Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

MBAM will not start "can't find mbam.exe"

Started by rwbubba, Oct 11 2009 03:11 AM

This topic is locked
Go to first unread post

17 replies to this topic

#1
rwbubba

Posted 11 October 2009 - 03:11 AM

New Member

Members
25 posts

Gender:Male

Hi,
My computer w/winxp pro was infected Wednesday with Vundo and Rogue Agent from one Google click.
I was not able to run my installed Malwarebytes ("can't find mbam.exe" message)
but Super Antispyware ran and found 18 items and quarantined them.
Malwarebytes still will not run.
I then ran Norton and it showed no infections.

from the forum:

The fix(s)
If you already have MBAM installed on your computer.
Please navigate to the MBAM folder located in the Program Files directory.
Locate MBAM.exe and rename it to winlogon.exe
Once renamed double click on the file to open MBAM and select Quick Scan
At the end of the scan allow MBAM to remove what it had found then reboot.
Goodbye SystemSecurity

I can't find the MBAM.exe file to rename it to run Malwarebytes.
On my computer, these are the Folders in C:\Programs files\Malwarebytes

languages
changes
license
mbam 60KB
mbam.dll 160KB
mbamext.dll 72KB
mbamgui 412KB
mbamservice 264KB
ssubtmr6.dll 44KB
unins000 80KB
unins000 684KB
unins000 12KB
vbalsgrid6.ocx 484KB
zlib.dll 80KB

Where do I find the mbam.exe to change it or will I not be able to?

Tried double clicking on a couple of the above folders but
the pop up asked for a input of what to use to open it with a warning.
I did not proceed not having an idea of what I was doing.
The "Fix" above from the forum website seemed easy enough but I'm stuck.

Do I need to try a different "Fix"?

Damage left from trojans, that I can see, is my wall paper is missing,
at start up an error message stating C:\windows\system32\gebuhobo.dll module
could not be found, and I'm unable to run Malwarebytes.

Would setting system restore to the day before infection work?
No, I am not a advanced PC user. :-)

Thank you for any assistance or suggestions in advance to bail me out.

Ron

#2
screen317

Posted 12 October 2009 - 11:03 PM

MBAM Sentinel

Moderators
16,432 posts

Gender:Male
Location:Los Angeles

Hi and welcome to Malwarebytes.

Please download Win32kDiag.exe by AD to your Desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply.

-screen317

Chris Fistonich
Consumer Support Specialist

#3
rwbubba

Posted 13 October 2009 - 12:29 AM

New Member

Members
25 posts

Gender:Male

screen317, on Oct 12 2009, 07:03 PM, said:

Hi, Thank you for the help instructions. I ran the program with this copied result:

Running from: C:\Documents and Settings\Ronald Wroblewski\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Ronald Wroblewski\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

#4
screen317

Posted 13 October 2009 - 01:04 AM

MBAM Sentinel

Moderators
16,432 posts

Gender:Male
Location:Los Angeles

Hi,

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Chris Fistonich
Consumer Support Specialist

#5
rwbubba

Posted 13 October 2009 - 06:06 PM

New Member

Members
25 posts

Gender:Male

screen317, on Oct 12 2009, 09:04 PM, said:

Hi,

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

----------------------------------------------

Hi Criss,
I figured out the Combofix program (after a few mistakes by me) and the resulting Log is below.
I will next learn the HijackThis program and get a Log from it.

Ron

ComboFix 09-10-12.03 - Ronald Wroblewski 10/13/2009 13:32.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1633 [GMT -4:00]
Running from: c:\documents and settings\Ronald Wroblewski\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ronald Wroblewski\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\recycler\NPROTECT
c:\windows\Downloaded Program Files\Temp

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-12-26 04:43 . 2009-12-26 04:43 -------- d-----w- c:\documents and settings\Ronald Wroblewski\Application Data\Malwarebytes
2009-12-26 04:43 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 04:43 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 04:43 . 2009-12-26 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-26 04:43 . 2009-10-09 19:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 04:38 . 2009-10-09 04:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 04:37 . 2009-10-09 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-22 05:34 . 2009-09-22 05:34 -------- d-----w- c:\program files\Microsoft Money 2006

