cycle1
-
Posts
26 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by cycle1
-
-
I'm still unable to update Malwarebytes after running the two programs from before. Should I try something else?
-
I ran both programs, and below are their respective log files:
MiniToolBox by Farbar Version: 23-07-2012
Ran by David (administrator) on 12-10-2012 at 09:00:56
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Disconnected)
Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Connected)
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Wireless Network Connection"
set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : DFG1FS91
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Peer-Peer
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection
Physical Address. . . . . . . . . : 00-16-6F-44-EC-55
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.190.20.168
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Default Gateway . . . . . . . . . : 10.190.16.1
DHCP Server . . . . . . . . . . . : 1.1.1.5
DNS Servers . . . . . . . . . . . : 152.3.72.100
152.3.70.100
Lease Obtained. . . . . . . . . . : Friday, October 12, 2012 8:56:30 AM
Lease Expires . . . . . . . . . . : Friday, October 12, 2012 9:26:30 AM
Server: rsv-bc-fitzcachedns.oit.duke.edu
Address: 152.3.72.100
Name: google.com
Addresses: 74.125.140.139, 74.125.140.100, 74.125.140.101, 74.125.140.102
74.125.140.113, 74.125.140.138
Pinging google.com [74.125.137.101] with 32 bytes of data:
Reply from 74.125.137.101: bytes=32 time=18ms TTL=49
Reply from 74.125.137.101: bytes=32 time=21ms TTL=49
Ping statistics for 74.125.137.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 21ms, Average = 19ms
Server: rsv-bc-fitzcachedns.oit.duke.edu
Address: 152.3.72.100
Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140
Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=445ms TTL=52
Reply from 72.30.38.140: bytes=32 time=557ms TTL=52
Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 445ms, Maximum = 557ms, Average = 501ms
Server: rsv-bc-fitzcachedns.oit.duke.edu
Address: 152.3.72.100
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x20002 ...00 16 6f 44 ec 55 ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.190.16.1 10.190.20.168 25
10.190.16.0 255.255.248.0 10.190.20.168 10.190.20.168 25
10.190.20.168 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.190.20.168 10.190.20.168 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.190.20.168 10.190.20.168 20
224.0.0.0 240.0.0.0 10.190.20.168 10.190.20.168 25
255.255.255.255 255.255.255.255 10.190.20.168 10.190.20.168 1
Default Gateway: 10.190.16.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (10/12/2012 08:57:29 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560
Error: (10/12/2012 08:57:28 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.
Error: (10/12/2012 08:57:25 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.
Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2187
Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2187
Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13406
Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13406
Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/11/2012 08:51:44 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560
System errors:
=============
Error: (10/12/2012 08:58:41 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
Error: (10/12/2012 08:56:29 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00166F44EC55 has been
denied by the DHCP server 1.1.1.5 (The DHCP Server sent a DHCPNACK message).
Error: (10/12/2012 08:56:11 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
Error: (10/11/2012 10:13:35 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00166F44EC55 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Error: (10/11/2012 06:44:36 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.190.20.168 for the Network Card with network address 00166F44EC55 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Error: (10/11/2012 06:04:47 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Error: (10/11/2012 06:04:47 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Error: (10/11/2012 06:04:47 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Error: (10/11/2012 06:04:47 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Error: (10/11/2012 03:21:49 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Microsoft Office Sessions:
=========================
Error: (10/12/2012 08:57:29 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560
Error: (10/12/2012 08:57:28 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Microsoft .NET Framework 1.1{A38B334A-A0A2-436D-BAA0-34FE5E517E44}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log(NULL)
Error: (10/12/2012 08:57:25 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)
Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2187
Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2187
Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13406
Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13406
Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/11/2012 08:51:44 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560
=========================== Installed Programs ============================
32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2)
7-Zip 4.65
924PLC32 (Version: 1.0.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.41612)
Adobe Flash Player 10 Plugin (Version: 10.2.152.26)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (Version: 10.0.0)
Adobe SVG Viewer 3.0 (Version: 3.0)
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 1.4.0)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Applian FLV Player (Version: 2.0.24)
Audacity 1.2.6
AutoCAD 2010 - English (Version: 18.0.55.0)
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0)
BASIC Stamp Editor v2.2 (Version: 2.2.0.0)
BASIC Stamp Editor v2.5.2 (Version: 2.5.2)
Bejeweled 2 Deluxe (Version: 09/20/2005 11:53 AM)
Blackhawk Striker 2 (Version: 09/20/2005 11:54 AM)
BlueJ 2.2.1
Bluetooth Stack for Windows by Toshiba (Version: v3.03.02(D))
Bonjour (Version: 2.0.4.0)
Broadcom Management Programs (Version: 8.65.05)
Bryce 5.5c
Caché in C:\InterSystems\Cache (Version: 2008.1.0.401.0)
CCleaner (Version: 3.05)
CinepPlayer 30 Update
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X (Version: 10.0)
Corel Photo Album 6 (Version: 6.00)
CVS Photo Editor Plus (Version: 1.20.0000)
Dark GDK
DAZ|Studio1.8.1.5
Dell CinePlayer (Version: 3.0)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Game Console
Dell Media Experience (Version: 3.1)
Dell Photo AIO Printer 924
Dell Support Center (Version: 2.0.07311)
Dell System Restore (Version: 2.00.0000)
Dell Wireless WLAN Card (Version: 4.100.15.8)
DellSupport (Version: 6.0.3062)
Digital Line Detect (Version: 1.15)
DrawPlus 3.0
DyynoPlayer 0.8.6f (Version: 0.8.6f)
EarthLink setup files (Version: 2005.1.47.0)
ELIcon (Version: 1.00.0000)
ESET Online Scanner v3
Game Creators Dark GDK (Version: 1.0.0)
GameSpy Arcade
Get High Speed Internet! (Version: 1.00.0000)
Google Chrome (Version: 21.0.1180.89)
Google Desktop (Version: -)
Google Talk (remove only)
Google Talk Plugin (Version: 3.6.1.9117)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Graphical Analysis 3.2 (Version: 3.2)
Intel® Graphics Media Accelerator Driver for Mobile (Version: 6.14.10.4410)
Intel® PROSet/Wireless Software (Version: 9.00.0000)
Internal Network Card Power Management (Version: 1.7.2)
iTunes (Version: 10.1.0.54)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java 6 Update 3 (Version: 1.6.0.30)
Java SE Development Kit 6 (Version: 1.6.0.0)
Java SE Runtime Environment 6 (Version: 1.6.0.0)
LAME v3.98.2 for Audacity
Lazer Tankz
Learn2 Player (Uninstall Only)
LoggerPro 3.2 (Version: 3.20.000)
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
mCore (Version: 1.19.0000)
mDrWiFi (Version: 1.19.0000)
mHlpDell (Version: 1.19.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft DirectX SDK (August 2007) (Version: 9.20.1057)
Microsoft Halo
Microsoft Halo Trial
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Publisher 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Express Edition - ENU
Microsoft Visual C++ 2008 Express Edition - ENU (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 8.0 Support DLLs (Version: 1.0.0)
Microsoft Web Publishing Wizard 1.52
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
mIWA (Version: 1.19.0000)
mIWCA (Version: 1.19.0000)
mLogView (Version: 1.19.0000)
mMHouse (Version: 1.19.0000)
Modem Helper (Version: 3.01)
Mouse Suite for Laptop Computers (Version: 1.00.0000)
mPfMgr (Version: 1.19.0000)
mPfWiz (Version: 1.19.0000)
mProSafe (Version: 9.00.0000)
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSDN Library for Microsoft Visual Studio 2008 Express Editions (Version: 9.0.21022)
MSN
mSSO (Version: 1.19.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
msxml4 (Version: 1.0.0)
mToolkit (Version: 1.19.0000)
Musicmatch for Windows Media Player (Version: 0.00.000)
Musicmatch® Jukebox (Version: 10.10.0097)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 1.19.0000)
MySQL Server 5.0 (Version: 5.0.51b)
mZConfig (Version: 1.19.0000)
NetBeans IDE 6.1
NetWaiting (Version: 2.5.23)
NetZeroInstallers (Version: 1.0.0)
Newsletter Tutorial - Space Invaders Part I (Version: )
Notepad App
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Photo Click (Version: 1.0.0)
Prism Video Converter
PuTTY version 0.60 (Version: 0.60)
QtSpim (Version: 9.0.1)
Qualxserve Service Agreement (Version: 1.10.0000)
Quartus II 9.1sp2 Web Edition (Version: 9.1sp2)
QuickSet (Version: 7.0.10)
QuickTime (Version: 7.68.75.0)
RealPlayer Basic
Rhapsody Player Engine (Version: 1.0.2.636)
Rhinoceros 4.0 Evaluation (Version: 4.0.30827)
Roxio DLA (Version: 5.2.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD LE (Version: 6.1.6)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
Search Assist (Version: 1.00.0000)
Sentinel System Driver
Sonic Activation Module (Version: 1.0)
Sonic Update Manager (Version: 3.0.0)
Spybot - Search & Destroy 1.4 (Version: 1.4)
Streamripper (Remove only)
StumbleUpon IE Toolbar (Version: 3.23)
Synaptics Pointing Device Driver (Version: 14.0.3.0)
TabbedPaneDemo
TabComponentsDemo
The Print Shop 12
TomTom HOME 2.7.6.2056 (Version: 2.7.6.2056)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Try Corel Snapfire muvee autoProducer add on (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
URL Assistant
VLC media player 1.1.5 (Version: 1.1.5)
Watchtower Library 2011 - English (Version: 13.0)
WebEx
WebFldrs XP (Version: 9.50.7523)
WildTangent Web Driver
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (Version: 07/12/2010 2.08.02)
Windows Driver Package - Parallax Inc CDM Driver Package - Bus & VCP Driver (07/12/2010 2.08.02) (Version: 07/12/2010 2.08.02)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XoftSpySE (Version: 6.0.0.0)
========================= Devices: ================================
Name: Broadcom 440x 10/100 Integrated Controller
Description: Broadcom 440x 10/100 Integrated Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: bcm4sbxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Synaptics PS/2 Port Pointing Device
Description: Synaptics PS/2 Port Pointing Device
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
========================= Memory info: ===================================
Percentage of memory in use: 65%
Total physical RAM: 1015.37 MB
Available physical RAM: 348.85 MB
Total Pagefile: 2436.86 MB
Available Pagefile: 1640.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.95 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:50.83 GB) (Free:3.35 GB) NTFS
========================= Users: ========================================
User accounts for \\DFG1FS91
Administrator D2 David
Guest HelpAssistant Ivy
SUPPORT_388945a0
========================= Minidump Files ==================================
C:\WINDOWS\Minidump\Mini060712-01.dmp
C:\WINDOWS\Minidump\Mini083112-01.dmp
C:\WINDOWS\Minidump\Mini100112-01.dmp
C:\WINDOWS\Minidump\Mini101112-01.dmp
**** End of log ****
Farbar Service Scanner Version: 07-10-2012
Ran by David (administrator) on 12-10-2012 at 09:02:23
Running from "C:\Documents and Settings\David Colon-Smith\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Bridge(14) BridgeMP(13) Gpc(6) IPSec(4) IWCA(10) MPFIREWL(3) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x0F000000040000000100000002000000030000000F00000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E000000
IpSec Tag value is correct.
**** End of log ****
-
Not through Malwarebytes itself, I couldn't. I think my network settings are messed up, but it's another software program because issues like these have been happening from quite some time before this.
-
I tried to update Malwarebytes again, but the Invalid Argument error reoccurred. I then went back to the forum post that I mentioned earlier, and now I have the definitions below:
Date: 10/8/2012 10:28:27 AM
Database version: v2012.10.08.05
Fingerprints loaded: 326408
-
I performed all of the steps above, and I now have a new version of Java. How should I proceed from here?
-
Below is the log after running Kaspersky Virus Removal Tool:
Status: Deleted (events: 6)
10/9/2012 3:53:26 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-28335f07 High
10/9/2012 3:53:35 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-2e6c2d32 High
10/9/2012 3:53:43 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-3407ba14 High
10/9/2012 3:53:50 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-35d60ac8 High
10/9/2012 3:53:57 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-5c2388b4 High
10/9/2012 3:54:04 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-7402ad10 High
-
Below is the ESET scan log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=49153
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28d70e7ab708d94e92bb6a87df588e7c
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-02 02:50:25
# local_time=2012-10-01 10:50:25 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16774142 0 93 31153540 84731206 0 0
# compatibility_mode=5891 16776870 42 87 8926 45072727 0 0
# compatibility_mode=8192 67108863 100 0 9088 9088 0 0
# scanned=202201
# found=24
# cleaned=24
# scan_time=4769
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28d70e7ab708d94e92bb6a87df588e7c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-02 05:04:46
# local_time=2012-10-02 01:04:46 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16774142 0 93 31161201 84738867 0 0
# compatibility_mode=5891 16776870 42 87 16587 45080388 0 0
# compatibility_mode=8192 67108863 100 0 16749 16749 0 0
# scanned=210462
# found=1
# cleaned=1
# scan_time=5168
C:\WINDOWS\system32\Improve Your PC.lnk LNK/URL.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28d70e7ab708d94e92bb6a87df588e7c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-09 06:50:55
# local_time=2012-10-09 02:50:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16774142 0 93 31772480 85350146 0 0
# compatibility_mode=5891 16776870 42 87 0 45691667 0 0
# compatibility_mode=8192 67108863 100 0 628028 628028 0 0
# scanned=210705
# found=0
# cleaned=0
# scan_time=5059
-
After I did all the steps from the link, I tried to update Malwarebytes, but I still receive the same error. However, I used a post I found in the forums here, and I updated my database version so that it says the following:
Post link: http://forums.malwarebytes.org/index.php?showtopic=108769
(What it says in the Update Tab)
Current database information:
Date: 10/1/2012 9:58:11 AM
Database version: v2012.10.01.05
Fingerprints loaded: 324895
-
Below is the log that was generated from ComboFix. On a side note, I went snooping around the site, and I found a way to update Malwarebytes without using the Check for Updates option in the program, so I now have newer definition files for the program.
ComboFix 12-10-04.02 - David 10/07/2012 13:51:41.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.675 [GMT -4:00]
Running from: c:\documents and settings\David Colon-Smith\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David Colon-Smith\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-07 to 2012-10-07 )))))))))))))))))))))))))))))))
.
.
2072-07-31 22:44 . 2004-08-24 19:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll
2012-10-06 22:10 . 2012-10-06 22:11 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-06 21:12 . 2012-10-06 21:12 -------- d-----w- c:\documents and settings\David Colon-Smith\Application Data\Malwarebytes
2012-10-06 21:12 . 2012-10-06 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-06 21:12 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 21:12 . 2012-10-06 21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-06 20:52 . 2012-08-30 05:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D1F7F88-932B-4D76-B4CB-1FF2D66A2A79}\mpengine.dll
2012-10-04 22:33 . 2012-10-04 22:33 -------- d-----w- c:\program files\Common Files\XoftSpySE
2012-10-04 22:33 . 2012-10-04 22:33 -------- d-----w- c:\program files\XoftSpySE6
2012-10-04 22:33 . 2012-10-04 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2012-10-01 00:12 . 2012-08-28 15:14 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-30 23:52 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-09-30 23:52 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-09-30 22:59 . 2012-09-30 22:59 -------- d-----w- c:\program files\ESET
2012-09-21 11:35 . 2012-09-21 11:35 -------- d-----w- c:\documents and settings\David Colon-Smith\Application Data\McAfee
2012-09-21 11:31 . 2012-09-21 11:29 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-09-21 11:31 . 2012-09-21 11:29 23112 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-09-21 11:28 . 2012-09-23 04:55 -------- d-----w- c:\program files\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 05:17 . 2009-12-19 14:13 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-28 15:14 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2008-04-05 21:01 . 2008-04-05 21:01 3778594 ----a-w- c:\program files\bluejsetup-221.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MPFEXE"="c:\program files\mcafee.com\personal firewall\MPFTray.exe" [2006-03-07 992808]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2009-08-28 4853016]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CACHEWEB.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CACHEWEB.lnk
backup=c:\windows\pss\CACHEWEB.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
[X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 17:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-02-06 15:20 478800 ----a-w- c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 15:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 13:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-04-11 02:21 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-01 22:19 136176 ----atw- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 01:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 01:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 00:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 00:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
2006-03-07 20:05 992808 ----a-w- c:\program files\mcafee.com\personal firewall\MpfTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
2006-06-09 16:47 47104 ----a-w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-04-11 02:12 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-10 00:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\documents and settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\David Colon-Smith\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6000:TCP"= 6000:TCP:test
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/6/2012 6:10 PM 40776]
R3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [8/28/2009 5:15 PM 582424]
S1 MpKsl057b8bd2;MpKsl057b8bd2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl057b8bd2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl057b8bd2.sys [?]
S2 Cache_c-_intersystems_cache;Caché Controller for CACHEWEB;c:\intersystems\Cache\Bin\cservice.exe [8/18/2008 9:35 PM 73728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 6:19 PM 136176]
S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\cryptdlg32.exe --> c:\windows\system32\cryptdlg32.exe [?]
S2 HTTPFilter32;HTTP SSL ;c:\windows\system32\ATL7132.exe --> c:\windows\system32\ATL7132.exe [?]
S2 lanmanserver32;Server ;c:\windows\system32\POSTWPP32.exe --> c:\windows\system32\POSTWPP32.exe [?]
S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\rastls32.exe --> c:\windows\system32\rastls32.exe [?]
S2 RegSrvc32;RegSrvc ;c:\windows\system32\gcdef32.exe --> c:\windows\system32\gcdef32.exe [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008]
S2 VSS32;Volume Shadow Copy ;c:\windows\system32\dlccutil(3)32.exe --> c:\windows\system32\dlccutil(3)32.exe [?]
S2 xmlprov32;Network Provisioning Service ;c:\windows\system32\TosSndAPI32.exe --> c:\windows\system32\TosSndAPI32.exe [?]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [9/19/2011 5:11 PM 58960]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [6/15/2007 8:59 PM 16194]
S3 CACHEWEBhttpd;Web Server for CACHEWEB;c:\intersystems\Cache\httpd\bin\httpd.exe [8/18/2008 9:35 PM 20541]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 6:19 PM 136176]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [6/3/2009 4:52 PM 120168]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 22:19]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 22:19]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1705149355-52376669-1174297957-1006Core.job
- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 22:19]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1705149355-52376669-1174297957-1006UA.job
- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 22:19]
.
2012-08-18 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2012-10-07 c:\windows\Tasks\User_Feed_Synchronization-{4DBF9887-0447-4DA1-8377-9B6F318E27D7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2012-10-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-07 14:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MPFEXE = "c:\program files\mcafee.com\personal firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1832)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
Completion time: 2012-10-07 14:09:57
ComboFix-quarantined-files.txt 2012-10-07 18:09
ComboFix2.txt 2012-09-30 06:22
ComboFix3.txt 2011-04-13 02:14
.
Pre-Run: 3,172,528,128 bytes free
Post-Run: 3,249,520,640 bytes free
.
- - End Of File - - 23C1CCB9B0F1D470B8BB6BF20D6D6A32
-
I ran mbam-clean.exe, and reinstalled Malwarebytes from the link given, and I still generate an error. I also tried updating through a proxy (as mentioned in the FAQs), and tried updating in Safe Mode with Networking to no avail. Is there something else I can do to update besides uninstalling and reinstalling the software?
-
I tried the Check for Updates button, and I still get that Invalid argument error I mentioned previously, even when I try to do so in Safe Mode with Networking. I think the bug went away though because my latest scan was clean. Should I try something else to be completely sure?
-
I uninstalled the version I had and reinstalled Malwarebytes from the link, then ran a quick scan, with the following results. Is there a way to get the updates manually? Nothing I try allows me to update them from within the program.
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.07.13
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
David :: DFG1FS91 [administrator]
10/4/2012 6:19:40 PM
mbam-log-2012-10-04 (18-19-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 278701
Time elapsed: 5 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
I ran a quick scan of Malwarebytes again and the infected key still shows up. Here is the log report below. Should I run ESET another time?
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.07.13
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David :: DFG1FS91 [administrator]
10/3/2012 10:04:48 PM
mbam-log-2012-10-03 (22-33-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 280389
Time elapsed: 28 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Thanks for the advice, I was able to run it in Safe Mode with Networking. Below is teh log file:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=49153
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28d70e7ab708d94e92bb6a87df588e7c
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-02 02:50:25
# local_time=2012-10-01 10:50:25 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16774142 0 93 31153540 84731206 0 0
# compatibility_mode=5891 16776870 42 87 8926 45072727 0 0
# compatibility_mode=8192 67108863 100 0 9088 9088 0 0
# scanned=202201
# found=24
# cleaned=24
# scan_time=4769
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28d70e7ab708d94e92bb6a87df588e7c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-02 05:04:46
# local_time=2012-10-02 01:04:46 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16774142 0 93 31161201 84738867 0 0
# compatibility_mode=5891 16776870 42 87 16587 45080388 0 0
# compatibility_mode=8192 67108863 100 0 16749 16749 0 0
# scanned=210462
# found=1
# cleaned=1
# scan_time=5168
C:\WINDOWS\system32\Improve Your PC.lnk LNK/URL.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
I retried (after refreshing my connection) and it returned the same error. I think the issue with ESET (and for why I can't update Malwarebytes) might be something I noticed two years ago, but could never find a way to fix. When I deactivated a firewall I had, a program that uses SSH connections worked fine, but when the firewall was active, it made the program through a "fatal error". I uninstalled the program that manages that firewall, but I think the settings on it are still active somehow. By chance, do you know any suggestions on how to undo effects like those?
-
When I pressed Start after making sure that the Remove found threats option and the Scan unwanted applications option were checked, it began trying to download the definitions, and it stopped, mentioning: "Can not get update. Is proxy configured?". Should I try to configure a proxy?
-
Hi, below is my log after running ComboFix:
ComboFix 12-09-27.03 - David 09/30/2012 1:48.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.620 [GMT -4:00]
Running from: c:\documents and settings\David Colon-Smith\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro PC-cillin Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\956ab021
c:\documents and settings\All Users\SPL591.tmp
c:\documents and settings\All Users\SPLF0.tmp
c:\documents and settings\David Colon-Smith\Application Data\40933372
c:\documents and settings\David Colon-Smith\Application Data\Adobe\plugs
c:\documents and settings\David Colon-Smith\Application Data\Adobe\shed
c:\documents and settings\David Colon-Smith\hkaiwhwauv.tmp
c:\documents and settings\David Colon-Smith\My Documents\~WRL0217.tmp
c:\documents and settings\David Colon-Smith\My Documents\~WRL0341.tmp
c:\documents and settings\David Colon-Smith\My Documents\~WRL0407.tmp
c:\documents and settings\David Colon-Smith\My Documents\~WRL0408.tmp
c:\documents and settings\David Colon-Smith\My Documents\~WRL0883.tmp
c:\documents and settings\David Colon-Smith\My Documents\~WRL1560.tmp
c:\documents and settings\David Colon-Smith\My Documents\~WRL3040.tmp
c:\documents and settings\David Colon-Smith\My Documents\~WRL3743.tmp
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\install.rdf
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome\xulcache.jar
c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\install.rdf
c:\documents and settings\Ivy Colon\hkaiwhwauv.tmp
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET7C7.tmp
c:\windows\system32\SET7D3.tmp
c:\windows\system32\SET7DB.tmp
c:\windows\system32\SET7DC.tmp
c:\windows\system32\SET7DE.tmp
c:\windows\system32\SET7E1.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\webdriver\wtdmmp.dll
c:\windows\wt\webdriver\wtdmmpi.jar
c:\windows\wt\webdriver\wtdmmpv.dll
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo
c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
c:\windows\wt\wtupdates\wtdmmp\update_info\data.wts
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DHCP32
-------\Service_Dhcp32
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2072-07-31 22:44 . 2004-08-24 19:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll
2012-09-24 20:46 . 2012-09-25 20:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-24 20:46 . 2012-09-24 20:46 -------- d-----w- c:\documents and settings\David Colon-Smith\Application Data\Malwarebytes
2012-09-24 20:46 . 2012-09-24 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-24 20:46 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 20:46 . 2012-09-25 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-21 11:35 . 2012-09-21 11:35 -------- d-----w- c:\documents and settings\David Colon-Smith\Application Data\McAfee
2012-09-21 11:31 . 2012-09-21 11:29 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-09-21 11:31 . 2012-09-21 11:29 23112 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-09-21 11:28 . 2012-09-23 04:55 -------- d-----w- c:\program files\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 21:01 . 2008-04-05 21:01 3778594 ----a-w- c:\program files\bluejsetup-221.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MPFEXE"="c:\program files\mcafee.com\personal firewall\MPFTray.exe" [2006-03-07 992808]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CACHEWEB.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CACHEWEB.lnk
backup=c:\windows\pss\CACHEWEB.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
[X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 17:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-02-06 15:20 478800 ----a-w- c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 15:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 13:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-04-11 02:21 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-01 22:19 136176 ----atw- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 01:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 01:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 00:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 00:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
2006-03-07 20:05 992808 ----a-w- c:\program files\mcafee.com\personal firewall\MpfTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
2006-06-09 16:47 47104 ----a-w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-04-11 02:12 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-10 00:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\documents and settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\David Colon-Smith\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6000:TCP"= 6000:TCP:test
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R2 Cache_c-_intersystems_cache;Caché Controller for CACHEWEB;c:\intersystems\Cache\Bin\cservice.exe [8/18/2008 9:35 PM 73728]
R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008]
R3 CACHEWEBhttpd;Web Server for CACHEWEB;c:\intersystems\Cache\httpd\bin\httpd.exe [8/18/2008 9:35 PM 20541]
S1 MpKsl057b8bd2;MpKsl057b8bd2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl057b8bd2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl057b8bd2.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 6:19 PM 136176]
S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\cryptdlg32.exe --> c:\windows\system32\cryptdlg32.exe [?]
S2 HTTPFilter32;HTTP SSL ;c:\windows\system32\ATL7132.exe --> c:\windows\system32\ATL7132.exe [?]
S2 lanmanserver32;Server ;c:\windows\system32\POSTWPP32.exe --> c:\windows\system32\POSTWPP32.exe [?]
S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\rastls32.exe --> c:\windows\system32\rastls32.exe [?]
S2 RegSrvc32;RegSrvc ;c:\windows\system32\gcdef32.exe --> c:\windows\system32\gcdef32.exe [?]
S2 VSS32;Volume Shadow Copy ;c:\windows\system32\dlccutil(3)32.exe --> c:\windows\system32\dlccutil(3)32.exe [?]
S2 xmlprov32;Network Provisioning Service ;c:\windows\system32\TosSndAPI32.exe --> c:\windows\system32\TosSndAPI32.exe [?]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [9/19/2011 5:11 PM 58960]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [6/15/2007 8:59 PM 16194]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 6:19 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/24/2012 4:46 PM 40776]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [6/3/2009 4:52 PM 120168]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 22:19]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 22:19]
.
2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1705149355-52376669-1174297957-1006Core.job
- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 22:19]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1705149355-52376669-1174297957-1006UA.job
- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 22:19]
.
2012-08-18 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]
.
2012-09-30 c:\windows\Tasks\User_Feed_Synchronization-{4DBF9887-0447-4DA1-8377-9B6F318E27D7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2012-08-18 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-03-07 23:58]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-AOLSPScheduler - c:\program files\Common Files\AOL\1166243950\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1166243950\ee\AOLSoftware.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-sscRun - c:\program files\Common Files\AOL\1166243950\ee\SSCRun.exe
AddRemove-West_Point_Bridge_Designer_2007 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-30 02:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MPFEXE = "c:\program files\mcafee.com\personal firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(3328)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\altera\91sp2\quartus\bin\jtagserver.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\intersystems\cache\bin\cache.exe
c:\program files\mcafee.com\personal firewall\MPFService.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\stsystra.exe
c:\windows\system32\dlcccoms.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2012-09-30 02:22:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-30 06:22
ComboFix2.txt 2011-04-13 02:14
.
Pre-Run: 2,237,669,376 bytes free
Post-Run: 4,292,571,136 bytes free
.
- - End Of File - - D1EBF97A03A820C32D6B9BDF378725DE
-
Below is the posted log and the URL:
# AdwCleaner v2.003 - Logfile created 09/29/2012 at 01:01:36
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : David - DFG1FS91
# Boot Mode : Normal
# Running from : C:\Documents and Settings\David Colon-Smith\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Windows Savevid Toolbar
***** [Registry] *****
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Google Chrome v21.0.1180.89
*************************
AdwCleaner[R1].txt - [2281 octets] - [26/09/2012 09:39:29]
AdwCleaner[R2].txt - [2341 octets] - [26/09/2012 09:56:22]
AdwCleaner[R3].txt - [2401 octets] - [26/09/2012 09:57:36]
AdwCleaner[R4].txt - [2281 octets] - [26/09/2012 09:58:27]
AdwCleaner[s1].txt - [2681 octets] - [29/09/2012 01:01:36]
########## EOF - C:\AdwCleaner[s1].txt - [2741 octets] ##########
-
I apologize, here are the files below:
# AdwCleaner v2.003 - Logfile created 09/26/2012 at 09:39:29
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : David - DFG1FS91
# Boot Mode : Normal
# Running from : C:\Documents and Settings\David Colon-Smith\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Program Files\Windows Savevid Toolbar
***** [Registry] *****
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Viewpoint
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v21.0.1180.89
*************************
AdwCleaner[R1].txt - [2152 octets] - [26/09/2012 09:39:29]
########## EOF - C:\AdwCleaner[R1].txt - [2212 octets] ##########
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by David at 10:01:29 on 2012-09-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.71 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Trend Micro PC-cillin Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\intersystems\cache\bin\cservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\altera\91sp2\quartus\bin\jtagserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\intersystems\cache\bin\cache.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMEService.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
c:\intersystems\cache\bin\cache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\InterSystems\Cache\httpd\bin\httpd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\mcafee.com\personal firewall\MPFTray.exe
C:\InterSystems\Cache\httpd\bin\httpd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Colon-Smith\Desktop\adwcleaner.exe
C:\Documents and Settings\David Colon-Smith\Desktop\aswMBR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi0498~1\datamngr\toolbar\searchqudtx.dll
TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\david colon-smith\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MPFEXE] "c:\program files\mcafee.com\personal firewall\MPFTray.exe"
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "c:\program files\Windows Savevid Toolbar"
mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "c:\program files\windows savevid toolbar\datamngr\ToolBar"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cruzan2.webex.com/client/T27LB/webex/ieatgpc.cab
TCP: DhcpNameServer = 152.3.72.100 152.3.70.100
TCP: Interfaces\{38434B1E-6738-4A86-85C6-579D6B868F8B} : DhcpNameServer = 152.3.72.100 152.3.70.100
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\windows\system32\gdi3232.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-12-16 80640]
R1 MpKsl30dd1ea7;MpKsl30dd1ea7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83757166-bbd5-49ea-b802-834d557fa638}\MpKsl30dd1ea7.sys [2012-9-25 29904]
R2 Cache_c-_intersystems_cache;Caché Controller for CACHEWEB;c:\intersystems\cache\bin\cservice.exe [2008-8-18 73728]
R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\david colon-smith\my documents\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R3 CACHEWEBhttpd;Web Server for CACHEWEB;c:\intersystems\cache\httpd\bin\httpd.exe [2008-8-18 20541]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-24 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Dhcp32;DHCP Client ;c:\windows\system32\gearaspi32.exe --> c:\windows\system32\GEARAspi32.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-1 136176]
S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\cryptdlg32.exe --> c:\windows\system32\cryptdlg32.exe [?]
S2 HTTPFilter32;HTTP SSL ;c:\windows\system32\atl7132.exe --> c:\windows\system32\ATL7132.exe [?]
S2 lanmanserver32;Server ;c:\windows\system32\postwpp32.exe --> c:\windows\system32\POSTWPP32.exe [?]
