Jump to content

hachamdavid

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral
  1. hachamdavid
    Everything is looking good so far. Thank you very much.
  2. hachamdavid
    Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Symantec AntiVirus Authentium AntiVirus SDK - 2 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner (remove only) Java 6 Update 26 Java SE Development Kit 6 Update 4 Java SE Development Kit 6 Update 16 Java DB 10.4.2.1 Flash Player Out of Date! Adobe Flash Player 10.0.45.2 ```````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Symantec AntiVirus DefWatch.exe Symantec AntiVirus Rtvscan.exe ``````````End of Log```````````` ___________________ As for other issues, I have not really had any in the past few weeks since running the combofix, though apparently based on the ESET scan, there were some malware files. Also I should mention, I uninstalled Immunet and Spyware Doctor.
  3. hachamdavid
    I ran the scan twice since I did not have enough time to finish the first scan. Here are the results from the first scan: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=fe29f44163fd944c8178c0bd1d33f383 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-07-15 10:40:30 # local_time=2011-07-15 06:40:30 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 55704794 55704794 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=209610 # found=7 # cleaned=7 # scan_time=27034 C:\Documents and Settings\David Khaski\Application Data\Sun\Java\Deployment\cache\6.0\18\4f46b492-5636d65f multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\David Khaski\Application Data\Sun\Java\Deployment\cache\6.0\28\26d395dc-5cccc5f5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\David Khaski\Application Data\Sun\Java\Deployment\cache\6.0\32\4e5c2020-3acb5031 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Maurice Khaski\Application Data\Sun\Java\Deployment\cache\6.0\28\7e4c53dc-4c03ac81 Java/TrojanDownloader.Agent.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Maurice Khaski\Local Settings\Temp\MGS54.tmp probably a variant of Win32/Agent.GZLOTD trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Moise Khaski\Application Data\Sun\Java\Deployment\cache\6.0\22\69932116-7b5de284 Java/TrojanDownloader.OpenStream.NAC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Moise Khaski\Application Data\Sun\Java\Deployment\cache\6.0\50\2e0b34b2-24527d13 Java/TrojanDownloader.OpenStream.NAC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C __________________________ And the results of the second: version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=fe29f44163fd944c8178c0bd1d33f383 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-17 03:34:50 # local_time=2011-07-17 11:34:50 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 55859597 55859597 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=513726 # found=0 # cleaned=0 # scan_time=19493
  4. hachamdavid
    Sorry about the delay, here is the new combofix log. If you see any other item related to p2p or stuff like that please tell me so I can delete them. ComboFix 11-07-07.06 - David Khaski 07/08/2011 10:39:05.5.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1616 [GMT -4:00] Running from: c:\documents and settings\David Khaski\Desktop\ComboFix.exe AV: Immunet Protect *Enabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37} AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 ))))))))))))))))))))))))))))))) . . 2011-07-08 14:06 . 2011-07-08 14:33 -------- d-----w- C:\32788R22FWJFW 2011-06-19 07:15 . 2011-06-19 07:15 77824 ----a-w- c:\windows\system32\drivers\tsk16E.tmp 2011-06-19 07:02 . 2011-06-19 07:02 -------- d-----w- C:\9a9de187a29165f0a8d87d 2011-06-19 07:00 . 2011-06-19 07:02 -------- d-----w- C:\b807216b11abdca78f 2011-06-16 05:04 . 2011-06-16 05:05 -------- d-----w- C:\f7ca5591a6ec160bb54a0510e913d7b2 2011-06-16 03:56 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys 2011-06-16 01:37 . 2011-06-16 01:37 -------- d-----w- c:\documents and settings\All Users\Immunet 2011-06-16 01:37 . 2011-06-16 01:37 -------- d-----w- c:\documents and settings\David Khaski\Application Data\Immunet 2011-06-16 01:37 . 2011-06-16 01:37 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys 2011-06-16 01:37 . 2011-06-16 01:37 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys 2011-06-16 01:36 . 2011-07-08 14:26 -------- d-----w- c:\program files\Immunet Protect 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-14 13:17 . 2011-06-15 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\program files\NOS 2011-06-13 03:06 . 2011-06-12 05:29 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-06-13 01:05 . 2011-05-25 19:15 29544 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll 2011-06-12 23:49 . 2011-06-12 23:49 -------- d-----w- c:\documents and settings\David Khaski\Application Data\Registry Mechanic 2011-06-12 16:42 . 2010-08-05 12:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-06-12 16:42 . 2008-04-02 19:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-06-12 16:42 . 2008-04-02 19:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-06-12 16:42 . 2008-04-02 19:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-06-12 05:29 . 2011-06-29 05:31 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-12 05:27 . 2011-05-25 06:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-06-12 02:49 . 2011-06-12 02:50 -------- d-----w- c:\documents and settings\David Khaski\Local Settings\Application Data\Deployment 2011-06-12 02:42 . 2011-06-12 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2011-06-10 19:17 . 2011-06-10 19:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-06-10 01:55 . 2011-06-10 01:59 -------- dc-h--w- c:\windows\ie8 2011-06-10 01:48 . 2011-06-14 13:24 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\VERIZON_BROAD 2011-06-10 01:47 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VERIZON_BROAD 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ConduitEngine 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Viewpoint . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-19 07:33 . 2005-08-16 10:18 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-06-16 05:17 . 2009-04-14 19:35 187328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll 2011-06-16 05:16 . 2009-04-14 19:33 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2011-06-15 15:38 . 2011-05-18 21:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 13:11 . 2009-07-21 00:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-07-21 00:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52 . 2010-05-03 11:09 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25 . 2007-04-27 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2005-08-16 10:18 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2006-01-24 11:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2005-08-16 10:18 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2005-08-16 10:18 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2008-04-29 21:19 . 2008-06-12 00:44 78561280 ----a-w- c:\program files\Common Files\ATX Fixed Asset Manager Evaluation Workstation.msi 2006-08-20 03:12 . 2006-08-20 03:12 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-11-17 22:07 . 2008-06-29 14:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay] @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}" [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay] @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}" [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay] @="{84CEF1E4-1356-4063-845F-05047F4DD52C}" [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay] @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}" [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-25 944008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-12 1122304] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-09-17 2065648] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2010-06-09 161336] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "Immunet Protect"="c:\program files\Immunet Protect\2.0.17\iptray.exe" [2011-06-16 2615624] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-12-03 126976] . c:\documents and settings\David Khaski\Start Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Remote Access.LNK - c:\windows\Downlo~1\MyWebEx\319\raagtx.exe [2010-11-3 38200] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Remote Access.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Remote Access.LNK backup=c:\windows\pss\QuickBooks Remote Access.LNKCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^David Khaski^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\documents and settings\David Khaski\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-11-17 22:07 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1173191900\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livedrive] 2010-04-22 14:06 1348608 ----a-w- c:\program files\Livedrive\Livedrive.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] 2008-12-03 15:12 69632 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SavRoam"=3 (0x3) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=2 (0x2) "gupdate"=2 (0x2) "GoogleDesktopManager-110309-193829"=3 (0x3) "GameConsoleService"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "RPSUpdaterR"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "IDriverT"=3 (0x3) "MyWebSearchService"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "atnthost"=2 (0x2) "Radialpoint Security Services"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Documents and Settings\\David Khaski\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1173191900\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AOL 9.0b\\waol.exe"= "c:\\Program Files\\AOL 9.0c\\waol.exe"= "c:\\Program Files\\AOL 9.0d\\waol.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\AOL 9.1a\\waol.exe"= "c:\\Program Files\\AOL 9.1b\\waol.exe"= "c:\\Program Files\\AOL 9.1c\\waol.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Documents and Settings\\David Khaski\\My Documents\\drjava-20080124-1942.exe"= "c:\\Program Files\\Intuit\\QuickBooks Basic\\QBDBMgrN.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\My Games\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"= "c:\\Program Files\\Brother\\Brmfl08i\\FAXRX.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"= "c:\\Magic\\Program\\Manalink.exe"= "c:\\PVSW\\Bin\\W3DBSMGR.EXE"= "c:\\DacEasy\\pvsw\\W3DBSMGR.EXE"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\David Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Moise Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "54925:UDP"= 54925:UDP:Brother Network Scanner "1:TCP"= 1:TCP:LPT1 . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/23/2009 9:12 PM 207792] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/16/2007 10:10 AM 691696] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [7/28/2010 5:25 PM 146904] S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [6/15/2011 9:37 PM 41424] S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [6/15/2011 9:37 PM 31184] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S2 ImmunetProtect;Immunet Protect;c:\program files\Immunet Protect\2.0.17\agent.exe [6/15/2011 9:36 PM 756680] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2009 8:00 PM 366640] S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2009 8:00 PM 22712] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208] S3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [6/23/2009 4:27 PM 20480] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/16/2005 6:18 AM 14336] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/23/2009 9:10 PM 359624] S4 atnthost;WebEx Remote Access Agent;c:\windows\Downlo~1\MyWebEx\319\atnthost.exe [11/3/2010 8:07 PM 16776] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/29/2008 10:31 AM 30192] S4 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/16/2005 6:18 AM 5120] S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper bdx REG_MULTI_SZ scan sysagent . Contents of the 'Scheduled Tasks' folder . 2011-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 11:19] . 2011-07-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 04:29] . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006Core.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006UA.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-07-01 c:\windows\Tasks\Norton Security Scan for Moise Khaski.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18] . 2011-07-07 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-06-12 12:46] . 2011-07-08 c:\windows\Tasks\RMSmartUpdate.job - c:\program files\Registry Mechanic\Update.exe [2011-06-12 12:46] . 2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{6780BEE6-2189-4DB0-92BD-64F495379380}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . 2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{A78D56A3-BCEE-4D47-9CB7-18007CB57D6B}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: turbotax.com Trusted Zone: musicmatch.com\online TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\documents and settings\David Khaski\Application Data\Mozilla\Firefox\Profiles\ptkf1ro6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: XULRunner: {DB449582-D599-4237-8FDC-295649FBEFC4} - c:\documents and settings\David Khaski\Local Settings\Application Data\{DB449582-D599-4237-8FDC-295649FBEFC4} FF - Ext: XULRunner: {3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} - c:\documents and settings\Moise Khaski\Local Settings\Application Data\{3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} FF - Ext: XULRunner: {D9F7ED81-4825-48DD-8577-C84F0794B17A} - c:\documents and settings\Maurice Khaski\Local Settings\Application Data\{D9F7ED81-4825-48DD-8577-C84F0794B17A} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - . Notify-NavLogon - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-08 11:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(700) c:\windows\system32\WININET.dll c:\program files\Livedrive\LivedriveExtensions.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll . Completion time: 2011-07-08 11:08:43 ComboFix-quarantined-files.txt 2011-07-08 15:08 . Pre-Run: 29,249,413,120 bytes free Post-Run: 29,346,783,232 bytes free . - - End Of File - - 5E539D2BE81C8A6E0A75DBBA08C2CA54
  5. hachamdavid
    I just uninstalled utorrent (one of the kids must have installed it, not sure what it is) and I am trying to search for all the items you listed. If possible, I would like if you could continue to aid me in removing the malware.
  6. hachamdavid
    omboFix 11-06-22.02 - David Khaski 06/22/2011 19:32:10.3.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1705 [GMT -4:00] Running from: c:\documents and settings\David Khaski\Desktop\ComboFix.exe AV: Immunet Protect *Disabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37} AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\David Khaski\Application Data\msupdate.log c:\documents and settings\Moise Khaski\Application Data\msupdate.log c:\documents and settings\Moise Khaski\Desktop\Search.lnk c:\windows\system32\bszip.dll c:\windows\system32\drivers\npf.sys . . ((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 ))))))))))))))))))))))))))))))) . . 2011-06-22 23:10 . 2011-06-22 23:29 -------- d-----w- C:\32788R22FWJFW 2011-06-19 07:36 . 2011-06-19 07:36 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2011-06-19 07:36 . 2011-06-19 07:36 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2011-06-19 07:36 . 2011-06-19 07:36 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2011-06-19 07:36 . 2011-06-19 07:36 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2011-06-19 07:36 . 2011-06-19 07:36 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2011-06-19 07:36 . 2011-06-19 07:36 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2011-06-19 07:36 . 2011-06-19 07:36 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2011-06-19 07:36 . 2011-06-19 07:36 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2011-06-19 07:35 . 2011-06-19 07:35 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2011-06-19 07:35 . 2011-06-19 07:35 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2011-06-19 07:35 . 2011-06-19 07:35 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2011-06-19 07:35 . 2011-06-19 07:35 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2011-06-19 07:35 . 2011-06-19 07:35 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2011-06-19 07:35 . 2011-06-19 07:35 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2011-06-19 07:35 . 2011-06-19 07:35 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2011-06-19 07:35 . 2011-06-19 07:35 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2011-06-19 07:35 . 2011-06-19 07:35 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2011-06-19 07:15 . 2011-06-19 07:15 77824 ----a-w- c:\windows\system32\drivers\tsk16E.tmp 2011-06-19 07:02 . 2011-06-19 07:02 -------- d-----w- C:\9a9de187a29165f0a8d87d 2011-06-19 07:00 . 2011-06-19 07:02 -------- d-----w- C:\b807216b11abdca78f 2011-06-16 11:27 . 2011-06-16 11:27 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\Immunet 2011-06-16 05:04 . 2011-06-16 05:05 -------- d-----w- C:\f7ca5591a6ec160bb54a0510e913d7b2 2011-06-16 03:56 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys 2011-06-16 01:37 . 2011-06-16 01:37 -------- d-----w- c:\documents and settings\All Users\Immunet 2011-06-16 01:37 . 2011-06-16 01:37 -------- d-----w- c:\documents and settings\David Khaski\Application Data\Immunet 2011-06-16 01:37 . 2011-06-16 01:37 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys 2011-06-16 01:37 . 2011-06-16 01:37 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys 2011-06-16 01:36 . 2011-06-22 23:22 -------- d-----w- c:\program files\Immunet Protect 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-14 13:17 . 2011-06-15 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\program files\NOS 2011-06-14 12:50 . 2011-06-14 12:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2011-06-13 03:06 . 2011-06-12 05:29 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-06-13 01:05 . 2011-05-25 19:15 29544 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll 2011-06-12 23:49 . 2011-06-12 23:49 -------- d-----w- c:\documents and settings\David Khaski\Application Data\Registry Mechanic 2011-06-12 16:42 . 2010-08-05 12:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-06-12 16:42 . 2008-04-02 19:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-06-12 16:42 . 2008-04-02 19:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-06-12 16:42 . 2008-04-02 19:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-06-12 05:29 . 2011-06-12 05:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-12 05:27 . 2011-05-25 06:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-06-12 02:49 . 2011-06-12 02:50 -------- d-----w- c:\documents and settings\David Khaski\Local Settings\Application Data\Deployment 2011-06-12 02:42 . 2011-06-12 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2011-06-10 19:17 . 2011-06-10 19:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-06-10 01:55 . 2011-06-10 01:59 -------- dc-h--w- c:\windows\ie8 2011-06-10 01:47 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VERIZON_BROAD 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ConduitEngine 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Viewpoint 2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2011-05-29 20:43 . 2011-05-29 20:43 -------- d-----w- c:\program files\Common Files\Intuit Shared 2011-05-29 20:32 . 2011-05-31 12:05 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\Lacerte 2011-05-29 19:39 . 2009-08-20 21:40 4194304 ----a-w- c:\windows\system32\cdintf400.dll 2011-05-29 19:28 . 2011-05-29 19:49 -------- d-----w- C:\ProWin10 2011-05-29 18:54 . 2011-05-29 19:44 -------- d-----w- C:\BasWin10 2011-05-29 02:58 . 2011-05-29 03:03 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\CasinoOnNet . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-19 07:33 . 2005-08-16 10:18 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-06-16 05:17 . 2009-04-14 19:35 187328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll 2011-06-16 05:16 . 2009-04-14 19:33 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2011-06-15 15:38 . 2011-05-18 21:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 13:11 . 2009-07-21 00:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-07-21 00:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52 . 2010-05-03 11:09 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25 . 2007-04-27 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19 . 2006-01-24 11:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2005-08-16 10:18 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2005-08-16 10:18 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2008-04-29 21:19 . 2008-06-12 00:44 78561280 ----a-w- c:\program files\Common Files\ATX Fixed Asset Manager Evaluation Workstation.msi 2006-08-20 03:12 . 2006-08-20 03:12 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-11-17 22:07 . 2008-06-29 14:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay] @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}" [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay] @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}" [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay] @="{84CEF1E4-1356-4063-845F-05047F4DD52C}" [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay] @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}" [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-25 944008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-12 1122304] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-09-17 2065648] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2010-06-09 161336] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "Immunet Protect"="c:\program files\Immunet Protect\2.0.17\iptray.exe" [2011-06-16 2615624] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-12-03 126976] . c:\documents and settings\David Khaski\Start Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Remote Access.LNK - c:\windows\Downlo~1\MyWebEx\319\raagtx.exe [2010-11-3 38200] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Remote Access.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Remote Access.LNK backup=c:\windows\pss\QuickBooks Remote Access.LNKCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^David Khaski^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\documents and settings\David Khaski\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-11-17 22:07 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1173191900\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livedrive] 2010-04-22 14:06 1348608 ----a-w- c:\program files\Livedrive\Livedrive.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] 2008-12-03 15:12 69632 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SavRoam"=3 (0x3) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=2 (0x2) "gupdate"=2 (0x2) "GoogleDesktopManager-110309-193829"=3 (0x3) "GameConsoleService"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "RPSUpdaterR"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "IDriverT"=3 (0x3) "MyWebSearchService"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "atnthost"=2 (0x2) "Radialpoint Security Services"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Documents and Settings\\David Khaski\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1173191900\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AOL 9.0b\\waol.exe"= "c:\\Program Files\\AOL 9.0c\\waol.exe"= "c:\\Program Files\\AOL 9.0d\\waol.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\AOL 9.1a\\waol.exe"= "c:\\Program Files\\AOL 9.1b\\waol.exe"= "c:\\Program Files\\AOL 9.1c\\waol.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Documents and Settings\\David Khaski\\My Documents\\drjava-20080124-1942.exe"= "c:\\Program Files\\Intuit\\QuickBooks Basic\\QBDBMgrN.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\My Games\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"= "c:\\Program Files\\Brother\\Brmfl08i\\FAXRX.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"= "c:\\Magic\\Program\\Manalink.exe"= "c:\\PVSW\\Bin\\W3DBSMGR.EXE"= "c:\\DacEasy\\pvsw\\W3DBSMGR.EXE"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\David Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Moise Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "54925:UDP"= 54925:UDP:Brother Network Scanner "1:TCP"= 1:TCP:LPT1 . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/23/2009 9:12 PM 207792] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/16/2007 10:10 AM 691696] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [7/28/2010 5:25 PM 146904] S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [6/15/2011 9:37 PM 41424] S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [6/15/2011 9:37 PM 31184] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S2 ImmunetProtect;Immunet Protect;c:\program files\Immunet Protect\2.0.17\agent.exe [6/15/2011 9:36 PM 756680] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2009 8:00 PM 366640] S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2009 8:00 PM 22712] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208] S3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [6/23/2009 4:27 PM 20480] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/16/2005 6:18 AM 14336] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/23/2009 9:10 PM 359624] S4 atnthost;WebEx Remote Access Agent;c:\windows\Downlo~1\MyWebEx\319\atnthost.exe [11/3/2010 8:07 PM 16776] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/29/2008 10:31 AM 30192] S4 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/16/2005 6:18 AM 5120] S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper bdx REG_MULTI_SZ scan sysagent . Contents of the 'Scheduled Tasks' folder . 2011-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 06:00] . 2011-06-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 04:29] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006Core.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006UA.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-06-17 c:\windows\Tasks\Norton Security Scan for Moise Khaski.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18] . 2011-06-22 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-06-12 12:46] . 2011-06-22 c:\windows\Tasks\RMSmartUpdate.job - c:\program files\Registry Mechanic\Update.exe [2011-06-12 12:46] . 2011-06-22 c:\windows\Tasks\User_Feed_Synchronization-{6780BEE6-2189-4DB0-92BD-64F495379380}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . 2011-06-22 c:\windows\Tasks\User_Feed_Synchronization-{A78D56A3-BCEE-4D47-9CB7-18007CB57D6B}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: turbotax.com Trusted Zone: musicmatch.com\online TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\documents and settings\David Khaski\Application Data\Mozilla\Firefox\Profiles\ptkf1ro6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: XULRunner: {DB449582-D599-4237-8FDC-295649FBEFC4} - c:\documents and settings\David Khaski\Local Settings\Application Data\{DB449582-D599-4237-8FDC-295649FBEFC4} FF - Ext: XULRunner: {3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} - c:\documents and settings\Moise Khaski\Local Settings\Application Data\{3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} FF - Ext: XULRunner: {D9F7ED81-4825-48DD-8577-C84F0794B17A} - c:\documents and settings\Maurice Khaski\Local Settings\Application Data\{D9F7ED81-4825-48DD-8577-C84F0794B17A} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe Notify-NavLogon - (no file) SafeBoot-81749221.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-22 20:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(268) c:\windows\system32\WINHTTP.dll . Completion time: 2011-06-22 20:07:41 ComboFix-quarantined-files.txt 2011-06-23 00:07 ComboFix2.txt 2011-06-15 23:51 . Pre-Run: 15,599,292,416 bytes free Post-Run: 16,104,374,272 bytes free . - - End Of File - - 525BFC5BFD86FAB76793A23EE61BE758 Hijack this log: SIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\csifcsvc.exe C:\Program Files\Immunet Protect\2.0.17\agent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Verizon\McciTrayApp.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE C:\WINDOWS\Downlo~1\MyWebEx\319\raagtx.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Microsoft Office\Office14\GROOVE.EXE C:\WINDOWS\system32\winmine.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: BrowserHelper Class - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\Livedrive\LivedriveExplorerExtensions.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [immunet Protect] "C:\Program Files\Immunet Protect\2.0.17\iptray.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user') O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O4 - Global Startup: QuickBooks Remote Access.LNK = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  7. hachamdavid
    I removed Viewpoint programs TDSSKiller.2.5.5.0_19.06.2011_03.14.10_log.txt
  8. hachamdavid
    The MBAM log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6863 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/15/2011 8:40:22 PM mbam-log-2011-06-15 (20-40-22).txt Scan type: Quick scan Objects scanned: 220643 Time elapsed: 20 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The Combofix log: ComboFix 11-06-15.02 - David Khaski 06/15/2011 18:52:44.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1484 [GMT -4:00] Running from: c:\documents and settings\David Khaski\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\David Khaski\Application Data\alot c:\documents and settings\David Khaski\Application Data\Google\T-Scan c:\documents and settings\David Khaski\Application Data\Google\T-Scan\n.gif c:\documents and settings\David Khaski\Application Data\Google\T-Scan\t.gif c:\documents and settings\David Khaski\Application Data\Google\T-Scan\Thumbs.db c:\documents and settings\David Khaski\Application Data\Google\T-Scan\y.gif c:\documents and settings\David Khaski\Application Data\Help\coma.exe c:\documents and settings\David Khaski\Application Data\PriceGong c:\documents and settings\David Khaski\Application Data\PriceGong\Data\1.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\a.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\b.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\c.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\d.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\e.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\f.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\g.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\h.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\i.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\J.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\k.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\l.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\m.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\mru.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\n.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\o.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\p.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\q.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\r.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\s.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\t.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\u.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\v.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\w.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\x.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\y.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\z.xml c:\documents and settings\David Khaski\WINDOWS c:\documents and settings\Moise Khaski\Application Data\PriceGong c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\1.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\a.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\b.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\c.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\d.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\e.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\f.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\g.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\h.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\i.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\J.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\k.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\l.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\m.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\n.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\o.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\p.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\q.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\r.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\s.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\t.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\u.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\v.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\w.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\x.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\y.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\z.xml c:\documents and settings\Moise Khaski\WINDOWS c:\windows\Google Pack Screensaver Uninstaller.exe c:\windows\system32\Packet.dll c:\windows\system32\spool\prtprocs\w32x86\atx_print.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 ))))))))))))))))))))))))))))))) . . 2011-06-15 22:15 . 2011-06-15 22:18 -------- d-----w- C:\32788R22FWJFW 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-14 13:17 . 2011-06-15 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\program files\NOS 2011-06-14 13:16 . 2011-06-14 13:16 -------- d-----w- C:\godlike3 2011-06-14 12:50 . 2011-06-14 12:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2011-06-13 03:06 . 2011-06-12 05:29 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-06-13 01:05 . 2011-05-25 19:15 29544 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll 2011-06-12 23:49 . 2011-06-12 23:49 -------- d-----w- c:\documents and settings\David Khaski\Application Data\Registry Mechanic 2011-06-12 16:42 . 2010-08-05 12:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-06-12 16:42 . 2008-04-02 19:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-06-12 16:42 . 2008-04-02 19:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-06-12 16:42 . 2008-04-02 19:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-06-12 05:29 . 2011-06-12 05:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-12 05:27 . 2011-05-25 06:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-06-12 02:49 . 2011-06-12 02:50 -------- d-----w- c:\documents and settings\David Khaski\Local Settings\Application Data\Deployment 2011-06-12 02:42 . 2011-06-12 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2011-06-10 19:17 . 2011-06-10 19:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-06-10 01:55 . 2011-06-10 01:59 -------- dc-h--w- c:\windows\ie8 2011-06-10 01:47 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VERIZON_BROAD 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ConduitEngine 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Viewpoint 2011-05-29 20:43 . 2011-05-29 20:43 -------- d-----w- c:\program files\Common Files\Intuit Shared 2011-05-29 20:32 . 2011-05-31 12:05 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\Lacerte 2011-05-29 19:39 . 2009-08-20 21:40 4194304 ----a-w- c:\windows\system32\cdintf400.dll 2011-05-29 19:28 . 2011-05-29 19:49 -------- d-----w- C:\ProWin10 2011-05-29 18:54 . 2011-05-29 19:44 -------- d-----w- C:\BasWin10 2011-05-29 02:58 . 2011-05-29 03:03 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\CasinoOnNet 2011-05-29 02:58 . 2011-05-29 03:00 -------- d-----w- c:\program files\CasinoOnNet 2011-05-18 21:35 . 2011-06-15 15:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-18 20:53 . 2011-05-18 20:53 -------- d-----w- c:\program files\TelevisionFanatic 2011-05-18 20:48 . 2011-05-18 20:49 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\RebateInformer 2011-05-18 20:48 . 2011-05-18 20:48 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\AppGraffiti 2011-05-18 20:48 . 2011-05-19 18:33 -------- d-----w- c:\program files\AppGraffiti 2011-05-18 20:48 . 2011-05-18 20:48 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\PCPowerSpeed 2011-05-18 20:48 . 2011-06-10 22:38 -------- d-----w- c:\program files\RebateInformer 2011-05-18 20:48 . 2011-05-18 20:48 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\Inbox Toolbar . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2009-07-21 00:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-07-21 00:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52 . 2010-05-03 11:09 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25 . 2007-04-27 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2008-04-29 21:19 . 2008-06-12 00:44 78561280 ----a-w- c:\program files\Common Files\ATX Fixed Asset Manager Evaluation Workstation.msi 2006-08-20 03:12 . 2006-08-20 03:12 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-11-17 22:07 . 2008-06-29 14:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay] @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}" [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay] @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}" [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay] @="{84CEF1E4-1356-4063-845F-05047F4DD52C}" [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay] @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}" [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-25 944008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-12 1122304] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-09-17 2065648] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2010-06-09 161336] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-12-03 126976] . c:\documents and settings\David Khaski\Start Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Remote Access.LNK - c:\windows\Downlo~1\MyWebEx\319\raagtx.exe [2010-11-3 38200] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Remote Access.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Remote Access.LNK backup=c:\windows\pss\QuickBooks Remote Access.LNKCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^David Khaski^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\documents and settings\David Khaski\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-11-17 22:07 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1173191900\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livedrive] 2010-04-22 14:06 1348608 ----a-w- c:\program files\Livedrive\Livedrive.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] 2008-12-03 15:12 69632 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SavRoam"=3 (0x3) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=2 (0x2) "gupdate"=2 (0x2) "GoogleDesktopManager-110309-193829"=3 (0x3) "GameConsoleService"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "RPSUpdaterR"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "IDriverT"=3 (0x3) "MyWebSearchService"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "atnthost"=2 (0x2) "Radialpoint Security Services"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Documents and Settings\\David Khaski\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1173191900\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AOL 9.0b\\waol.exe"= "c:\\Program Files\\AOL 9.0c\\waol.exe"= "c:\\Program Files\\AOL 9.0d\\waol.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\AOL 9.1a\\waol.exe"= "c:\\Program Files\\AOL 9.1b\\waol.exe"= "c:\\Program Files\\AOL 9.1c\\waol.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Documents and Settings\\David Khaski\\My Documents\\drjava-20080124-1942.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"= "c:\\Program Files\\Intuit\\QuickBooks Basic\\QBDBMgrN.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\My Games\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"= "c:\\Program Files\\Brother\\Brmfl08i\\FAXRX.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"= "c:\\Magic\\Program\\Manalink.exe"= "c:\\PVSW\\Bin\\W3DBSMGR.EXE"= "c:\\DacEasy\\pvsw\\W3DBSMGR.EXE"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\David Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Moise Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "54925:UDP"= 54925:UDP:Brother Network Scanner "1:TCP"= 1:TCP:LPT1 . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/23/2009 9:12 PM 207792] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/16/2007 10:10 AM 691696] R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [7/28/2010 5:25 PM 146904] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2009 8:00 PM 366640] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/11/2007 10:32 AM 24652] R3 EraserUtilDrvI11;EraserUtilDrvI11;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [6/14/2011 9:27 AM 105592] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [5/25/2011 2:00 AM 15232] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2009 8:00 PM 22712] R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [6/23/2009 4:27 PM 20480] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/16/2005 6:18 AM 14336] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/23/2009 9:10 PM 359624] S4 atnthost;WebEx Remote Access Agent;c:\windows\Downlo~1\MyWebEx\319\atnthost.exe [11/3/2010 8:07 PM 16776] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/29/2008 10:31 AM 30192] S4 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/16/2005 6:18 AM 5120] S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 06:00] . 2011-06-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 04:29] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006Core.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006UA.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-06-10 c:\windows\Tasks\Norton Security Scan for Moise Khaski.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18] . 2011-06-14 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-06-12 12:46] . 2011-06-15 c:\windows\Tasks\RMSmartUpdate.job - c:\program files\Registry Mechanic\Update.exe [2011-06-12 12:46] . 2011-06-15 c:\windows\Tasks\User_Feed_Synchronization-{6780BEE6-2189-4DB0-92BD-64F495379380}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . 2011-06-15 c:\windows\Tasks\User_Feed_Synchronization-{A78D56A3-BCEE-4D47-9CB7-18007CB57D6B}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: turbotax.com Trusted Zone: musicmatch.com\online TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\documents and settings\David Khaski\Application Data\Mozilla\Firefox\Profiles\ptkf1ro6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: XULRunner: {DB449582-D599-4237-8FDC-295649FBEFC4} - c:\documents and settings\David Khaski\Local Settings\Application Data\{DB449582-D599-4237-8FDC-295649FBEFC4} FF - Ext: XULRunner: {3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} - c:\documents and settings\Moise Khaski\Local Settings\Application Data\{3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} FF - Ext: XULRunner: {D9F7ED81-4825-48DD-8577-C84F0794B17A} - c:\documents and settings\Maurice Khaski\Local Settings\Application Data\{D9F7ED81-4825-48DD-8577-C84F0794B17A} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: TelevisionFanatic: 64ffxtbr@TelevisionFanatic.com - c:\program files\TelevisionFanatic\bar\1.bin . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll Notify-NavLogon - (no file) MSConfigStartUp-64435830 - c:\docume~1\ALLUSE~1\APPLIC~1\64435830\64435830.exe MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe MSConfigStartUp-lphcgqjj0e7de - c:\windows\system32\lphcgqjj0e7de.exe MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe MSConfigStartUp-RebateInformer - c:\progra~1\REBATE~1\REBATE~1.EXE MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe MSConfigStartUp-RegWork - c:\program files\RegWork\RegWork.exe MSConfigStartUp-sniffer - c:\windows\Temp\_ex-08.exe MSConfigStartUp-vxdhm - c:\documents and settings\David Khaski\Application Data\Google\xtgoj6119471.exe MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\11.0.696.60\Installer\setup.exe AddRemove-Google Pack Screensaver - c:\windows\Google Pack Screensaver Uninstaller.exe AddRemove-Plaxo - c:\documents and settings\Moise Khaski\Local Settings\Application Data\Plaxo\3.25.0.87\uninstall.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_2BE6CD75D520F20B.exe AddRemove-{2A8E36DD-061D-4877-9736-30E7266A4669} - c:\program files\InstallShield Installation Information\{2A8E36DD-061D-4877-9736-30E7266A4669}\setup.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-15 19:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\docume~1\DAVIDK~1\LOCALS~1\Temp\ArmUI.ini 148526 bytes . scan completed successfully hidden files: 1 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD1600JS-75NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x87037ECC]<< c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86009879; SUB DWORD [EBP-0x4], 0x86009135; PUSH EDI; CALL 0xffffffffffffdf2c; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A50BAB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A580920] 5 PCTCore[0xB9DA3891] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A580B00] [0x8A121658] -> IRP_MJ_CREATE -> 0x87037ECC kernel: MBR read successfully _asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; } detected disk devices: \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD1600JS-75NCB1_____________________10.02E01#5&2510770d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x87037AF1 user & kernel MBR OK sectors 312499998 (+221): user != kernel Warning: possible TDL3 rootkit infection ! . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(5368) c:\windows\system32\WININET.dll c:\program files\Livedrive\LivedriveExtensions.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP3\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\csifcsvc.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\fxssvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\msiexec.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfimon.exe c:\windows\stsystra.exe c:\windows\eHome\ehmsas.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE . ************************************************************************** . Completion time: 2011-06-15 19:51:17 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-15 23:50 . Pre-Run: 20,024,811,520 bytes free Post-Run: 22,126,256,128 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - F36383A57AEAE665324FCD4B180EAD5C HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:44:28 PM, on 6/15/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\csifcsvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\Downlo~1\MyWebEx\319\raagtx.exe C:\Program Files\Microsoft Office\Office14\GROOVE.EXE C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\winmine.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2786678 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: BrowserHelper Class - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\Livedrive\LivedriveExplorerExtensions.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user') O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O4 - Global Startup: QuickBooks Remote Access.LNK = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  9. hachamdavid
    This is a copy of the log of ip address blocking. I dont know what is wrong but malwarebytes is not detecting any viruses. 00:00:01 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:00:04 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:00:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:01:22 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:01:25 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:01:31 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:02:43 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:02:46 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:02:52 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:04:04 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:04:07 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:04:13 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:07 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:16 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:25 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:28 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:28 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:05:31 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:05:34 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:38 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:06:42 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:06:45 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:06:46 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:06:49 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:06:51 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:06:55 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:07:11 David Khaski IP-BLOCK 67.29.139.153 (Type: outgoing) 00:07:14 David Khaski IP-BLOCK 67.29.139.153 (Type: outgoing) 00:08:07 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:16 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:27 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:29 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:30 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:32 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:36 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:37 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:48 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:08:50 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:08:52 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:08:53 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:08:58 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:08:59 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:09:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:11 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:13 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:14 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:19 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:20 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:28 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:31 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:37 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:29 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:32 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:36 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:38 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:39 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:45 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:49 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:50 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:10:52 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:53 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:10:58 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:59 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:11:11 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:11:14 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:11:20 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:13 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:19 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:28 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:31 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:37 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:49 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:12:52 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:12:53 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:56 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:58 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:13:02 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:13 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:14 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:13:17 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:13:19 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:23 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:13:31 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:34 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:35 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:38 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:40 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:44 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:14:52 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:14:55 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:15:01 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:16:13 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:16:16 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:16:22 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:17:34 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:17:37 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:17:43 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:18:55 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:18:58 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:19:04 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:20:16 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:20:19 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:20:25 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:21:37 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:21:40 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:21:46 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6830 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/10/2011 6:06:18 PM mbam-log-2011-06-10 (18-06-18).txt Scan type: Full scan (C:\|) Objects scanned: 294210 Time elapsed: 2 hour(s), 53 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This is a copy of the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:41:32 AM, on 6/12/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\csifcsvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\Downlo~1\MyWebEx\319\raagtx.exe C:\Program Files\Microsoft Office\Office14\GROOVE.EXE C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user') O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O4 - Global Startup: QuickBooks Remote Access.LNK = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  10. hachamdavid
    My father just informed me that he performed a system restore, and it seems that the problem is gone. Are there any other problems in the log entries that you see?
  11. hachamdavid
    DDS (Ver_09-10-12.01) - NTFSx86 Run by David Khaski at 22:56:06.81 on Sun 10/11/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1258 [GMT -4:00] AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\csifcsvc.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Documents and Settings\David Khaski\DAEMON Tools\daemon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Plaxo\3.22.0.7\PlaxoHelper_en.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\TurboTax\Premier 2005\32bit\ttax.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\My Documents\Downloads\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80229 mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229 mURLSearchHooks: AOL Search Class: {b253725d-8341-4b61-81d5-fc9f2ecb021c} - c:\program files\moviefone toolbar\moviefonetb.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {09A26406-041E-4FF5-9A88-0574721445B4} - No File BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll BHO: Moviefone Toolbar Loader: {cc40a9f8-4270-425e-972f-4140f0b6f71b} - c:\program files\moviefone toolbar\moviefonetb.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll TB: Moviefone Toolbar: {669c4c34-7457-4490-a642-a2ed3bf3bbbe} - c:\program files\moviefone toolbar\moviefonetb.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [Google Update] "c:\documents and settings\david khaski\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: turbotax.com Trusted Zone: musicmatch.com\online DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} - hxxp://zone.msn.com/bingame/zpagames/zpa_catan.cab55579.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks basic\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\davidk~1\applic~1\mozilla\firefox\profiles\ptkf1ro6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\david khaski\application data\mozilla\firefox\profiles\ptkf1ro6.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\documents and settings\david khaski\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\picasa2\npPicasa2.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-23 130936] R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-23 348752] R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2009-6-23 36480] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328] R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889] R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-11 24652] R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2009-6-23 20480] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-29 29744] S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2005-8-16 5120] S4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608] =============== Created Last 30 ================ 2009-10-09 01:39 <DIR> --d----- c:\program files\CCleaner 2009-10-08 11:33 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-10-08 11:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-08 11:30 <DIR> --d----- c:\program files\Moviefone Toolbar 2009-10-08 11:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Moviefone Toolbar 2009-10-08 11:30 <DIR> --d----- c:\program files\Yahoo! 2009-10-08 11:30 <DIR> --d----- c:\program files\AskBarDis 2009-10-08 11:29 <DIR> --d----- c:\program files\common files\HP 2009-10-08 09:54 1,744 a---h--- c:\windows\system32\yidajeyi 2009-10-08 00:49 <DIR> --d----- c:\program files\FileASSASSIN 2009-10-07 18:12 57,344 a------- c:\windows\system32\MFC71ENU.DLL 2009-10-07 16:37 12,632 a------- c:\windows\system32\lsdelete.exe 2009-10-07 16:18 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-13 21:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\31FE 2009-09-13 21:00 483,328 a------- c:\windows\system32\actskn45.ocx ==================== Find3M ==================== 2009-10-08 20:51 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll 2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll 2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll 2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe 2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll 2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll 2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll 2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll 2008-04-29 17:19 78,561,280 a------- c:\program files\common files\ATX Fixed Asset Manager Evaluation Workstation.msi 2008-03-30 22:33 487,288 a------- c:\program files\2006 ANCONA RAE COPY GIVEN BY HER.tax 2008-02-24 14:58 446,816 a------- c:\program files\2006 KHASKI MARSIL Tax Return.tax 2007-02-02 08:58 306,496 a------- c:\program files\2006 KHASKI JACK Tax Return.tax 2006-08-19 23:12 774,144 a------- c:\program files\RngInterstitial.dll 2009-07-08 07:59 88,576 a--sh--- c:\windows\system32\yivabada(2).dll 2008-08-28 08:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat ============= FINISH: 22:58:24.07 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-12.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/26/2006 11:28:43 PM System Uptime: 10/11/2009 7:22:55 PM (3 hours ago) Motherboard: Dell Inc. | | 0WG261 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 144 GiB total, 66.281 GiB free. D: is CDROM (CDFS) E: is CDROM () G: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP422: 9/30/2009 7:44:56 PM - System Checkpoint RP423: 10/1/2009 2:02:07 AM - System Checkpoint RP424: 10/2/2009 3:09:10 AM - System Checkpoint RP425: 10/4/2009 10:19:02 PM - System Checkpoint RP426: 10/7/2009 3:20:11 AM - System Checkpoint RP427: 10/7/2009 6:15:08 PM - Removed HP Update RP428: 10/8/2009 11:28:35 AM - Restore Operation RP429: 10/9/2009 12:05:12 PM - System Checkpoint RP430: 10/11/2009 7:40:23 PM - System Checkpoint ==== Installed Programs ====================== 2000 TurboTax for Business 2001 Lacerte Tax 2001 Lacerte Tax Planner 2001 TurboTax Business 7300_Help 7300Trb 7400 AAC Decoder Acrobat.com Ad-Aware Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Shockwave Player AiO_Scan AiOSoftware AnswerWorks 4.0 Runtime - English AnswerWorks 5.0 English Runtime AOL Uninstaller (Choose which Products to Remove) AOLIcon Apple Mobile Device Support Apple Software Update Ask Toolbar ATI Control Panel ATI Display Driver ATX / Kleinrock Tax Products 2007 (Remove Only) ATX Fixed Asset Manager Evaluation Workstation ATX W2/1099 Printer ATX
  12. hachamdavid
    I cannot install malwarebytes. When i try to i see the file install but when i click the finish button on the install window the mbam file disappears. I am also getting this stopsearchclick.com popup. I ran hijackthis and here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:36:56 PM, on 10/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\winmine.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {09A26406-041E-4FF5-9A88-0574721445B4} - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [filopedat] Rundll32.exe "c:\windows\system32\vejunetu.dll",a O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user') O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  13. hachamdavid
    It seems my pc is infected with something. I got this pctools popup and tray item. I was able to delete those files but Im still getting this stopsearchclick.com popup and its also redirecting some of my searches. Also when I tried to run mbam the pc told me it could not find the file. I tried reinstalling but right when I click finished on the install window the mbam.exe file disappears and i cannot run mbam. Not sure what to do.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.