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 17:37 . 2008-12-26 21:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-09 05:15 . 2004-12-05 14:52 19304 ----a-w- c:\documents and settings\Ronald Wroblewski\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 04:44 . 2004-12-15 00:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-26 05:34 . 2005-02-10 23:15 -------- d-----w- c:\program files\Starry Night Pro 4
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2008-12-26 21:54 . 2008-12-26 21:54 32 --sha-w- c:\windows\{0B53EE43-1B66-4594-BCE3-C92D9F19BAAE}.dat
2008-12-26 21:51 . 2008-12-26 21:51 32 --sha-w- c:\windows\{0EB162E2-7841-4159-98C8-CF85884187D5}.dat
2008-12-26 21:53 . 2008-12-26 21:53 32 --sha-w- c:\windows\{38096ED9-4C64-40F8-8198-4515568B6CA4}.dat
2008-12-26 21:53 . 2008-12-26 21:53 32 --sha-w- c:\windows\{7C73F17E-FF2E-4AC6-8D0D-BA55403E558E}.dat
2008-12-26 21:54 . 2008-12-26 21:54 32 --sha-w- c:\windows\{B151CA0D-0CCC-4E9D-86EE-AFF4C902462F}.dat
2008-12-26 21:55 . 2008-12-26 21:55 32 --sha-w- c:\windows\{C881981A-FCA6-42A6-8CCA-6B1D8AC8BF9A}.dat
2008-12-26 21:53 . 2008-12-26 21:53 32 --sha-w- c:\windows\{E852F6C7-0B8F-479F-BFE3-383D501AF3E9}.dat
2009-07-08 17:37 . 2009-07-08 17:37 27136 --sha-w- c:\windows\system32\jeyanoyu.dll
2009-07-08 17:37 . 2009-07-08 17:37 1011437 --sha-w- c:\windows\system32\sofigeda.exe
2008-12-26 21:55 . 2008-12-26 21:55 32 --sha-w- c:\windows\system32\{353E46A0-B1DC-4952-A318-D91F23E8717F}.dat
2008-12-26 21:54 . 2008-12-26 21:54 32 --sha-w- c:\windows\system32\{7115A433-7E44-41AB-80FD-9737CB764223}.dat
2008-12-26 21:54 . 2008-12-26 21:54 32 --sha-w- c:\windows\system32\{A35C3B82-9280-4E38-8363-FEB15AEA6A85}.dat
2008-12-26 21:53 . 2008-12-26 21:53 32 --sha-w- c:\windows\system32\{A912BAE6-460A-487D-A419-CB6F41681ECA}.dat
2008-12-26 21:53 . 2008-12-26 21:53 32 --sha-w- c:\windows\system32\{AAC77418-A2B1-4EBD-98F4-264BC93B7F82}.dat
2008-12-26 21:53 . 2008-12-26 21:53 32 --sha-w- c:\windows\system32\{BA367961-C1F1-41C9-B7CA-7E4FE10E6983}.dat
2008-12-26 21:51 . 2008-12-26 21:51 32 --sha-w- c:\windows\system32\{EF7989FB-5D34-45D9-9878-881877D378FC}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-20 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-20 34504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="c:\program files\Washer\washidx.exe" [2001-04-02 64512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Background Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
backup=c:\windows\pss\EPSON Background Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"mnmsrvc"=3 (0x3)
"WZCSVC"=2 (0x2)
"Themes"=2 (0x2)
"GhostStartService"=2 (0x2)
"Schedule"=2 (0x2)
"wscsvc"=2 (0x2)
"ERSvc"=2 (0x2)
"SENS"=2 (0x2)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 GhPciScan;GhostPciScanner;c:\program files\Norton SystemWorks\Norton Ghost\GhPciScan.sys [8/14/2002 4:11 PM 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 2:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [12/26/2008 5:53 PM 135168]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2008-12-26 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\NAVW32.exe [2002-08-20 03:24]

2008-12-26 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2002-08-30 02:30]

2008-12-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-12-26 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-didiyapik - c:\windows\system32\gebuhobo.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 13:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-1214440339-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2009-10-13 13:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 17:39

Pre-Run: 38,533,447,680 bytes free
Post-Run: 38,467,825,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

181

#6
rwbubba

Posted 13 October 2009 - 06:34 PM

New Member

Members
25 posts

Gender:Male

rwbubba, on Oct 13 2009, 02:06 PM, said:

-------------------------------------------------

Hi, This is the HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:55 PM, on 10/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Ronald Wroblewski"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...t/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229148405203
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} (AxTaskList Class) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=29223
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 7561 bytes

#7
screen317

Posted 15 October 2009 - 12:35 AM

MBAM Sentinel

Moderators
16,432 posts

Gender:Male
Location:Los Angeles

Hi,

Try reinstalling MBAM now.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

Click Start Scanning.
You should get a notification bar (on top) to install the ActiveX control.
Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan has finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Chris Fistonich
Consumer Support Specialist

#8
rwbubba

Posted 15 October 2009 - 06:09 PM

New Member

Members
25 posts

Gender:Male

screen317, on Oct 14 2009, 08:35 PM, said:

Hi,

Try reinstalling MBAM now.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

Click Start Scanning.
You should get a notification bar (on top) to install the ActiveX control.
Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan has finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

-----------------------------------------------------------

Hi Criss,

I deleted the non fuctional Malwarebytes program and the newly downloaded one was installed successfully and Files were updated. Following instructions, I was not sure when I should run this progam, so, I didn't and moved on to the next steps and ran the F-Secure scanning program then the Security Check program. Results are posted below. A couple of minnor problems I bumped into that may help in diagnoise are that: Windows cannot now open my stored pdf files, and resetting my monitor to turn off in 10 minutes does not work (monitor stays on) anymore.
Thank you for your continued help.
Ron

Scanning Report
Thursday, October 15, 2009 00:40:44 - 01:23:54
Computer name: P4
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\

--------------------------------------------------------------------------------

24 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
Trojan.Vundo.GPR (spyware)
System (Disinfected)
Joke.Winshoot.A (spyware)
System (Disinfected)
Joke.Stupid.A (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
Joke.Geschenk (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
TrackingCookie.Imrworldwide (spyware)
System (Disinfected)
Trojan.Vundo.GPR (virus)
C:\WINDOWS\SYSTEM32\JEYANOYU.DLL (Not cleaned)
Joke.Stupid.A (virus)
C:\DOCUMENTS AND SETTINGS\RONALD WROBLEWSKI\DESKTOP\DOWN LOAD FILES\ATT1.EXE (Not cleaned)
Joke.Geschenk (virus)
C:\DOCUMENTS AND SETTINGS\RONALD WROBLEWSKI\DESKTOP\DOWN LOAD FILES\COKEGIFT.EXE (Not cleaned)
Joke.Winshoot.A (virus)
C:\DOCUMENTS AND SETTINGS\RONALD WROBLEWSKI\DESKTOP\DOWN LOAD FILES\GUN.EXE (Not cleaned)
Joke.Stupid.A (virus)
C:\BACKUP DRIVE\WINDOWS\DESKTOP\DOWN LOAD FILES\ATT1.EXE (Renamed & Submitted)
Joke.Geschenk (virus)
C:\BACKUP DRIVE\WINDOWS\DESKTOP\DOWN LOAD FILES\COKEGIFT.EXE (Renamed & Submitted)
Joke.Winshoot.A (virus)
C:\BACKUP DRIVE\WINDOWS\DESKTOP\DOWN LOAD FILES\GUN.EXE (Renamed & Submitted)
Joke.Stupen.B (virus)
C:\BACKUP DRIVE\WINDOWS\DESKTOP\DOWN LOAD FILES\SHORTYRUMOR.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 68216
System: 5006
Not scanned: 7
Actions:
Disinfected: 16
Renamed: 4
Deleted: 0
Not cleaned: 4
Submitted: 4
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
Java™ 6 Update 13
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Norton SystemWorks Norton AntiVirus navapsvc.exe
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

--------------------------------------------------------------------------------

#9
screen317

Posted 17 October 2009 - 09:35 PM

MBAM Sentinel

Moderators
16,432 posts

Gender:Male
Location:Los Angeles

Hi,

Please go to VirusTotal, and upload the following file for analysis:
C:\WINDOWS\SYSTEM32\JEYANOYU.DLL
C:\DOCUMENTS AND SETTINGS\RONALD WROBLEWSKI\DESKTOP\DOWN LOAD FILES\ATT1.EXE
C:\DOCUMENTS AND SETTINGS\RONALD WROBLEWSKI\DESKTOP\DOWN LOAD FILES\COKEGIFT.EXE
C:\DOCUMENTS AND SETTINGS\RONALD WROBLEWSKI\DESKTOP\DOWN LOAD FILES\GUN.EXE

Next, please go to this website, and complete the form as follows:

Link to topic where this file was requested: http://www.malwareby...showtopic=27430

Browse to the file you want to submit:

Click Browse, and navigate to the following file:

C:\WINDOWS\SYSTEM32\JEYANOYU.DLL

Leave any comments, further information about this file, or contact information: From screen317

Repeat with this file:
C:\DOCUMENTS AND SETTINGS\RONALD WROBLEWSKI\DESKTOP\DOWN LOAD FILES\ATT1.EXE
C:\DOCUMENTS AND SETTINGS\RONALD WROBLEWSKI\DESKTOP\DOWN LOAD FILES\COKEGIFT.EXE
C:\DOCUMENTS AND SETTINGS\RONALD WROBLEWSKI\DESKTOP\DOWN LOAD FILES\GUN.EXE
Post the results in your reply.

After that, update MBAM, run a Quick Scan, and post its log.

-screen317

Chris Fistonich
Consumer Support Specialist

#10
rwbubba

Posted 19 October 2009 - 02:53 AM

New Member

Members
25 posts

Gender:Male

screen317, on Oct 17 2009, 05:35 PM, said:

---------------------------------------------------------------------

Hi Chris,

I went to the two linked websites in your last reply, and followed the instructions,
browsing for the 4 specified files at each one, and they were no where to be found.
I tried the Windows search to include hidden files for the same files
and received "search is complete, no results to display".

Two of these files I remember as being simple "games".
The cokegift.exe opened with a box to receive your cokeacola gift.
Clicking on it mearly opened up the CD rom drive bay door.
The gun.exe when opened allowed clicking of your mouse to put
fake bullet holes upon your screen with the sound of a pistol shot.
Both were installed at least 5 years ago and are now missing.

I just updated MBAM and did a quick scan. Results are below.

--------------------------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 2982
Windows 5.1.2600 Service Pack 3

10/18/2009 10:15:31 PM
mbam-log-2009-10-18 (22-15-18).txt

Scan type: Quick Scan
Objects scanned: 91643
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\sofigeda.exe (Trojan.Dropper) -> No action taken.
----------------------------------------------
Thank you for your help,
Ron

#11
screen317

Posted 20 October 2009 - 09:06 AM

MBAM Sentinel

Moderators
16,432 posts

Gender:Male
Location:Los Angeles

Hi,

Thanks for letting me know.

Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java� 6 Update 13

Restart your computer.

Get the latest version of Java.

Let me know what issues remain.

-screen317

Chris Fistonich
Consumer Support Specialist

#12
rwbubba

Posted 21 October 2009 - 06:42 AM

New Member

Members
25 posts

Gender:Male

screen317, on Oct 20 2009, 05:06 AM, said:

-----------------------------------------

Hi Chris,

I uninstalled ComboFix and SecurityCheck.
I ran recomended Microsoft Windows Installer Cleanup Utility. "This tool will ensure that all
irrelevant Java Runtime Environment Microsoft Installer (msi) registries are removed".
This program issued a file at the end of running with this: "WARNING: Could not get backup privileges!"
I then installed the new Java. This warning message came up in another one of the programs we ran.
I don't know if it's good or bad.

The only real problem I have seen is I can't open PDF files. I can't install the Reader.
Prior to the Virus attack, the old Reader was deleted and Adobe Air was mistakenly installed as its replacement.
I tried installing the new Adobe Reader 9.2 tonight but at the end of the online install a pop up flashed:

"Error 1402 could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS \CURRENTVERSION\RUN\OPTIONALCOMPONENT\MSFS Verify that you have access to that key....."
The Reader did not install.

With you leading the way, these seem to be the only remaining issues.

Thanks again,
Ron

#13
screen317

Posted 22 October 2009 - 08:31 AM

MBAM Sentinel

Moderators
16,432 posts

Gender:Male
Location:Los Angeles

In the meantime, see if you can open PDF files with Sumatra:

http://blog.kowalczy...apdf/index.html

Let me know if it works while I look into the Adobe error.