S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\rastls32.exe --> c:\windows\system32\rastls32.exe [?]
S2 RegSrvc32;RegSrvc ;c:\windows\system32\gcdef32.exe --> c:\windows\system32\gcdef32.exe [?]
S2 VSS32;Volume Shadow Copy ;c:\windows\system32\dlccutil(3)32.exe --> c:\windows\system32\dlccutil(3)32.exe [?]
S2 xmlprov32;Network Provisioning Service ;c:\windows\system32\tossndapi32.exe --> c:\windows\system32\TosSndAPI32.exe [?]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [2011-9-19 58960]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2007-6-15 16194]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-1 136176]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-12-16 114464]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-6-3 120168]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2072-07-31 22:44:42 375808 ----a-w- c:\program files\microsoft games\halo\binkw32.dll
2012-09-26 02:21:09 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83757166-bbd5-49ea-b802-834d557fa638}\MpKsl30dd1ea7.sys
2012-09-24 20:46:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-24 20:46:56 -------- d-----w- c:\documents and settings\david colon-smith\application data\Malwarebytes
2012-09-24 20:46:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-24 20:46:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 20:46:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-21 11:35:54 -------- d-----w- c:\documents and settings\david colon-smith\application data\McAfee
2012-09-21 11:31:22 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-09-21 11:31:22 23112 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-09-21 11:28:29 -------- d-----w- c:\program files\McAfee
.
==================== Find3M ====================
.
2008-04-05 21:01:47 3778594 ----a-w- c:\program files\bluejsetup-221.exe
.
============= FINISH: 10:01:45.59 ===============
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-26 09:41:40
-----------------------------
09:41:40.187 OS Version: Windows 5.1.2600 Service Pack 3
09:41:40.187 Number of processors: 1 586 0xD08
09:41:40.187 ComputerName: DFG1FS91 UserName: David
09:41:40.734 Initialize success
09:41:51.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:41:51.750 Disk 0 Vendor: Hitachi_HTS721060G9AT00 MC3OA53A Size: 55796MB BusType: 3
09:41:51.765 Disk 0 MBR read successfully
09:41:51.765 Disk 0 MBR scan
09:41:51.765 Disk 0 unknown MBR code
09:41:51.765 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
09:41:51.781 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52046 MB offset 96390
09:41:51.812 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3694 MB offset 106687665
09:41:51.812 Disk 0 scanning sectors +114254280
09:41:51.890 Disk 0 scanning C:\WINDOWS\system32\drivers
09:42:02.781 Service scanning
09:42:05.421 Service BVRPMPR5 D:\INSTAL~E\Core\BVRPMPR5.SYS **LOCKED** 21
09:42:12.234 Service MpKsl30dd1ea7 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl30dd1ea7.sys **LOCKED** 32
09:42:22.046 Modules scanning
09:42:32.078 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
09:42:34.046 Disk 0 trace - called modules:
09:42:34.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
09:42:34.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8710bab8]
09:42:34.078 3 CLASSPNP.SYS[f7687fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87174d98]
09:42:34.078 Scan finished successfully
09:43:19.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Colon-Smith\Desktop\MBR.dat"
09:43:19.484 The log file has been saved successfully to "C:\Documents and Settings\David Colon-Smith\Desktop\aswMBR.txt"
Sorry again for attaching them earlier.
-
I uninstalled both programs, and ran AppRemover (which mentioned no applications). Then I ran all of the programs mentioned, and I saved the requested logs.
-
I followed the instructions from the link, and below (and attached) are the logs:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.07.13
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David :: DFG1FS91 [administrator]
9/25/2012 6:27:20 PM
mbam-log-2012-09-25 (22-03-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 291903
Time elapsed: 21 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Hi,
I ran mbam-clean.exe and restarted my computer. Then I downloaded Malwarebytes from the link in the post above. When it went to update, it gave me the same error. Also, when it started the program, it mentioned that "The Malwarebytes Anti-Malware database is missing or corrupt. Would you like to download a new copy?". When I click yes, it gives me the same updating error mentioned above. I restarted my computer just to see if it would happen again, and it did. Should I download a different copy?
-
Hi,
I ran command prompt as administrator and restarted my computer, however it still gives me the same error. How should I proceed from here?
-
Hi,
Thank you for choosing to help me. Whenever I try to update MBAM, I always get this error:
An error has occurred. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission).
PROGRAM_ERROR_UPDATING(0, 0, Invalid argument)
Also, I wasn't a paying customer, so I'll assume I can't use services from the help desk. Seeing as I can't update MBAM, should I just run the scan anyway and proceed as you said?
Can't completely remove a virus
in Resolved Malware Removal Logs
Posted
Is there anything I should do while waiting for a response?