hachamdavid
Members-
Posts
13 -
Joined
-
Last visited
Reputation
0 Neutral-
IP address continuous blocking
hachamdavid replied to hachamdavid's topic in Resolved Malware Removal Logs
Everything is looking good so far. Thank you very much. -
IP address continuous blocking
hachamdavid replied to hachamdavid's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Symantec AntiVirus Authentium AntiVirus SDK - 2 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner (remove only) Java 6 Update 26 Java SE Development Kit 6 Update 4 Java SE Development Kit 6 Update 16 Java DB 10.4.2.1 Flash Player Out of Date! Adobe Flash Player 10.0.45.2 ```````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Symantec AntiVirus DefWatch.exe Symantec AntiVirus Rtvscan.exe ``````````End of Log```````````` ___________________ As for other issues, I have not really had any in the past few weeks since running the combofix, though apparently based on the ESET scan, there were some malware files. Also I should mention, I uninstalled Immunet and Spyware Doctor. -
IP address continuous blocking
hachamdavid replied to hachamdavid's topic in Resolved Malware Removal Logs
I ran the scan twice since I did not have enough time to finish the first scan. Here are the results from the first scan: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=fe29f44163fd944c8178c0bd1d33f383 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-07-15 10:40:30 # local_time=2011-07-15 06:40:30 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 55704794 55704794 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=209610 # found=7 # cleaned=7 # scan_time=27034 C:\Documents and Settings\David Khaski\Application Data\Sun\Java\Deployment\cache\6.0\18\4f46b492-5636d65f multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\David Khaski\Application Data\Sun\Java\Deployment\cache\6.0\28\26d395dc-5cccc5f5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\David Khaski\Application Data\Sun\Java\Deployment\cache\6.0\32\4e5c2020-3acb5031 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Maurice Khaski\Application Data\Sun\Java\Deployment\cache\6.0\28\7e4c53dc-4c03ac81 Java/TrojanDownloader.Agent.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Maurice Khaski\Local Settings\Temp\MGS54.tmp probably a variant of Win32/Agent.GZLOTD trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Moise Khaski\Application Data\Sun\Java\Deployment\cache\6.0\22\69932116-7b5de284 Java/TrojanDownloader.OpenStream.NAC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Moise Khaski\Application Data\Sun\Java\Deployment\cache\6.0\50\2e0b34b2-24527d13 Java/TrojanDownloader.OpenStream.NAC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C __________________________ And the results of the second: version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=fe29f44163fd944c8178c0bd1d33f383 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-17 03:34:50 # local_time=2011-07-17 11:34:50 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 55859597 55859597 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=513726 # found=0 # cleaned=0 # scan_time=19493 -
IP address continuous blocking
hachamdavid replied to hachamdavid's topic in Resolved Malware Removal Logs
Sorry about the delay, here is the new combofix log. If you see any other item related to p2p or stuff like that please tell me so I can delete them. ComboFix 11-07-07.06 - David Khaski 07/08/2011 10:39:05.5.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1616 [GMT -4:00] Running from: c:\documents and settings\David Khaski\Desktop\ComboFix.exe AV: Immunet Protect *Enabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37} AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 ))))))))))))))))))))))))))))))) . . 2011-07-08 14:06 . 2011-07-08 14:33 -------- d-----w- C:\32788R22FWJFW 2011-06-19 07:15 . 2011-06-19 07:15 77824 ----a-w- c:\windows\system32\drivers\tsk16E.tmp 2011-06-19 07:02 . 2011-06-19 07:02 -------- d-----w- C:\9a9de187a29165f0a8d87d 2011-06-19 07:00 . 2011-06-19 07:02 -------- d-----w- C:\b807216b11abdca78f 2011-06-16 05:04 . 2011-06-16 05:05 -------- d-----w- C:\f7ca5591a6ec160bb54a0510e913d7b2 2011-06-16 03:56 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys 2011-06-16 01:37 . 2011-06-16 01:37 -------- d-----w- c:\documents and settings\All Users\Immunet 2011-06-16 01:37 . 2011-06-16 01:37 -------- d-----w- c:\documents and settings\David Khaski\Application Data\Immunet 2011-06-16 01:37 . 2011-06-16 01:37 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys 2011-06-16 01:37 . 2011-06-16 01:37 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys 2011-06-16 01:36 . 2011-07-08 14:26 -------- d-----w- c:\program files\Immunet Protect 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-14 13:17 . 2011-06-15 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\program files\NOS 2011-06-13 03:06 . 2011-06-12 05:29 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-06-13 01:05 . 2011-05-25 19:15 29544 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll 2011-06-12 23:49 . 2011-06-12 23:49 -------- d-----w- c:\documents and settings\David Khaski\Application Data\Registry Mechanic 2011-06-12 16:42 . 2010-08-05 12:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-06-12 16:42 . 2008-04-02 19:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-06-12 16:42 . 2008-04-02 19:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-06-12 16:42 . 2008-04-02 19:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-06-12 05:29 . 2011-06-29 05:31 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-12 05:27 . 2011-05-25 06:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-06-12 02:49 . 2011-06-12 02:50 -------- d-----w- c:\documents and settings\David Khaski\Local Settings\Application Data\Deployment 2011-06-12 02:42 . 2011-06-12 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2011-06-10 19:17 . 2011-06-10 19:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-06-10 01:55 . 2011-06-10 01:59 -------- dc-h--w- c:\windows\ie8 2011-06-10 01:48 . 2011-06-14 13:24 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\VERIZON_BROAD 2011-06-10 01:47 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VERIZON_BROAD 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ConduitEngine 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Viewpoint . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-19 07:33 . 2005-08-16 10:18 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-06-16 05:17 . 2009-04-14 19:35 187328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll 2011-06-16 05:16 . 2009-04-14 19:33 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2011-06-15 15:38 . 2011-05-18 21:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 13:11 . 2009-07-21 00:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-07-21 00:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52 . 2010-05-03 11:09 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25 . 2007-04-27 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2005-08-16 10:18 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2006-01-24 11:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2005-08-16 10:18 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2005-08-16 10:18 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2008-04-29 21:19 . 2008-06-12 00:44 78561280 ----a-w- c:\program files\Common Files\ATX Fixed Asset Manager Evaluation Workstation.msi 2006-08-20 03:12 . 2006-08-20 03:12 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-11-17 22:07 . 2008-06-29 14:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay] @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}" [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay] @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}" [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay] @="{84CEF1E4-1356-4063-845F-05047F4DD52C}" [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay] @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}" [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-25 944008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-12 1122304] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-09-17 2065648] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2010-06-09 161336] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "Immunet Protect"="c:\program files\Immunet Protect\2.0.17\iptray.exe" [2011-06-16 2615624] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-12-03 126976] . c:\documents and settings\David Khaski\Start Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Remote Access.LNK - c:\windows\Downlo~1\MyWebEx\319\raagtx.exe [2010-11-3 38200] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Remote Access.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Remote Access.LNK backup=c:\windows\pss\QuickBooks Remote Access.LNKCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^David Khaski^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\documents and settings\David Khaski\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-11-17 22:07 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1173191900\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livedrive] 2010-04-22 14:06 1348608 ----a-w- c:\program files\Livedrive\Livedrive.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] 2008-12-03 15:12 69632 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SavRoam"=3 (0x3) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=2 (0x2) "gupdate"=2 (0x2) "GoogleDesktopManager-110309-193829"=3 (0x3) "GameConsoleService"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "RPSUpdaterR"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "IDriverT"=3 (0x3) "MyWebSearchService"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "atnthost"=2 (0x2) "Radialpoint Security Services"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Documents and Settings\\David Khaski\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1173191900\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AOL 9.0b\\waol.exe"= "c:\\Program Files\\AOL 9.0c\\waol.exe"= "c:\\Program Files\\AOL 9.0d\\waol.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\AOL 9.1a\\waol.exe"= "c:\\Program Files\\AOL 9.1b\\waol.exe"= "c:\\Program Files\\AOL 9.1c\\waol.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Documents and Settings\\David Khaski\\My Documents\\drjava-20080124-1942.exe"= "c:\\Program Files\\Intuit\\QuickBooks Basic\\QBDBMgrN.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\My Games\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"= "c:\\Program Files\\Brother\\Brmfl08i\\FAXRX.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"= "c:\\Magic\\Program\\Manalink.exe"= "c:\\PVSW\\Bin\\W3DBSMGR.EXE"= "c:\\DacEasy\\pvsw\\W3DBSMGR.EXE"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\David Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Moise Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "54925:UDP"= 54925:UDP:Brother Network Scanner "1:TCP"= 1:TCP:LPT1 . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/23/2009 9:12 PM 207792] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/16/2007 10:10 AM 691696] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [7/28/2010 5:25 PM 146904] S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [6/15/2011 9:37 PM 41424] S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [6/15/2011 9:37 PM 31184] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S2 ImmunetProtect;Immunet Protect;c:\program files\Immunet Protect\2.0.17\agent.exe [6/15/2011 9:36 PM 756680] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2009 8:00 PM 366640] S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2009 8:00 PM 22712] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208] S3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [6/23/2009 4:27 PM 20480] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/16/2005 6:18 AM 14336] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/23/2009 9:10 PM 359624] S4 atnthost;WebEx Remote Access Agent;c:\windows\Downlo~1\MyWebEx\319\atnthost.exe [11/3/2010 8:07 PM 16776] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/29/2008 10:31 AM 30192] S4 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/16/2005 6:18 AM 5120] S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper bdx REG_MULTI_SZ scan sysagent . Contents of the 'Scheduled Tasks' folder . 2011-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 11:19] . 2011-07-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 04:29] . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006Core.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006UA.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-07-01 c:\windows\Tasks\Norton Security Scan for Moise Khaski.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18] . 2011-07-07 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-06-12 12:46] . 2011-07-08 c:\windows\Tasks\RMSmartUpdate.job - c:\program files\Registry Mechanic\Update.exe [2011-06-12 12:46] . 2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{6780BEE6-2189-4DB0-92BD-64F495379380}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . 2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{A78D56A3-BCEE-4D47-9CB7-18007CB57D6B}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: turbotax.com Trusted Zone: musicmatch.com\online TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\documents and settings\David Khaski\Application Data\Mozilla\Firefox\Profiles\ptkf1ro6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: XULRunner: {DB449582-D599-4237-8FDC-295649FBEFC4} - c:\documents and settings\David Khaski\Local Settings\Application Data\{DB449582-D599-4237-8FDC-295649FBEFC4} FF - Ext: XULRunner: {3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} - c:\documents and settings\Moise Khaski\Local Settings\Application Data\{3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} FF - Ext: XULRunner: {D9F7ED81-4825-48DD-8577-C84F0794B17A} - c:\documents and settings\Maurice Khaski\Local Settings\Application Data\{D9F7ED81-4825-48DD-8577-C84F0794B17A} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - . Notify-NavLogon - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-08 11:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(700) c:\windows\system32\WININET.dll c:\program files\Livedrive\LivedriveExtensions.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll . Completion time: 2011-07-08 11:08:43 ComboFix-quarantined-files.txt 2011-07-08 15:08 . Pre-Run: 29,249,413,120 bytes free Post-Run: 29,346,783,232 bytes free . - - End Of File - - 5E539D2BE81C8A6E0A75DBBA08C2CA54 -
IP address continuous blocking
hachamdavid replied to hachamdavid's topic in Resolved Malware Removal Logs
I just uninstalled utorrent (one of the kids must have installed it, not sure what it is) and I am trying to search for all the items you listed. If possible, I would like if you could continue to aid me in removing the malware. -
IP address continuous blocking
hachamdavid replied to hachamdavid's topic in Resolved Malware Removal Logs
omboFix 11-06-22.02 - David Khaski 06/22/2011 19:32:10.3.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1705 [GMT -4:00] Running from: c:\documents and settings\David Khaski\Desktop\ComboFix.exe AV: Immunet Protect *Disabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37} AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\David Khaski\Application Data\msupdate.log c:\documents and settings\Moise Khaski\Application Data\msupdate.log c:\documents and settings\Moise Khaski\Desktop\Search.lnk c:\windows\system32\bszip.dll c:\windows\system32\drivers\npf.sys . . ((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 ))))))))))))))))))))))))))))))) . . 2011-06-22 23:10 . 2011-06-22 23:29 -------- d-----w- C:\32788R22FWJFW 2011-06-19 07:36 . 2011-06-19 07:36 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2011-06-19 07:36 . 2011-06-19 07:36 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2011-06-19 07:36 . 2011-06-19 07:36 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2011-06-19 07:36 . 2011-06-19 07:36 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2011-06-19 07:36 . 2011-06-19 07:36 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2011-06-19 07:36 . 2011-06-19 07:36 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2011-06-19 07:36 . 2011-06-19 07:36 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2011-06-19 07:36 . 2011-06-19 07:36 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2011-06-19 07:35 . 2011-06-19 07:35 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2011-06-19 07:35 . 2011-06-19 07:35 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2011-06-19 07:35 . 2011-06-19 07:35 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2011-06-19 07:35 . 2011-06-19 07:35 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2011-06-19 07:35 . 2011-06-19 07:35 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2011-06-19 07:35 . 2011-06-19 07:35 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2011-06-19 07:35 . 2011-06-19 07:35 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2011-06-19 07:35 . 2011-06-19 07:35 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2011-06-19 07:35 . 2011-06-19 07:35 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2011-06-19 07:15 . 2011-06-19 07:15 77824 ----a-w- c:\windows\system32\drivers\tsk16E.tmp 2011-06-19 07:02 . 2011-06-19 07:02 -------- d-----w- C:\9a9de187a29165f0a8d87d 2011-06-19 07:00 . 2011-06-19 07:02 -------- d-----w- C:\b807216b11abdca78f 2011-06-16 11:27 . 2011-06-16 11:27 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\Immunet 2011-06-16 05:04 . 2011-06-16 05:05 -------- d-----w- C:\f7ca5591a6ec160bb54a0510e913d7b2 2011-06-16 03:56 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys 2011-06-16 01:37 . 2011-06-16 01:37 -------- d-----w- c:\documents and settings\All Users\Immunet 2011-06-16 01:37 . 2011-06-16 01:37 -------- d-----w- c:\documents and settings\David Khaski\Application Data\Immunet 2011-06-16 01:37 . 2011-06-16 01:37 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys 2011-06-16 01:37 . 2011-06-16 01:37 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys 2011-06-16 01:36 . 2011-06-22 23:22 -------- d-----w- c:\program files\Immunet Protect 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-14 13:17 . 2011-06-15 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\program files\NOS 2011-06-14 12:50 . 2011-06-14 12:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2011-06-13 03:06 . 2011-06-12 05:29 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-06-13 01:05 . 2011-05-25 19:15 29544 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll 2011-06-12 23:49 . 2011-06-12 23:49 -------- d-----w- c:\documents and settings\David Khaski\Application Data\Registry Mechanic 2011-06-12 16:42 . 2010-08-05 12:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-06-12 16:42 . 2008-04-02 19:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-06-12 16:42 . 2008-04-02 19:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-06-12 16:42 . 2008-04-02 19:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-06-12 05:29 . 2011-06-12 05:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-12 05:27 . 2011-05-25 06:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-06-12 02:49 . 2011-06-12 02:50 -------- d-----w- c:\documents and settings\David Khaski\Local Settings\Application Data\Deployment 2011-06-12 02:42 . 2011-06-12 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2011-06-10 19:17 . 2011-06-10 19:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-06-10 01:55 . 2011-06-10 01:59 -------- dc-h--w- c:\windows\ie8 2011-06-10 01:47 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VERIZON_BROAD 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ConduitEngine 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Viewpoint 2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2011-05-29 20:43 . 2011-05-29 20:43 -------- d-----w- c:\program files\Common Files\Intuit Shared 2011-05-29 20:32 . 2011-05-31 12:05 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\Lacerte 2011-05-29 19:39 . 2009-08-20 21:40 4194304 ----a-w- c:\windows\system32\cdintf400.dll 2011-05-29 19:28 . 2011-05-29 19:49 -------- d-----w- C:\ProWin10 2011-05-29 18:54 . 2011-05-29 19:44 -------- d-----w- C:\BasWin10 2011-05-29 02:58 . 2011-05-29 03:03 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\CasinoOnNet . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-19 07:33 . 2005-08-16 10:18 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-06-16 05:17 . 2009-04-14 19:35 187328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll 2011-06-16 05:16 . 2009-04-14 19:33 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2011-06-15 15:38 . 2011-05-18 21:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 13:11 . 2009-07-21 00:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-07-21 00:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52 . 2010-05-03 11:09 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25 . 2007-04-27 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-02 15:31 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19 . 2006-01-24 11:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2005-08-16 10:18 385024 ------w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2005-08-16 10:18 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2008-04-29 21:19 . 2008-06-12 00:44 78561280 ----a-w- c:\program files\Common Files\ATX Fixed Asset Manager Evaluation Workstation.msi 2006-08-20 03:12 . 2006-08-20 03:12 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-11-17 22:07 . 2008-06-29 14:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay] @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}" [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay] @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}" [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay] @="{84CEF1E4-1356-4063-845F-05047F4DD52C}" [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay] @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}" [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-25 944008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-12 1122304] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-09-17 2065648] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2010-06-09 161336] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "Immunet Protect"="c:\program files\Immunet Protect\2.0.17\iptray.exe" [2011-06-16 2615624] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-12-03 126976] . c:\documents and settings\David Khaski\Start Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Remote Access.LNK - c:\windows\Downlo~1\MyWebEx\319\raagtx.exe [2010-11-3 38200] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Remote Access.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Remote Access.LNK backup=c:\windows\pss\QuickBooks Remote Access.LNKCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^David Khaski^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\documents and settings\David Khaski\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-11-17 22:07 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1173191900\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livedrive] 2010-04-22 14:06 1348608 ----a-w- c:\program files\Livedrive\Livedrive.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] 2008-12-03 15:12 69632 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SavRoam"=3 (0x3) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=2 (0x2) "gupdate"=2 (0x2) "GoogleDesktopManager-110309-193829"=3 (0x3) "GameConsoleService"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "RPSUpdaterR"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "IDriverT"=3 (0x3) "MyWebSearchService"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "atnthost"=2 (0x2) "Radialpoint Security Services"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Documents and Settings\\David Khaski\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1173191900\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AOL 9.0b\\waol.exe"= "c:\\Program Files\\AOL 9.0c\\waol.exe"= "c:\\Program Files\\AOL 9.0d\\waol.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\AOL 9.1a\\waol.exe"= "c:\\Program Files\\AOL 9.1b\\waol.exe"= "c:\\Program Files\\AOL 9.1c\\waol.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Documents and Settings\\David Khaski\\My Documents\\drjava-20080124-1942.exe"= "c:\\Program Files\\Intuit\\QuickBooks Basic\\QBDBMgrN.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\My Games\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"= "c:\\Program Files\\Brother\\Brmfl08i\\FAXRX.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"= "c:\\Magic\\Program\\Manalink.exe"= "c:\\PVSW\\Bin\\W3DBSMGR.EXE"= "c:\\DacEasy\\pvsw\\W3DBSMGR.EXE"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\David Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Moise Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "54925:UDP"= 54925:UDP:Brother Network Scanner "1:TCP"= 1:TCP:LPT1 . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/23/2009 9:12 PM 207792] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/16/2007 10:10 AM 691696] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [7/28/2010 5:25 PM 146904] S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [6/15/2011 9:37 PM 41424] S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [6/15/2011 9:37 PM 31184] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S2 ImmunetProtect;Immunet Protect;c:\program files\Immunet Protect\2.0.17\agent.exe [6/15/2011 9:36 PM 756680] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2009 8:00 PM 366640] S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2009 8:00 PM 22712] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208] S3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [6/23/2009 4:27 PM 20480] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/16/2005 6:18 AM 14336] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/23/2009 9:10 PM 359624] S4 atnthost;WebEx Remote Access Agent;c:\windows\Downlo~1\MyWebEx\319\atnthost.exe [11/3/2010 8:07 PM 16776] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/29/2008 10:31 AM 30192] S4 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/16/2005 6:18 AM 5120] S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper bdx REG_MULTI_SZ scan sysagent . Contents of the 'Scheduled Tasks' folder . 2011-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 06:00] . 2011-06-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 04:29] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006Core.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006UA.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-06-17 c:\windows\Tasks\Norton Security Scan for Moise Khaski.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18] . 2011-06-22 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-06-12 12:46] . 2011-06-22 c:\windows\Tasks\RMSmartUpdate.job - c:\program files\Registry Mechanic\Update.exe [2011-06-12 12:46] . 2011-06-22 c:\windows\Tasks\User_Feed_Synchronization-{6780BEE6-2189-4DB0-92BD-64F495379380}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . 2011-06-22 c:\windows\Tasks\User_Feed_Synchronization-{A78D56A3-BCEE-4D47-9CB7-18007CB57D6B}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: turbotax.com Trusted Zone: musicmatch.com\online TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\documents and settings\David Khaski\Application Data\Mozilla\Firefox\Profiles\ptkf1ro6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: XULRunner: {DB449582-D599-4237-8FDC-295649FBEFC4} - c:\documents and settings\David Khaski\Local Settings\Application Data\{DB449582-D599-4237-8FDC-295649FBEFC4} FF - Ext: XULRunner: {3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} - c:\documents and settings\Moise Khaski\Local Settings\Application Data\{3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} FF - Ext: XULRunner: {D9F7ED81-4825-48DD-8577-C84F0794B17A} - c:\documents and settings\Maurice Khaski\Local Settings\Application Data\{D9F7ED81-4825-48DD-8577-C84F0794B17A} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe Notify-NavLogon - (no file) SafeBoot-81749221.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-22 20:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(268) c:\windows\system32\WINHTTP.dll . Completion time: 2011-06-22 20:07:41 ComboFix-quarantined-files.txt 2011-06-23 00:07 ComboFix2.txt 2011-06-15 23:51 . Pre-Run: 15,599,292,416 bytes free Post-Run: 16,104,374,272 bytes free . - - End Of File - - 525BFC5BFD86FAB76793A23EE61BE758 Hijack this log: SIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\csifcsvc.exe C:\Program Files\Immunet Protect\2.0.17\agent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Verizon\McciTrayApp.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE C:\WINDOWS\Downlo~1\MyWebEx\319\raagtx.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Microsoft Office\Office14\GROOVE.EXE C:\WINDOWS\system32\winmine.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: BrowserHelper Class - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\Livedrive\LivedriveExplorerExtensions.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [immunet Protect] "C:\Program Files\Immunet Protect\2.0.17\iptray.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user') O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O4 - Global Startup: QuickBooks Remote Access.LNK = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games -
IP address continuous blocking
hachamdavid replied to hachamdavid's topic in Resolved Malware Removal Logs
I removed Viewpoint programs TDSSKiller.2.5.5.0_19.06.2011_03.14.10_log.txt -
IP address continuous blocking
hachamdavid replied to hachamdavid's topic in Resolved Malware Removal Logs
The MBAM log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6863 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/15/2011 8:40:22 PM mbam-log-2011-06-15 (20-40-22).txt Scan type: Quick scan Objects scanned: 220643 Time elapsed: 20 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The Combofix log: ComboFix 11-06-15.02 - David Khaski 06/15/2011 18:52:44.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1484 [GMT -4:00] Running from: c:\documents and settings\David Khaski\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\David Khaski\Application Data\alot c:\documents and settings\David Khaski\Application Data\Google\T-Scan c:\documents and settings\David Khaski\Application Data\Google\T-Scan\n.gif c:\documents and settings\David Khaski\Application Data\Google\T-Scan\t.gif c:\documents and settings\David Khaski\Application Data\Google\T-Scan\Thumbs.db c:\documents and settings\David Khaski\Application Data\Google\T-Scan\y.gif c:\documents and settings\David Khaski\Application Data\Help\coma.exe c:\documents and settings\David Khaski\Application Data\PriceGong c:\documents and settings\David Khaski\Application Data\PriceGong\Data\1.