Firefox

ok it is sitting there waiting for instructions... I will wait till you get back with me.

ok not following.... I have 2 hard drives that are mirrored and partitioned into C an D as seen below. The L drive is an external usb hard drive. \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`80f0f400 (NTFS) \\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (FAT32) The instructions you gave me is going to reset the mbr on which drive? and you want me to select 1 (windows xp) even though I have win7?

let me make sure we are on the same sheet of music for a second... you want me to please enter 1 for Windows XP even though I have windows 7?

That traceroute log shows a DNS issue, and it's possible that your DNS settings have been hijacked. If you connect to the Internet through a router, then I would highly recommend that you reset it to it's factory default settings by holding the 'Reset' button on the back of the router until the power light starts blinking. This will clear all of the settings, including DNS settings, and reset them to the factory defaults, which should resolve the issue. Please note that you will need to set the router back up after performing this reset. Also, if you know how to check the router's DNS settings manually, then you can change the DNS settings in the router to resolve the issue without resetting it.

I am sorry I had to enter more to the log.... did you see it above?

Good to see nothing is found so far..... here is the next log..... MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: Precision WorkStation T5400 Logical Drives Mask: 0x00000bfc \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`80f0f400 (NTFS) \\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (FAT32) Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 931 GB \\.\PhysicalDrive1 RE: Unknown MBR code SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: y Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice:

Ok lets try this.... Open Malwarebytes Update it Now go to the Settings Tab Click on Scanner Settings Uncheck Enable advanced heuristics engine Now click on Scanner Tab Perform a quick scan See if that helps....

yes you cant beat that deal with a stick.... Lifetime license and its tranferable from one computer to another....

Yes that is correct, it is a lifetime license....

