49152]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2009-8-5 6144]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP\\cutftp32.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\IDOCTOR\\PLUSUP_2.9\\AGENT\\ServiceiDoctorPro.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Documents and Settings\\Jay Juon\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.]
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Nexon\\Combat Arms\\Engine.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
"56682:TCP"= 56682:TCP:Pando Media Booster
"56682:UDP"= 56682:UDP:Pando Media Booster
"59026:TCP"= 59026:TCP:Pando Media Booster
"59026:UDP"= 59026:UDP:Pando Media Booster
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [8/22/2006 12:00 AM 316992]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe [8/10/2007 8:37 AM 69632]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/16/2009 10:04 PM 41376]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [7/16/2009 10:09 PM 158720]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [8/10/2007 8:35 AM 22528]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/26/2009 7:26 AM 12672]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 11:23 AM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 10:08 AM 174336]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/6/2004 4:56 PM 173392]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\Jay Juon\Desktop\SysProt\SysProtDrv.sys --> c:\documents and settings\Jay Juon\Desktop\SysProt\SysProtDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-19 c:\windows\Tasks\SyncBackSE Design Works 1.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2009-09-21 20:59]

2010-02-19 c:\windows\Tasks\SyncBackSE OutLook 1.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2009-09-21 20:59]
.
.
------- Supplementary Scan -------
.
IE: Bluetooth 장치로 보내기(&One Cool Dude... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Bluetooth로 보내기 - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: lginnotek.com
Trusted Zone: sun.com
TCP: {E8077C1D-21D7-453B-9325-1EA7E4B52FD5} = 10.0.1.1
TCP: {F9BB1889-2F73-4C0A-A2D8-13CF12E5F052} = 10.0.1.1
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - [You must be registered and logged in to see this link.]
DPF: {56B0DCF5-77B9-49F6-AD2F-F367D22A7136} - [You must be registered and logged in to see this link.]
DPF: {599735FD-7340-487C-AD77-85F9838F2E2C} - [You must be registered and logged in to see this link.]
DPF: {6A05EEAE-72F8-4288-A5A2-FAC831DC0AC1} - [You must be registered and logged in to see this link.]
DPF: {80572992-B565-4644-A14F-A6BFDEA55599} - [You must be registered and logged in to see this link.]
DPF: {A540427E-B803-4842-BC53-9DB140968449} - [You must be registered and logged in to see this link.]
DPF: {B6F0F9BC-AF60-41B4-BFB4-897617910207} - [You must be registered and logged in to see this link.]
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} - [You must be registered and logged in to see this link.]
DPF: {CBEAB323-33C7-43A1-8642-412206DD16DF} - [You must be registered and logged in to see this link.]
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Jay Juon\Application Data\Mozilla\Firefox\Profiles\wob39s4u.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.ftp - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.sfbay.sun.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\j2re1.4.2_07\bin\NPJPI142_07.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGomtvx_nie.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-????淀??????



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-19 18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot\Minimal\MmIn*?듍m ?*NtfIH ?
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot\Network\MmIn*?듍m ?*NtfIH ?
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MmIn*?듍m ?*NtfIH ?
"ImagePath"=expand:"\\??\\c:\\WINDOWS\\system32\\drivers\\????淀?\02?????.sys"
"Start"=dword:00000001
"Type"=dword:00000001
"ErrorControl"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2756)
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\brss01a.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\conime.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Sun\StarOffice 8\program\soffice.exe
c:\program files\Sun\StarOffice 8\program\soffice.BIN
c:\program files\lg_swupdate\Gilautouc.exe
.
**************************************************************************
.
Completion time: 2010-02-19 18:55:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-20 00:55
ComboFix2.txt 2010-02-19 00:53

Pre-Run: 15,480,557,568 bytes free
Post-Run: 15,516,377,088 bytes free

- - End Of File - - F1CCA9C5EB15EA30FC55DA814814D2E8

MrPewp
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2010-01-29
OS OS : Windows XP
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by Belahzur on 20th February 2010, 8:30 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java 2 Runtime Environment, SE v1.4.2_07

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: After installing malwarebytes, it says mbam.exe can't be found!

Post by MrPewp on 20th February 2010, 9:31 pm

... I am in awe. You have fixed this laptop. I am eternally in your debt. All I want to say is...



THANK YOU SO MUCH! Its running perfectly! THANK YOU!

MrPewp
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2010-01-29
OS OS : Windows XP
Points Points : 26223
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum