Jump to content


Photo
- - - - -

Malwarebytes Starts for 2 seconds then closes


  • This topic is locked This topic is locked
8 replies to this topic

#1 bmdtech

bmdtech

    New Member

  • Members
  • Pip
  • 10 posts

Posted 10 September 2009 - 01:56 PM

I can get Malwarebytes to start from a fresh install by renaming the .exe file. When the program is installed I select to update and run MWB. The scan will run for about 2 seconds, then close.
If I try to run MWB from then application once it has been installed I get the following errors.
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

This computer has the Windows Police Pro malware on it. I have killed the processes, deleted the folder in program files and rebooted in safe mode. Still not able to finish a MWB scan.

#2 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,676 posts
  • Gender:Female
  • Location:Belgium

Posted 14 September 2009 - 07:04 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 bmdtech

bmdtech

    New Member

  • Members
  • Pip
  • 10 posts

Posted 15 September 2009 - 11:05 AM

Here is the log




ComboFix 09-09-14.02 - Administrator 09/15/2009 8:46.1.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.690 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\csrss.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\All Users\Application Data\16620154
c:\documents and settings\All Users\Application Data\16620154\16620154
c:\documents and settings\All Users\Application Data\16620154\16620154.exe
c:\documents and settings\All Users\Application Data\16620154\pc16620154ins
c:\documents and settings\production\DFRLKH.exe
c:\documents and settings\production\feilor.exe
c:\documents and settings\production\xouuz.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\dbsinit.exe
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\program files\Windows Police Pro\tmp\wispex.html
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\29358.exe
c:\windows\system32\41.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\bennuar.old
c:\windows\system32\bincd32.dat
c:\windows\system32\config\systemprofile\Desktop\Total Security 2009.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\Total Security
c:\windows\system32\config\systemprofile\Start Menu\Programs\Total Security\Total Security 2009.lnk
c:\windows\system32\dddesot.dll
c:\windows\system32\desote.exe
c:\windows\system32\drivers\rotscxpgwmdipy.sys
c:\windows\system32\drivers\smss.exe
c:\windows\system32\onhelp.htm
c:\windows\system32\rotscxbxnsenvs.dll
c:\windows\system32\rotscxlkytlemp.dll
c:\windows\system32\rotscxltargila.dat
c:\windows\system32\rotscxrviycwxb.dll
c:\windows\system32\rotscxtikosscv.dat
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\tajf83ikdmf.dll
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
E:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTIPPRO2009_100
-------\Legacy_rotscxsnppmbcj
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_AntipPro2009_100
-------\Service_rotscxsnppmbcj