-screen317

Chris Fistonich
Consumer Support Specialist

#14
rwbubba

Posted 23 October 2009 - 01:32 AM

New Member

Members
25 posts

Gender:Male

screen317, on Oct 22 2009, 04:31 AM, said:

In the meantime, see if you can open PDF files with Sumatra:

http://blog.kowalczy...apdf/index.html

Let me know if it works while I look into the Adobe error.

-screen317

-------------------------------------------------------

Hi Chris,

The Sumatra PDF program installed and is working fine.

Running the Adobe Installer from my desktop, the Adobe Reader gives the same "Verify sufficent access to that key" warning and "could not complete install".

Going to Adobe for the 1402 problem @ http://kb2.adobe.com...329/329137.html they offer a solution.

At the very end, this statement.
The 1402 Windows Installer error occurs when the Windows Installer is unable to read a particular registry key. Installation may fail because the Acrobat installer attempts to clean up registry keys of previous versions of Acrobat to avoid conflicts with Acrobat plug-ins and add-ins for third-party software. Error 1406 occurs when the installer cannot successfully write a registry key essential for installation.

The steps in brief:
Solution 1: Remove all previous versions of Acrobat, and then reinstall.
Solution 2: Set permissions to their defaults in the registry.
3: ??
Solution 4: Remove spyware.
Solution 5: Check your system for viruses.
Solution 6: Disable Webroot Spy Sweeper.

I have to add this question. Under "Add-Remove programs" I deleted all Adobe Readers.
Looking in "Program Files\Adobe" there is a "Acrobat 7.0" file and "Acrobat 7.0" Folder.
They both contain files and folders. Are they the problem ?
Are these Readers that should be deleted directly from "Program Files\Adobe" ?

Do you feel that we have the Virus attacks and repairs concluded and this down loading of Adobe Reader is a Adobe problem and this would be the proper way to proceed ?

Ron

#15
rwbubba

Posted 23 October 2009 - 05:21 AM

New Member

Members
25 posts

Gender:Male

rwbubba, on Oct 22 2009, 09:32 PM, said:

-----------------------------------------------------------

Hi Chris,

I looked at Adobe's Fix for error 1402 (Step 2: Set permissions to their defaults in the registry).
Although their instructions seem well documented, I can't follow them well enough to complete them.

All the prievious Adobe versions just downloaded to the computer fine.
If their "Solution" is what is needed to install Adobe Reader 9.x, I guess I'll be doing without it.
If you don't have a easier way, I guess Sumatra will be my Reader.

After getting slammed with a batch of Vundo, Roque Agent, etc. by clicking one Google link with Windows Firewall and Norton AV doing nothing to prevent it, or even telling me it was downloaded, what do I need running to protect my computer? Maybe the pay version of Malwarebytes? Another firewall program? Is there a Forum Topic that covers this?

Thank you for all your assistance.

Ron

#16
screen317

Posted 25 October 2009 - 01:13 AM

MBAM Sentinel

Moderators
16,432 posts

Gender:Male
Location:Los Angeles

Hi,

Yes the infections have been cleared and it appears as though only the Adobe issue remains. I have stopped using Adobe in the past due to problems like these, and Sumatra has served me well.

You can take this up with Adobe if you'd like.

I would recommend uninstalling Norton and following these recommendations (I would highly recommend the paid version of MBAM, since it has realtime protection):

1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.

Kerio
Comodo
Outpost

2) It is imperative that you have an antivirus. You are basically asking for infection without one. :blink:

All of the following are excellent free antiviruses. Be sure to only install one.

AVG
AntiVir
avast!.

3) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

4) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

5) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

6) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

7) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

Green to go
Yellow for caution
Red to stop

WOT has an addon available for both Firefox and IE.

8) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Chris Fistonich
Consumer Support Specialist

#17
rwbubba

Posted 27 October 2009 - 01:54 AM

New Member

Members
25 posts

Gender:Male

screen317, on Oct 24 2009, 09:13 PM, said:

Hi,

Yes the infections have been cleared and it appears as though only the Adobe issue remains. I have stopped using Adobe in the past due to problems like these, and Sumatra has served me well. :blush:

Green to go
Yellow for caution
Red to stop

----------------------------------------------

Hi Chris,

This experience with this virus attack I had will be remembered.
More so, my great experience of this form.

Your time and effort with me to get the MBAM program to work again,
and with your guidance to remove the problems from my computer is very much appreciated.