Here is a screen shot of the options I had selected, let me know if that is ok..... Here is the log.... GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-09-08 09:18:19 Windows 6.1.7600 Running: oiu5nnvo.exe; Driver: C:\Users\CMACK~1.TXF\AppData\Local\Temp\pxddqpod.sys ---- System - GMER 1.0.15 ---- SSDT 874ABF48 ZwAlertResumeThread SSDT 8733C078 ZwAlertThread SSDT 874BFD78 ZwAllocateVirtualMemory SSDT 872860D0 ZwConnectPort SSDT 874C1E78 ZwCreateMutant SSDT 874CB4B8 ZwCreateThread SSDT 8747F0C8 ZwFreeVirtualMemory SSDT 874ABDC8 ZwImpersonateAnonymousToken SSDT 874ABE88 ZwImpersonateThread SSDT 874C1AD0 ZwMapViewOfSection SSDT 874C1DB8 ZwOpenEvent SSDT 874965C0 ZwOpenProcessToken SSDT 874ABAB0 ZwOpenThreadToken SSDT \??\C:\Windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x8DFB68B0] SSDT 87496B38 ZwResumeThread SSDT 8747F048 ZwSetContextThread SSDT 874C1978 ZwSetInformationProcess SSDT 874AB958 ZwSetInformationThread SSDT 874C1CF8 ZwSuspendProcess SSDT 8733C180 ZwSuspendThread SSDT 8579A848 ZwTerminateProcess SSDT 8733C240 ZwTerminateThread SSDT 8748A4C8 ZwUnmapViewOfSection SSDT 8747F198 ZwWriteVirtualMemory INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E27AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E27104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E273F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E102D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E0F898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E271DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E27958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E276F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E27F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E281A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E87599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EABF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 224 82EB3734 8 Bytes [48, BF, 4A, 87, 78, C0, 33, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EB374C 4 Bytes [78, FD, 4B, 87] .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82EB37EC 4 Bytes [D0, 60, 28, 87] .text ntkrnlpa.exe!RtlSidHashLookup + 318 82EB3828 4 Bytes [78, 1E, 4C, 87] .text ntkrnlpa.exe!RtlSidHashLookup + 34C 82EB385C 4 Bytes [b8, B4, 4C, 87] .text ... .text peauth.sys ABCFAC9D 28 Bytes [1E, A3, AF, 57, A5, 5F, 50, ...] .text peauth.sys ABCFACC1 28 Bytes [1E, A3, AF, 57, A5, 5F, 50, ...] PAGE peauth.sys ABD00E20 101 Bytes [26, C0, D7, 58, 10, C7, A7, ...] PAGE peauth.sys ABD0102C 102 Bytes [41, 4A, 64, 91, 23, 1B, 5D, ...] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1440] USER32.dll!CreateWindowExW 75E10E51 5 Bytes JMP 6A9C8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1440] USER32.dll!DialogBoxIndirectParamW 75E34AA7 5 Bytes JMP 6AAEF970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1440] USER32.dll!DialogBoxParamW 75E3564A 5 Bytes JMP 6A8E4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1440] USER32.dll!DialogBoxParamA 75E4CF6A 5 Bytes JMP 6AAEF90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1440] USER32.dll!DialogBoxIndirectParamA 75E4D29C 5 Bytes JMP 6AAEF9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1440] USER32.dll!MessageBoxIndirectA 75E5E8C9 5 Bytes JMP 6AAEF8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1440] USER32.dll!MessageBoxIndirectW 75E5E9C3 5 Bytes JMP 6AAEF837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1440] USER32.dll!MessageBoxExA 75E5EA29 5 Bytes JMP 6AAEF7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1440] USER32.dll!MessageBoxExW 75E5EA4D 5 Bytes JMP 6AAEF773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[2208] kernel32.dll!SetUnhandledExceptionFilter 75263162 5 Bytes JMP 64835164 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[2208] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 652E9D32 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!UnhookWindowsHookEx 75E0CC7B 5 Bytes JMP 6A9D835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CallNextHookEx 75E0CC8F 5 Bytes JMP 6A9B9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!CreateWindowExW 75E10E51 5 Bytes JMP 6A9C8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!SetWindowsHookExW 75E1210A 5 Bytes JMP 6A974633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxIndirectParamW 75E34AA7 5 Bytes JMP 6AAEF970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxParamW 75E3564A 5 Bytes JMP 6A8E4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxParamA 75E4CF6A 5 Bytes JMP 6AAEF90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!DialogBoxIndirectParamA 75E4D29C 5 Bytes JMP 6AAEF9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxIndirectA 75E5E8C9 5 Bytes JMP 6AAEF8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxIndirectW 75E5E9C3 5 Bytes JMP 6AAEF837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxExA 75E5EA29 5 Bytes JMP 6AAEF7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] USER32.dll!MessageBoxExW 75E5EA4D 5 Bytes JMP 6AAEF773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6AAEFCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2600] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6A9C8C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!UnhookWindowsHookEx 75E0CC7B 5 Bytes JMP 6A9D835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!CallNextHookEx 75E0CC8F 5 Bytes JMP 6A9B9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!CreateWindowExW 75E10E51 5 Bytes JMP 6A9C8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!SetWindowsHookExW 75E1210A 5 Bytes JMP 6A974633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!DialogBoxIndirectParamW 75E34AA7 5 Bytes JMP 6AAEF970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!DialogBoxParamW 75E3564A 5 Bytes JMP 6A8E4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!DialogBoxParamA 75E4CF6A 5 Bytes JMP 6AAEF90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!DialogBoxIndirectParamA 75E4D29C 5 Bytes JMP 6AAEF9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!MessageBoxIndirectA 75E5E8C9 5 Bytes JMP 6AAEF8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!MessageBoxIndirectW 75E5E9C3 5 Bytes JMP 6AAEF837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!MessageBoxExA 75E5EA29 5 Bytes JMP 6AAEF7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] USER32.dll!MessageBoxExW 75E5EA4D 5 Bytes JMP 6AAEF773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 652E9D32 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4780] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6A9C8C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!UnhookWindowsHookEx 75E0CC7B 5 Bytes JMP 6A9D835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!CallNextHookEx 75E0CC8F 5 Bytes JMP 6A9B9D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!CreateWindowExW 75E10E51 5 Bytes JMP 6A9C8157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!SetWindowsHookExW 75E1210A 5 Bytes JMP 6A974633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!DialogBoxIndirectParamW 75E34AA7 5 Bytes JMP 6AAEF970 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!DialogBoxParamW 75E3564A 5 Bytes JMP 6A8E4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!DialogBoxParamA 75E4CF6A 5 Bytes JMP 6AAEF90D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!DialogBoxIndirectParamA 75E4D29C 5 Bytes JMP 6AAEF9D3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!MessageBoxIndirectA 75E5E8C9 5 Bytes JMP 6AAEF8A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!MessageBoxIndirectW 75E5E9C3 5 Bytes JMP 6AAEF837 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!MessageBoxExA 75E5EA29 5 Bytes JMP 6AAEF7D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] USER32.dll!MessageBoxExW 75E5EA4D 5 Bytes JMP 6AAEF773 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6AAEFCCE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[7004] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6A9C8C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs stcvsm.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation) Device \Driver\usbhub \Device\0000008e hcmon.sys Device \Driver\usbhub \Device\0000008f hcmon.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 SaibIa32.sys (Disk Filter Driver/Sonic Solutions) Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys Device \Driver\usbhub \Device\000000a0 hcmon.sys AttachedDevice \Driver\tdx \Device\Tcp wpsdrvnt.sys Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys Device \Driver\usbhub \Device\USBPDO-6 hcmon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 SaibIa32.sys (Disk Filter Driver/Sonic Solutions) Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 SaibIa32.sys (Disk Filter Driver/Sonic Solutions) Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 SaibIa32.sys (Disk Filter Driver/Sonic Solutions) Device \Driver\iaStorV \Device\Ide\iaStor0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-2 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 SaibIa32.sys (Disk Filter Driver/Sonic Solutions) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 SaibIa32.sys (Disk Filter Driver/Sonic Solutions) Device \Driver\usbhub \Device\USBPDO-10 hcmon.sys Device \Driver\ACPI_HAL \Device\00000075 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 SaibIa32.sys (Disk Filter Driver/Sonic Solutions) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 SaibIa32.sys (Disk Filter Driver/Sonic Solutions) Device \Driver\usbhub \Device\00000090 hcmon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 SaibIa32.sys (Disk Filter Driver/Sonic Solutions) Device \Driver\usbhub \Device\USBPDO-13 hcmon.sys Device \Driver\usbhub \Device\00000091 hcmon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 SaibIa32.sys (Disk Filter Driver/Sonic Solutions) AttachedDevice \Driver\tdx \Device\Udp wpsdrvnt.sys Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys Device \Driver\usbhub \Device\00000099 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys Device \Driver\usbhub \Device\0000008d hcmon.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@L:\Downloads\Magellan\xae RoadMate\xae 1200 Software\Firmware Update v3.12\New Folder\Magellan_Roadmate_1200_US_1.50_3.12_Rel1.exe 1 ---- EOF - GMER 1.0.15 ----

I would suppose they update the combofix file from time to time, like I said I had scanned about a week ago and I did not get that message..... anyway here is my log..... ComboFix 10-09-07.03 - cmack 09/08/2010 13:57:33.4.8 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2401 [GMT -5:00] Running from: c:\users\cmack.TXFBDOM\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 ))))))))))))))))))))))))))))))) . 2010-09-08 19:03 . 2010-09-08 19:03 -------- d-----w- c:\users\cmack.TXFBDOM\AppData\Local\temp 2010-09-08 19:03 . 2010-09-08 19:03 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-09-08 19:03 . 2010-09-08 19:03 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2010-09-08 19:03 . 2010-09-08 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-08 19:03 . 2010-09-08 19:03 -------- d-----w- c:\users\CMACK~1~TXF\AppData\Local\temp 2010-09-08 19:03 . 2010-09-08 19:03 -------- d-----w- c:\users\cmack\AppData\Local\temp 2010-09-08 13:45 . 2010-09-08 13:45 -------- d-----w- c:\users\cmack.TXFBDOM\AppData\Local\Lunarsoft 2010-09-08 13:45 . 2010-09-08 13:45 -------- d-----w- c:\program files\Lunarsoft 2010-09-07 20:46 . 2010-09-07 20:47 -------- d-----w- c:\program files\Ultra File Search 2010-08-31 15:04 . 2010-08-31 15:04 -------- d-----w- c:\users\cmack.TXFBDOM\AppData\Roaming\Apple Computer 2010-08-27 18:21 . 2010-08-27 18:22 -------- d-----w- c:\users\cmack.TXFBDOM\AppData\Roaming\vlc 2010-08-27 18:20 . 2010-08-27 18:20 -------- d-----w- c:\program files\VideoLAN 2010-08-27 16:51 . 2010-08-31 15:00 -------- d-----w- C:\YouTubeVideos 2010-08-27 16:48 . 2010-08-27 16:48 -------- d-----w- c:\program files\AliveMedia 2010-08-26 15:19 . 2010-08-30 16:12 12195 ----a-w- c:\programdata\DVDXStudio\CloneDVD5\MainApp.dll 2010-08-25 00:12 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll 2010-08-23 13:53 . 2010-08-23 13:53 -------- d-----w- c:\programdata\Kaspersky Lab 2010-08-19 12:44 . 2010-08-19 12:45 -------- d-----w- c:\program files\QuickTime 2010-08-18 19:30 . 2010-07-15 22:48 193440 ----a-w- c:\windows\system32\drivers\stcvsm.sys 2010-08-17 20:41 . 2010-08-01 17:55 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe 2010-08-17 20:41 . 2010-08-01 17:55 399920 ----a-w- c:\windows\system32\vmnat.exe 2010-08-17 20:41 . 2010-08-01 17:52 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2010-08-17 20:40 . 2010-08-01 17:55 760368 ----a-w- c:\windows\system32\vnetlib.dll 2010-08-17 20:40 . 2010-08-01 17:54 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys 2010-08-17 20:40 . 2010-08-17 20:40 -------- d-----w- c:\program files\Common Files\VMware 2010-08-17 20:39 . 2010-08-17 20:39 -------- d-----w- c:\program files\VMware 2010-08-17 15:48 . 2010-08-17 16:29 -------- d-----w- c:\users\cmack.TXFBDOM\AppData\Roaming\Download Manager 2010-08-12 12:52 . 2010-08-12 12:52 -------- d-----w- c:\users\cmack.TXFBDOM\AppData\Local\Opera 2010-08-12 12:52 . 2010-08-12 12:52 -------- d-----w- c:\program files\Opera 2010-08-11 16:23 . 2010-08-11 16:23 -------- d-----w- c:\windows\Sun 2010-08-11 16:23 . 2010-08-11 16:23 -------- d-----w- c:\program files\Common Files\Java 2010-08-10 23:17 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-10 23:17 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-08-10 23:17 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-08-10 23:17 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-08-10 23:17 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll 2010-08-10 23:17 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-10 23:17 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-10 23:17 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-10 23:17 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-10 23:17 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-08 18:52 . 2010-05-12 16:36 -------- d-----w- c:\programdata\VMware 2010-09-08 18:52 . 2010-05-11 14:57 -------- d-----w- c:\programdata\NVIDIA 2010-09-08 13:09 . 2010-05-12 18:53 -------- d-----w- c:\program files\LogMeIn 2010-09-07 15:39 . 2010-05-18 20:26 -------- d-----w- c:\users\cmack.TXFBDOM\AppData\Roaming\VMware 2010-09-02 14:33 . 2010-05-11 19:35 -------- d-----w- c:\programdata\Roxio 2010-09-01 14:44 . 2010-05-11 19:37 -------- d-----w- c:\programdata\Sonic 2010-08-26 15:19 . 2010-05-20 13:34 -------- d-----w- c:\program files\CloneDVD5 2010-08-26 15:17 . 2010-05-20 13:34 -------- d-----w- c:\users\cmack.TXFBDOM\AppData\Roaming\Vso 2010-08-26 15:16 . 2010-05-20 13:34 -------- d-----w- c:\programdata\DVDXStudio 2010-08-26 14:33 . 2010-05-12 16:17 -------- d-----w- c:\users\cmack.TXFBDOM\AppData\Roaming\FileZilla 2010-08-25 18:52 . 2010-05-11 20:54 -------- d-----w- c:\program files\CCleaner 2010-08-23 14:31 . 2010-06-28 21:44 -------- d-----w- c:\program files\KLTImageshack uploader 2010-08-23 13:41 . 2010-05-12 16:17 -------- d-----w- c:\program files\FileZilla FTP Client 2010-08-19 12:44 . 2010-05-12 16:09 -------- d-----w- c:\programdata\Apple Computer 2010-08-17 20:42 . 2010-05-12 16:37 921608 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe 2010-08-17 20:42 . 2010-05-12 16:37 629296 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll 2010-08-17 20:38 . 2010-05-12 16:37 581632 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll 2010-08-17 20:38 . 2010-05-12 16:37 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll 2010-08-17 20:38 . 2010-05-12 16:37 356352 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll 2010-08-17 20:38 . 2010-05-12 16:37 968752 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll 2010-08-17 20:38 . 2010-05-12 16:37 932400 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe 2010-08-17 20:38 . 2010-05-12 16:37 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll 2010-08-17 20:38 . 2010-05-12 16:37 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll 2010-08-17 20:38 . 2010-05-12 16:37 707120 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe 2010-08-11 16:23 . 2010-05-12 15:17 -------- d-----w- c:\program files\Java 2010-08-11 08:03 . 2010-05-11 19:07 -------- d-----w- c:\programdata\Microsoft Help 2010-08-05 13:18 . 2010-08-05 13:15 -------- d-----w- c:\program files\Microsoft Streets & Trips 2010 2010-08-05 12:57 . 2010-08-05 12:57 -------- d-----w- c:\program files\MSECache 2010-08-03 13:21 . 2010-05-11 21:41 -------- d-----w- c:\programdata\FLEXnet 2010-08-03 13:21 . 2010-05-11 19:40 -------- d-----w- c:\programdata\CinemaNow 2010-08-02 16:12 . 2010-08-02 16:12 -------- d-----w- c:\program files\Jufsoft 2010-08-01 17:55 . 2010-08-01 17:55 70704 ----a-w- c:\windows\system32\drivers\vmci.sys 2010-08-01 17:55 . 2010-08-01 17:55 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys 2010-08-01 17:54 . 2010-08-01 17:54 14896 ----a-w- c:\windows\system32\drivers\vmparport.sys 2010-08-01 16:39 . 2010-08-01 16:39 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys 2010-08-01 16:12 . 2010-08-01 16:12 252464 ----a-w- c:\windows\system32\vmnc.dll 2010-08-01 14:18 . 2010-08-01 14:18 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys 2010-08-01 14:18 . 2010-08-01 14:18 59952 ----a-w- c:\windows\system32\vnetinst.dll 2010-08-01 14:18 . 2010-08-01 14:18 51248 ----a-w- c:\windows\system32\vmnetbridge.dll 2010-08-01 14:18 . 2010-08-01 14:18 36400 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2010-08-01 14:18 . 2010-08-01 14:18 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys 2010-08-01 14:18 . 2010-08-01 14:18 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2010-07-28 16:19 . 2010-07-28 16:19 -------- d-----w- c:\program files\r2 Studios 2010-07-27 14:28 . 2010-05-11 21:35 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-17 10:00 . 2010-05-12 15:17 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-16 21:38 . 2010-07-16 21:38 -------- d-----w- c:\program files\Spb Software House 2010-07-15 23:11 . 2010-07-07 20:30 26144 ----a-w- c:\windows\system32\stcsnap.dll 2010-07-15 23:11 . 2010-07-07 20:30 67616 ----a-w- c:\windows\system32\vsnapvss.exe 2010-07-15 23:10 . 2010-07-07 20:31 102560 ----a-w- c:\windows\system32\drivers\sbmount.sys 2010-07-13 21:30 . 2010-07-13 21:27 -------- d-----w- c:\program files\Content Manager 2010-07-13 21:27 . 2010-05-11 18:18 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-30 20:44 . 2010-06-30 15:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-30 06:25 . 2010-08-10 23:16 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 12:35 . 2010-06-23 12:35 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA614.tmp.exe 2010-06-19 04:07 . 2010-08-10 23:16 2326016 ----a-w- c:\windows\system32\win32k.sys 2010-06-17 15:22 . 2010-06-17 15:22 627712 ----a-w- c:\windows\system32\gpprefbr.dll 2010-06-17 15:22 . 2010-06-17 15:22 2548736 ----a-w- c:\windows\system32\propshts.dll 2010-06-17 15:22 . 2010-06-17 15:22 4342272 ----a-w- c:\windows\system32\gppref.dll 2010-06-17 15:22 . 2010-06-17 15:22 225280 ----a-w- c:\windows\system32\gpregistrybrowser.dll 2010-06-17 15:22 . 2010-06-17 15:22 166400 ----a-w- c:\windows\system32\gpprefcn.dll 2010-06-16 05:48 . 2010-08-10 23:16 224256 ----a-w- c:\windows\system32\schannel.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((( SnapShot@2010-09-02_19.04.59 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-11 18:35 . 2010-09-08 18:58 37056 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2010-09-08 18:58 36692 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 04:55 . 2010-09-01 14:46 36692 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-05-11 16:53 . 2010-09-02 02:48 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-11 16:53 . 2010-09-08 18:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-05-11 16:53 . 2010-09-02 02:48 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-05-11 16:53 . 2010-09-08 18:52 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:41 . 2010-09-08 18:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2010-09-02 02:48 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-05-11 23:13 . 2010-09-02 13:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-11 23:13 . 2010-09-08 18:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-13 14:12 . 2010-09-08 13:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat - 2010-05-13 14:12 . 2010-09-02 19:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2010-05-13 14:12 . 2010-09-08 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat - 2010-05-13 14:12 . 2010-09-02 19:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat - 2010-05-13 14:12 . 2010-09-02 19:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat + 2010-05-13 14:12 . 2010-09-08 13:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat - 2010-05-11 23:13 . 2010-09-02 19:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-05-11 23:13 . 2010-09-08 18:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-05-11 23:13 . 2010-09-02 13:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-05-11 23:13 . 2010-09-08 18:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-05-11 18:25 . 2010-09-08 18:58 8584 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1957994488-1563985344-1417001333-1107_UserData.bin + 2010-09-08 18:52 . 2010-09-08 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-09-01 14:36 . 2010-09-01 14:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-09-01 14:36 . 2010-09-01 14:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-08 18:52 . 2010-09-08 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-06-16 18:12 . 2010-09-06 15:54 118322 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin - 2009-07-14 02:05 . 2010-09-02 18:40 629528 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2010-09-08 18:56 629528 c:\windows\System32\perfh009.dat - 2009-07-14 02:05 . 2010-09-02 18:40 108370 c:\windows\System32\perfc009.dat + 2009-07-14 02:05 . 2010-09-08 18:56 108370 c:\windows\System32\perfc009.dat - 2009-07-14 02:03 . 2010-09-02 00:59 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat + 2009-07-14 02:03 . 2010-09-08 09:41 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat - 2010-05-14 20:14 . 2010-08-26 14:10 1603672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-05-14 20:14 . 2010-09-02 19:12 1603672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-11 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "GetSmile"="c:\program files\GetSmile\getsmile.exe" [2007-06-02 2031616] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-06-15 4398016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-04-15 1657448] "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600] "CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464] "Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2010-03-18 614400] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] "NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2009-12-25 206216] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "Tonic"="c:\program files\r2 Studios\Tonic\Tonic.exe" [2006-09-03 840192] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-08-01 129584] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888] c:\users\cmack.TXFBDOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-5-12 3581680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-12 622653] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2007-04-27 17:10 18744 ----a-w- c:\windows\System32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKLM\~\startupfolder\C:^Users^cmack.TXFBDOM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\cmack.TXFBDOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSS] 2008-11-25 14:06 1466459 ----a-w- c:\program files\Mace Security\MACE PRO SURVEILLANCE SYSTEM\EPSS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magellan CmTray] 2010-06-01 17:26 435200 ----a-w- c:\program files\Content Manager\CmTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2009-07-24 13:33 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 135664] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-11 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-11 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728] R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-11 1343400] S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-02 21488] S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-02 15856] S0 stcvsm;StorageCraft Volume Snapshot Driver;c:\windows\system32\DRIVERS\stcvsm.sys [2010-07-15 193440] S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-02 25584] S1 sbmount;StorageCraft Image Mount Driver; [x] S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-03 457200] S2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464] S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 5241448] S2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [2010-07-15 1657376] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-16 240232] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-08-01 70704] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-08-01 539184] S2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2010-07-15 67616] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 18:54] 2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 18:54] . . ------- Supplementary Scan ------- . uStart Page = hxxp://sharepoint.txfb.org/it/default.aspx uInternet Settings,ProxyServer = proxy.txfb-ins.local:8080 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll Trusted Zone: cinemanow.com Trusted Zone: kltforums.net\www Trusted Zone: malwarebytes.org\forums Trusted Zone: qflix.com Trusted Zone: roxio.com Trusted Zone: sonic.com\redirect Trusted Zone: sonic.com\redirect2 TCP: {7BF66DA3-4B95-4FA8-9D59-2E49098E026B} = 10.1.1.7,10.1.1.22 . ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: >>UNKNOWN [0x82E14000]<< >>UNKNOWN [0x8C3AD000]<< >>UNKNOWN [0x8C39C000]<< >>UNKNOWN [0x8C400000]<< >>UNKNOWN [0x8BE3A000]<< >>UNKNOWN [0x83224000]<< kernel: MBR read successfully detected MBR rootkit hooks: IoDeviceObjectType -> DumpProcedure -> 0xd46a624f SecurityProcedure -> 0x857c8390 QueryNameProcedure -> 0x857c8520 user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-09-08 14:05:28 ComboFix-quarantined-files.txt 2010-09-08 19:05 ComboFix2.txt 2010-09-02 19:07 Pre-Run: 66,836,123,648 bytes free Post-Run: 66,626,142,208 bytes free - - End Of File - - B42298E7387F723F5F5D207AC1AF7789

BTW, I have edited my original post to include a rar file format of my logs, sometimes zip files have issues but I checked the RAR file and that one worked. I am currently trying to run the combofix (I had ran it before with no issues about 1 week ago) but this time I am having a little trouble. I get error: Find String (QGREP) Utility has stopped working and my only option is close. I have restarted the computer and re-ran the combo fix, this time I got this message: Combofix has detected the presence of rootkit activity and needs to reboot the machine.... I clicked ok and will let you know how it goes on the next post.

2010/09/08 11:36:59.0447 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/08 11:36:59.0447 ================================================================================ 2010/09/08 11:36:59.0447 SystemInfo: 2010/09/08 11:36:59.0447 2010/09/08 11:36:59.0447 OS Version: 6.1.7600 ServicePack: 0.0 2010/09/08 11:36:59.0447 Product type: Workstation 2010/09/08 11:36:59.0447 ComputerName: 1WWLLF1 2010/09/08 11:36:59.0463 UserName: cmack 2010/09/08 11:36:59.0463 Windows directory: C:\Windows 2010/09/08 11:36:59.0463 System windows directory: C:\Windows 2010/09/08 11:36:59.0463 Processor architecture: Intel x86 2010/09/08 11:36:59.0463 Number of processors: 8 2010/09/08 11:36:59.0463 Page size: 0x1000 2010/09/08 11:36:59.0463 Boot type: Normal boot 2010/09/08 11:36:59.0463 ================================================================================ 2010/09/08 11:36:59.0931 Initialize success 2010/09/08 11:37:10.0336 ================================================================================ 2010/09/08 11:37:10.0336 Scan started 2010/09/08 11:37:10.0336 Mode: Manual; 2010/09/08 11:37:10.0336 ================================================================================ 2010/09/08 11:37:15.0172 ================================================================================ 2010/09/08 11:37:15.0172 Scan finished 2010/09/08 11:37:15.0172 ================================================================================ 2010/09/08 11:37:21.0662 Deinitialize success And the GooredFix LOG GooredFix by jpshortstuff (03.07.10.1) Log created at 11:58 on 08/09/2010 (cmack) Firefox version [unable to determine] ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ (none) [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] (none) -=E.O.F=-

Hi, and Welcome to Malwarebytes! Please read the following so that you can begin the cleaning process: As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible. PS: Please use the "ADDREPLY" button instead of other ones when you start replying.

Is this the one you are talking about? DDS (Ver_10-03-17.01) - NTFSx86 Run by cmack at 9:04:54.40 on Wed 09/08/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.1877 [GMT -5:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Symantec\Ghost\ngserver.exe C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\taskhost.exe C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\system32\vmnat.exe C:\Windows\system32\vssvc.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Windows\system32\vmnetdhcp.exe C:\Windows\system32\vsnapvss.exe C:\Program Files\Symantec\Ghost\bin\dbserv.exe C:\Program Files\Symantec\Ghost\db\..\bin\rteng9.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Roxio 2010\5.0\CPMonitor.exe C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\PX Storage Engine\VxBlockServer.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Symantec\Ghost\ngtray.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\r2 Studios\Tonic\Tonic.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\GetSmile\getsmile.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Program Files\Microsoft Streets & Trips 2010\StreetsOlkShim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\cmack.TXFBDOM\Desktop\Stageing Area\Malwarebytes Stuff\Tools\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://sharepoint.txfb.org/it/default.aspx uInternet Settings,ProxyServer = proxy.txfb-ins.local:8080 BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [GetSmile] c:\program files\getsmile\getsmile.exe uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CPMonitor] "c:\program files\roxio 2010\5.0\CPMonitor.exe" mRun: [Desktop Disc Tool] "c:\program files\roxio 2010\roxio burn\RoxioBurnLauncher.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Tonic] "c:\program files\r2 studios\tonic\Tonic.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\users\cmack~1.txf\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: c:\program files\vmware\vmware workstation\vsocklib.dll Trusted Zone: cinemanow.com Trusted Zone: kltforums.net\www Trusted Zone: malwarebytes.org\forums Trusted Zone: qflix.com Trusted Zone: roxio.com Trusted Zone: sonic.com\redirect Trusted Zone: sonic.com\redirect2 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://productivecorp.webex.com/client/T27LB/training/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: {7BF66DA3-4B95-4FA8-9D59-2E49098E026B} = 10.1.1.7,10.1.1.22 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: PCANotify - PCANotify.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-5-11 21488] R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-5-11 15856] R0 stcvsm;StorageCraft Volume Snapshot Driver;c:\windows\system32\drivers\stcvsm.sys [2010-8-18 193440] R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-5-11 25584] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2010-7-7 102560] R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200] R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-12 47640] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-12 304464] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-12-8 5241448] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2010-7-7 1657376] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-16 240232] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-1 1822296] R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-8-1 539184] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2010-7-7 67616] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-12 20952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-11 135664] S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-5-11 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-5-11 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-11 1343400] =============== Created Last 30 ================ 2010-09-08 14:03:26 0 ----a-w- c:\users\cmack.txfbdom\defogger_reenable 2010-09-08 13:45:38 0 d-----w- c:\program files\Lunarsoft 2010-09-07 20:46:10 0 d-----w- c:\program files\Ultra File Search 2010-09-02 19:14:43 0 d-sh--w- C:\$RECYCLE.BIN 2010-09-02 18:57:16 77312 ----a-w- c:\windows\MBR.exe 2010-09-02 18:57:16 256512 ----a-w- c:\windows\PEV.exe 2010-09-02 18:57:15 98816 ----a-w- c:\windows\sed.exe 2010-09-02 18:57:15 161792 ----a-w- c:\windows\SWREG.exe 2010-08-31 18:43:18 65536 --sha-w- c:\users\cmack.txfbdom\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TM.blf 2010-08-31 18:43:18 524288 --sha-w- c:\users\cmack.txfbdom\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TMContainer00000000000000000002.regtrans-ms 2010-08-31 18:43:18 524288 --sha-w- c:\users\cmack.txfbdom\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TMContainer00000000000000000001.regtrans-ms 2010-08-27 18:20:52 0 d-----w- c:\program files\VideoLAN 2010-08-27 16:51:59 0 d-----w- C:\YouTubeVideos 2010-08-27 16:48:26 0 d-----w- c:\program files\AliveMedia 2010-08-25 18:49:43 65536 --sha-w- c:\users\cmack.txfbdom\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TM.blf 2010-08-25 18:49:43 524288 --sha-w- c:\users\cmack.txfbdom\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TMContainer00000000000000000002.regtrans-ms 2010-08-25 18:49:43 524288 --sha-w- c:\users\cmack.txfbdom\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TMContainer00000000000000000001.regtrans-ms 2010-08-25 00:12:24 571904 ----a-w- c:\windows\system32\oleaut32.dll 2010-08-23 14:04:13 756 --sha-w- c:\windows\setup_9.0.0.722_23.08.2010_15-51drv.spi 2010-08-23 13:53:01 0 d-----w- c:\programdata\Kaspersky Lab 2010-08-18 19:34:08 4096 --sha-w- C:\VSM000.IDX 2010-08-18 19:30:31 193440 ----a-w- c:\windows\system32\drivers\stcvsm.sys 2010-08-17 20:41:06 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe 2010-08-17 20:41:02 399920 ----a-w- c:\windows\system32\vmnat.exe 2010-08-17 20:41:02 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2010-08-17 20:40:56 760368 ----a-w- c:\windows\system32\vnetlib.dll 2010-08-17 20:40:44 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys 2010-08-17 20:40:01 0 d-----w- c:\program files\common files\VMware 2010-08-17 20:39:05 0 d-----w- c:\program files\VMware 2010-08-10 23:17:09 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-10 23:17:04 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-08-10 23:17:04 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-08-10 23:17:03 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-08-10 23:17:03 1233920 ----a-w- c:\windows\system32\msxml3.dll 2010-08-10 23:17:02 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-10 23:17:02 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-10 23:17:02 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-10 23:17:00 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-10 23:17:00 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-10 10:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-08-10 10:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-08-09 18:54:44 65536 --sha-w- c:\users\cmack.txfbdom\ntuser.dat{6af38069-a3e7-11df-a0b9-005056c00008}.TM.blf 2010-08-09 18:54:44 524288 --sha-w- c:\users\cmack.txfbdom\ntuser.dat{6af38069-a3e7-11df-a0b9-005056c00008}.TMContainer00000000000000000002.regtrans-ms 2010-08-09 18:54:44 524288 --sha-w- c:\users\cmack.txfbdom\ntuser.dat{6af38069-a3e7-11df-a0b9-005056c00008}.TMContainer00000000000000000001.regtrans-ms ==================== Find3M ==================== 2010-08-01 17:55:38 70704 ----a-w- c:\windows\system32\drivers\vmci.sys 2010-08-01 17:55:36 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys 2010-08-01 17:54:52 14896 ----a-w- c:\windows\system32\drivers\vmparport.sys 2010-08-01 16:39:06 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys 2010-08-01 16:12:36 252464 ----a-w- c:\windows\system32\vmnc.dll 2010-08-01 14:18:26 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys 2010-08-01 14:18:24 59952 ----a-w- c:\windows\system32\vnetinst.dll 2010-08-01 14:18:24 51248 ----a-w- c:\windows\system32\vmnetbridge.dll 2010-08-01 14:18:24 36400 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys 2010-08-01 14:18:24 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys 2010-08-01 14:18:24 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-15 23:11:10 26144 ----a-w- c:\windows\system32\stcsnap.dll 2010-07-15 23:11:08 67616 ----a-w- c:\windows\system32\vsnapvss.exe 2010-07-15 23:10:20 102560 ----a-w- c:\windows\system32\drivers\sbmount.sys 2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys 2010-06-17 15:22:53 627712 ----a-w- c:\windows\system32\gpprefbr.dll 2010-06-17 15:22:53 4342272 ----a-w- c:\windows\system32\gppref.dll 2010-06-17 15:22:53 2548736 ----a-w- c:\windows\system32\propshts.dll 2010-06-17 15:22:53 225280 ----a-w- c:\windows\system32\gpregistrybrowser.dll 2010-06-17 15:22:53 166400 ----a-w- c:\windows\system32\gpprefcn.dll 2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-06-09 20:48:41 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-05-11 14:55:30 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2010-05-11 14:55:30 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2010-05-11 14:55:30 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2010-05-11 14:55:30 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 9:05:28.57 ===============