((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-14 22:43 . 2009-09-14 22:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-11 03:00 . 2009-09-11 03:02 0 ----a-w- c:\windows\system32\SBRC.dat
2009-09-10 18:36 . 2009-09-10 18:36 46080 ----a-w- C:\Win32kDiag.exe
2009-09-10 18:16 . 2009-09-10 18:16 75 ----a-w- C:\FixExe.reg
2009-09-10 18:04 . 2009-09-10 18:04 -------- d-----w- c:\documents and settings\production\Application Data\Malwarebytes
2009-09-10 18:04 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:04 . 2009-09-10 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 18:04 . 2009-09-10 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-10 18:04 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 17:59 . 2009-09-10 17:59 3942048 ----a-w- C:\mpro.exe
2009-09-10 16:52 . 2009-09-10 16:52 163840 ----a-w- c:\windows\svchasts.exe
2009-09-10 16:38 . 2009-09-10 16:38 91648 ----a-w- c:\documents and settings\production\gkccuo.exe
2009-09-10 13:49 . 2009-09-10 13:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-09-02 14:09 . 2009-03-27 04:20 200704 ----a-w- c:\windows\system32\ssleay32.dll
2009-09-02 14:09 . 2009-03-27 04:20 200704 ----a-w- c:\windows\system32\libssl32.dll
2009-09-02 14:09 . 2009-03-27 04:20 1017344 ----a-w- c:\windows\system32\libeay32.dll
2009-09-02 14:09 . 2009-09-02 14:09 -------- d-----w- C:\OpenSSL
2009-08-28 21:46 . 2009-08-28 21:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Automise3
2009-08-20 15:38 . 2009-08-20 15:38 93696 ----a-w- c:\documents and settings\production\WDTTNH.exe
2009-08-20 15:30 . 2009-08-20 15:30 311 ----a-w- c:\documents and settings\production\PRFYXU.bat
2009-08-18 14:03 . 2009-09-11 21:40 -------- d-----w- C:\Weight Optimizer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 15:53 . 2009-01-24 19:36 -------- d-----w- c:\program files\LogMeIn
2009-09-15 15:44 . 2008-10-20 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-14 21:50 . 2009-01-22 18:05 -------- d-----w- c:\program files\SAAZOD
2009-09-14 15:34 . 2008-03-19 18:34 55292 ----a-w- c:\documents and settings\production\Application Data\wklnhst.dat
2009-09-14 13:41 . 2009-09-14 13:42 42496 ----a-w- c:\windows\system32\drivers\smss.exe_
2009-09-11 06:29 . 2008-10-15 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 16:41 . 2008-03-05 17:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-10 16:38 . 2008-04-18 00:56 104 --sh--r- c:\windows\system32\E9B42D69D1.sys
2009-09-10 16:38 . 2008-04-18 00:56 6216 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-10 13:47 . 2009-01-24 19:36 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-10 13:47 . 2009-01-24 19:36 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-10 13:47 . 2007-11-16 02:46 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-10 13:47 . 2009-01-24 19:36 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-10 13:47 . 2007-11-16 02:46 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-02 13:53 . 2009-01-23 14:40 -------- d-----w- c:\program files\SetupLogs
2009-09-02 13:42 . 2009-01-23 14:41 -------- d-----w- c:\program files\Common Files\VSoft
2009-08-26 14:41 . 2008-03-05 17:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-26 14:41 . 2008-03-05 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 14:06 . 2008-04-07 15:34 -------- d-----w- c:\program files\Dl_cats
2009-07-31 16:34 . 2008-10-20 23:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 16:34 . 2008-10-20 23:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 16:34 . 2008-10-20 23:51 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-29 01:01 . 2008-03-18 15:53 -------- d-----w- c:\documents and settings\production\Application Data\U3
2009-07-29 00:22 . 2009-07-29 00:22 -------- d-----w- c:\documents and settings\production\Application Data\Optical Measuring Systems
2009-07-24 06:18 . 2008-03-05 17:37 -------- d-----w- c:\program files\Microsoft Works
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-05 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageServer\TrueImageMonitor.exe" [2007-05-10 1129176]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageServer\TimounterMonitor.exe" [2007-05-10 1866376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-05-10 140832]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2009-06-10 668968]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-06-14 16132608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-3-5 7168]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 16:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-10 13:47 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/20/2008 4:51 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/20/2008 4:51 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/20/2008 4:51 PM 108552]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [6/12/2009 6:52 AM 202928]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [8/23/2007 5:29 PM 5376]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [1/24/2009 12:36 PM 47640]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.EXE [9/2/2009 6:41 AM 81920]
R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [9/2/2009 6:41 AM 73728]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [9/2/2009 6:41 AM 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [11/21/2006 3:18 PM 77824]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\\SAAZWatchDog --> c:\progra~1\SAAZOD\\SAAZWatchDog [?]
S2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [6/10/2009 6:00 AM 980264]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/30/2009 1:56 PM 93360]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/12/2009 10:09 AM 297752]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3af5e2e6-5783-11de-a39b-001d0988001c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL dIana.ExE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f366060-04b7-11dd-b3ea-001d0988001c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL XouuZ.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95ad2d2-f500-11dc-b3e1-001d0988001c}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gocurrency.com/v2/dorate.php?inV=1&from=USD&to=MXN&Calculate=Convert
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-production - c:\documents and settings\production\production.exe
HKCU-Run-feilor - c:\documents and settings\production\feilor.exe
HKCU-Run-PopRock - c:\docume~1\PRODUC~1\LOCALS~1\Temp\a.exe
HKCU-Run-xouuz - c:\documents and settings\production\xouuz.exe
HKLM-Run-16620154 - c:\documents and settings\All Users\Application Data\16620154\16620154.exe
AddRemove-Win Police Pro - c:\program files\Windows Police Pro\AntiSpyware_Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 08:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAAZWatchDog]
"ImagePath"="c:\progra~1\SAAZOD\\SAAZWatchDog"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\SAAZOD\RMHLPDSK.exe
c:\progra~1\SAAZOD\SAAZWatchDog.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
.
**************************************************************************
.
Completion time: 2009-09-15 8:56 - machine was rebooted [production]
ComboFix-quarantined-files.txt 2009-09-15 15:56

Pre-Run: 147,531,337,728 bytes free
Post-Run: 146,722,418,688 bytes free

321 --- E O F --- 2009-05-20 14:07

#4 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,676 posts
  • Gender:Female
  • Location:Belgium

Posted 15 September 2009 - 11:47 AM

Hi,

No wonder mbam didn't run. You're dealing with 4 different malware variants that lock mbam.

Anyway, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\mpro.exe
c:\windows\svchasts.exe
c:\documents and settings\production\gkccuo.exe
c:\documents and settings\production\WDTTNH.exe
c:\documents and settings\production\PRFYXU.bat
c:\windows\system32\drivers\smss.exe_
Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3af5e2e6-5783-11de-a39b-001d0988001c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f366060-04b7-11dd-b3ea-001d0988001c}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 bmdtech

bmdtech

    New Member

  • Members
  • Pip
  • 10 posts

Posted 15 September 2009 - 03:26 PM

Second results


ComboFix 09-09-14.02 - production 09/15/2009 12:49.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.493 [GMT -7:00]
Running from: c:\documents and settings\production\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\production\Desktop\CFScript.txt
AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

FILE ::
"c:\documents and settings\production\gkccuo.exe"
"c:\documents and settings\production\PRFYXU.bat"
"c:\documents and settings\production\WDTTNH.exe"
"C:\mpro.exe"
"c:\windows\svchasts.exe"
"c:\windows\system32\drivers\smss.exe_"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\production\PRFYXU.bat
C:\mpro.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-15 16:48 . 2009-09-15 16:48 -------- d-----w- c:\documents and settings\production\Application Data\AVG8
2009-09-15 16:17 . 2009-09-15 16:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-15 16:15 . 2009-09-15 16:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn
2009-09-15 16:15 . 2009-09-15 16:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sunbelt
2009-09-15 16:15 . 2009-09-15 16:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\DellFaxCtr
2009-09-14 22:43 . 2009-09-15 17:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-11 03:00 . 2009-09-11 03:02 0 ----a-w- c:\windows\system32\SBRC.dat
2009-09-10 18:36 . 2009-09-10 18:36 46080 ----a-w- C:\Win32kDiag.exe
2009-09-10 18:16 . 2009-09-10 18:16 75 ----a-w- C:\FixExe.reg
2009-09-10 18:04 . 2009-09-10 18:04 -------- d-----w- c:\documents and settings\production\Application Data\Malwarebytes
2009-09-10 18:04 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:04 . 2009-09-15 16:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 18:04 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 18:04 . 2009-09-10 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-10 13:49 . 2009-09-10 13:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-09-02 14:09 . 2009-03-27 04:20 200704 ----a-w- c:\windows\system32\ssleay32.dll
2009-09-02 14:09 . 2009-03-27 04:20 200704 ----a-w- c:\windows\system32\libssl32.dll
2009-09-02 14:09 . 2009-03-27 04:20 1017344 ----a-w- c:\windows\system32\libeay32.dll
2009-09-02 14:09 . 2009-09-02 14:09 -------- d-----w- C:\OpenSSL
2009-08-28 21:46 . 2009-08-28 21:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Automise3
2009-08-18 14:03 . 2009-09-11 21:40 -------- d-----w- C:\Weight Optimizer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 19:33 . 2009-01-22 18:05 -------- d-----w- c:\program files\SAAZOD
2009-09-15 17:31 . 2008-03-05 17:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-15 16:58 . 2008-10-20 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-15 15:53 . 2009-01-24 19:36 -------- d-----w- c:\program files\LogMeIn
2009-09-14 15:34 . 2008-03-19 18:34 55292 ----a-w- c:\documents and settings\production\Application Data\wklnhst.dat
2009-09-11 06:29 . 2008-10-15 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 16:38 . 2008-04-18 00:56 104 --sh--r- c:\windows\system32\E9B42D69D1.sys
2009-09-10 16:38 . 2008-04-18 00:56 6216 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-10 13:47 . 2009-01-24 19:36 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-10 13:47 . 2009-01-24 19:36 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-10 13:47 . 2007-11-16 02:46 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-10 13:47 . 2009-01-24 19:36 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-10 13:47 . 2007-11-16 02:46 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-02 13:53 . 2009-01-23 14:40 -------- d-----w- c:\program files\SetupLogs
2009-09-02 13:42 . 2009-01-23 14:41 -------- d-----w- c:\program files\Common Files\VSoft
2009-08-26 14:41 . 2008-03-05 17:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-26 14:41 . 2008-03-05 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 14:06 . 2008-04-07 15:34 -------- d-----w- c:\program files\Dl_cats
2009-07-31 16:34 . 2008-10-20 23:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 16:34 . 2008-10-20 23:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 16:34 . 2008-10-20 23:51 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-29 01:01 . 2008-03-18 15:53 -------- d-----w- c:\documents and settings\production\Application Data\U3
2009-07-29 00:22 . 2009-07-29 00:22 -------- d-----w- c:\documents and settings\production\Application Data\Optical Measuring Systems
2009-07-24 06:18 . 2008-03-05 17:37 -------- d-----w- c:\program files\Microsoft Works
.

((((((((((((((((((((((((((((( SnapShot@2009-09-15_15.53.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-07 15:33 . 2009-09-15 16:15 65536 c:\windows\Installer\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
- 2008-04-07 15:33 . 2008-04-07 15:33 65536 c:\windows\Installer\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2008-04-07 15:33 . 2009-09-15 16:15 22486 c:\windows\Installer\{1A15507A-8551-4626-915D-3D5FA095CC1B}\ARPPRODUCTICON.exe
- 2008-04-07 15:33 . 2008-04-07 15:33 22486 c:\windows\Installer\{1A15507A-8551-4626-915D-3D5FA095CC1B}\ARPPRODUCTICON.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-05 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-12 2007832]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageServer\TrueImageMonitor.exe" [2007-05-10 1129176]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageServer\TimounterMonitor.exe" [2007-05-10 1866376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-05-10 140832]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2009-06-10 668968]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-06-14 16132608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-3-5 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 16:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-10 13:47 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/20/2008 4:51 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/20/2008 4:51 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/20/2008 4:51 PM 108552]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [6/12/2009 6:52 AM 202928]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [8/23/2007 5:29 PM 5376]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [1/24/2009 12:36 PM 47640]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\SAAZOD\SAAZDPMACTL.EXE [9/2/2009 6:41 AM 81920]
R2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\SAAZOD\SAAZRemoteSupport.exe [9/2/2009 6:41 AM 73728]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\SAAZOD\SAAZScheduler.exe [9/2/2009 6:41 AM 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\SAAZOD\SAAZServerPlus.exe [11/21/2006 3:18 PM 77824]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\SAAZOD\\SAAZWatchDog --> c:\progra~1\SAAZOD\\SAAZWatchDog [?]
S2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [6/10/2009 6:00 AM 980264]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/30/2009 1:56 PM 93360]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/12/2009 10:09 AM 297752]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gocurrency.com/v2/dorate.php?inV=1&from=USD&to=MXN&Calculate=Convert
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 12:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAAZWatchDog]
"ImagePath"="c:\progra~1\SAAZOD\\SAAZWatchDog"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-09-15 12:54
ComboFix-quarantined-files.txt 2009-09-15 19:54
ComboFix2.txt 2009-09-15 18:37
ComboFix3.txt 2009-09-15 15:56

Pre-Run: 146,619,932,672 bytes free
Post-Run: 146,598,719,488 bytes free

183 --- E O F --- 2009-05-20 14:07

#6 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,676 posts
  • Gender:Female
  • Location:Belgium

Posted 15 September 2009 - 03:36 PM

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 bmdtech

bmdtech

    New Member

  • Members
  • Pip
  • 10 posts

Posted 15 September 2009 - 05:59 PM

I was able to run MWB 2 times through on full scan with no threats. Thank you for your help.

#8 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,676 posts
  • Gender:Female
  • Location:Belgium

Posted 15 September 2009 - 06:08 PM

Glad I could help. :D

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,676 posts
  • Gender:Female
  • Location:Belgium

Posted 21 September 2009 - 02:04 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users