I will now follow all of your recommended advice to avoid a infection in the future.

Thank you very much for all your help.
Ron

#18
screen317

Posted 30 October 2009 - 11:21 AM

MBAM Sentinel

Moderators
16,432 posts

Gender:Male
Location:Los Angeles

Glad we could help. <_<

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

Chris Fistonich
Consumer Support Specialist

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

MBAM will not start "can't find mbam.exe"

#1
rwbubba

Posted 11 October 2009 - 03:11 AM

#2
screen317

Posted 12 October 2009 - 11:03 PM

#3
rwbubba

Posted 13 October 2009 - 12:29 AM

#4
screen317

Posted 13 October 2009 - 01:04 AM

#5
rwbubba

Posted 13 October 2009 - 06:06 PM

#6
rwbubba

Posted 13 October 2009 - 06:34 PM

#7
screen317

Posted 15 October 2009 - 12:35 AM

#8
rwbubba

Posted 15 October 2009 - 06:09 PM

#9
screen317

Posted 17 October 2009 - 09:35 PM

#10
rwbubba

Posted 19 October 2009 - 02:53 AM

#11
screen317

Posted 20 October 2009 - 09:06 AM

#12
rwbubba

Posted 21 October 2009 - 06:42 AM

#13
screen317

Posted 22 October 2009 - 08:31 AM

#14
rwbubba

Posted 23 October 2009 - 01:32 AM

#15
rwbubba

Posted 23 October 2009 - 05:21 AM

#16
screen317

Posted 25 October 2009 - 01:13 AM

#17
rwbubba

Posted 27 October 2009 - 01:54 AM

#18
screen317

Posted 30 October 2009 - 11:21 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

Malwarebytes

MBAM will not start "can't find mbam.exe"

#1 rwbubba Posted 11 October 2009 - 03:11 AM

#2 screen317 Posted 12 October 2009 - 11:03 PM

#3 rwbubba Posted 13 October 2009 - 12:29 AM

#4 screen317 Posted 13 October 2009 - 01:04 AM

#5 rwbubba Posted 13 October 2009 - 06:06 PM

#6 rwbubba Posted 13 October 2009 - 06:34 PM

#7 screen317 Posted 15 October 2009 - 12:35 AM

#8 rwbubba Posted 15 October 2009 - 06:09 PM

#9 screen317 Posted 17 October 2009 - 09:35 PM

#10 rwbubba Posted 19 October 2009 - 02:53 AM

#11 screen317 Posted 20 October 2009 - 09:06 AM

#12 rwbubba Posted 21 October 2009 - 06:42 AM

#13 screen317 Posted 22 October 2009 - 08:31 AM

#14 rwbubba Posted 23 October 2009 - 01:32 AM

#15 rwbubba Posted 23 October 2009 - 05:21 AM

#16 screen317 Posted 25 October 2009 - 01:13 AM

#17 rwbubba Posted 27 October 2009 - 01:54 AM

#18 screen317 Posted 30 October 2009 - 11:21 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

#1
rwbubba

Posted 11 October 2009 - 03:11 AM

#2
screen317

Posted 12 October 2009 - 11:03 PM

#3
rwbubba

Posted 13 October 2009 - 12:29 AM

#4
screen317

Posted 13 October 2009 - 01:04 AM

#5
rwbubba

Posted 13 October 2009 - 06:06 PM

#6
rwbubba

Posted 13 October 2009 - 06:34 PM

#7
screen317

Posted 15 October 2009 - 12:35 AM

#8
rwbubba

Posted 15 October 2009 - 06:09 PM

#9
screen317

Posted 17 October 2009 - 09:35 PM

#10
rwbubba

Posted 19 October 2009 - 02:53 AM

#11
screen317

Posted 20 October 2009 - 09:06 AM

#12
rwbubba

Posted 21 October 2009 - 06:42 AM

#13
screen317

Posted 22 October 2009 - 08:31 AM

#14
rwbubba

Posted 23 October 2009 - 01:32 AM

#15
rwbubba

Posted 23 October 2009 - 05:21 AM

#16
screen317

Posted 25 October 2009 - 01:13 AM

#17
rwbubba

Posted 27 October 2009 - 01:54 AM

#18
screen317

Posted 30 October 2009 - 11:21 AM