Hi, and Welcome to Malwarebytes! It is possible the the Malwarebytes is crashing due to the infections found.... Try to launch the program again, update it first (current update is 4571), and try running a quick scan. If it crashes again then follow the instructions below..... Please read the following so that you can begin the cleaning process: As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible. PS: Please use the "ADDREPLY" button instead of other ones when you start replying.

I have talked with Exile360 and he said I should just post here for some help. OK I have my workstation at my work that I use on a day to day basis, and basically I use it when surfing the net, and posting on this forum thorough out the day. I have used it to submit samples from time to time as well here at Malwarebytes. Anyway for the last few days, my Symantec Endpoint protection keeps catching and quarantine a Trojan.Gen file that gets put in my temp folder. I thought I had it licked but it was there again last night. The files are random name like DWH230C.tmp, last night I had the temp folder open and I could see it show up, then removed by AV. This process went on for about 5 hours and then quit starting at about 8 PM. It was happening about every 2 to 6 seconds and then stopped. Currently it is not happening, but I think it will happen again. I have ran MBAM, Full scan with Symantec Endpoint Protection AV, tried the TDSS rootkit tool, Kaspersky Virus Removal Tool. Here are my logs (including ark.txt, attach.txt, dds.txt and mbam log).....

Good to hear about the new automatic setting in version 1.47.... Also thanks for the info on how it gets automatically enabled after a restart.

Hello and FYI Malwarebytes is not an antivirus program, so it is good that you already have one. You can have both an Anti-virus program and Malwarebytes running together. What is your anti-virus program and/or any other security software you use. You may try entering exceptions in your anti-virus program as listed below. Please exclude the following files from your antivirus: Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well For Windows XP: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\mbamswissarmy.sys For Windows Vista or Windows 7: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\System32\drivers\mbamswissarmy.sys For 64 bit versions of Windows Vista or Windows 7: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref C:\Windows\System32\drivers\mbam.sys C:\Windows\SysWoW64\drivers\mbamswissarmy.sys Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site: data-cdn.mbamupdates.com The FAQ contains examples of setting file exclusions for some known AV products Please post back and let us know how it went.

Thanks for the info YoKenny1, but when I do a search I am usually searching for files that are not indexed (according to what you quoted above). I do not mind waiting a bit if I have to as long as it finds the file, and gives me a good location as to where the file is located. I do not like the way windows 7 displays the location of the file after the search is done.

Thanks guys, the Ultrafilesearch I think will do the trick for me, expecially the portable version, that way no install is required.

In one word, YES, that is what you need to do once you have activated the full version.... Someone has recently suggested this to be configured automatically already as discussed HERE, we will see what the developers think about it. It is hard to guess what most folks want as far as the schedule, some folks want scans in the evening others in the morning, maybe they can find a happy medium. Then again, if they are there by default, some folks will not want them there, cause they would have to go and delete them before they can schedule thiers to their liking....

Hi, and Welcome to Malwarebytes! Since the infection keeps coming back, you probably have a rootkit or some other malware on your computer.... Please read the following so that you can begin the cleaning process: As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible. PS: Please use the "ADDREPLY" button instead of other ones when you start replying.

Hello amygao and Welcome to Malwarebytes..... Please try the following to see if it helps: Windows XP: Click on Start and select Control Panel Open Add/Remove Programs Uninstall Malwarebytes' Anti-Malware Restart your computer very important Download and run mbam-clean.exe from here NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step.... It will ask to restart your computer, please allow it to do so very important After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here Note: You will need to reactivate the program using the license you were sent via email if using the Pro version Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates. Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it. Windows Vista and Windows 7: Click on the Start button and select Control Panel Click on Programs and Features Uninstall Malwarebytes' Anti-Malware Restart your computer very important Download and run mbam-clean.exe from here NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step.... It will ask to restart your computer, please allow it to do so very important After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here Note: You will need to reactivate the program using the license you were sent via email if using the Pro version Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates. Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Hello spastore and Since you are getting a detection of Tidserv you are infected, so lets have the experts take a look at your computer to help you get it cleaned off.... Please read the following so that you can begin the cleaning process: As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have. Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post. One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours. Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post. If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again. Or You may send a Private Message to a Moderator asking for assistance. Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here. Please be patient, someone will assist you as soon as it is possible. PS: Please use the "ADDREPLY" button instead of other ones when you start replying.