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\a.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\b.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\c.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\d.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\e.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\f.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\g.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\h.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\i.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\J.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\k.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\l.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\m.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\mru.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\n.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\o.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\p.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\q.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\r.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\s.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\t.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\u.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\v.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\w.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\x.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\y.xml c:\documents and settings\David Khaski\Application Data\PriceGong\Data\z.xml c:\documents and settings\David Khaski\WINDOWS c:\documents and settings\Moise Khaski\Application Data\PriceGong c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\1.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\a.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\b.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\c.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\d.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\e.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\f.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\g.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\h.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\i.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\J.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\k.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\l.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\m.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\n.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\o.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\p.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\q.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\r.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\s.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\t.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\u.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\v.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\w.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\x.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\y.xml c:\documents and settings\Moise Khaski\Application Data\PriceGong\Data\z.xml c:\documents and settings\Moise Khaski\WINDOWS c:\windows\Google Pack Screensaver Uninstaller.exe c:\windows\system32\Packet.dll c:\windows\system32\spool\prtprocs\w32x86\atx_print.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 ))))))))))))))))))))))))))))))) . . 2011-06-15 22:15 . 2011-06-15 22:18 -------- d-----w- C:\32788R22FWJFW 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\windows\system32\wbem\Repository 2011-06-14 13:17 . 2011-06-15 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2011-06-14 13:17 . 2011-06-14 13:17 -------- d-----w- c:\program files\NOS 2011-06-14 13:16 . 2011-06-14 13:16 -------- d-----w- C:\godlike3 2011-06-14 12:50 . 2011-06-14 12:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2011-06-13 03:06 . 2011-06-12 05:29 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-06-13 01:05 . 2011-05-25 19:15 29544 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll 2011-06-12 23:49 . 2011-06-12 23:49 -------- d-----w- c:\documents and settings\David Khaski\Application Data\Registry Mechanic 2011-06-12 16:42 . 2010-08-05 12:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2011-06-12 16:42 . 2008-04-02 19:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2011-06-12 16:42 . 2008-04-02 19:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2011-06-12 16:42 . 2008-04-02 19:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2011-06-12 05:29 . 2011-06-12 05:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-12 05:27 . 2011-05-25 06:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-06-12 02:49 . 2011-06-12 02:50 -------- d-----w- c:\documents and settings\David Khaski\Local Settings\Application Data\Deployment 2011-06-12 02:42 . 2011-06-12 02:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2011-06-10 19:17 . 2011-06-10 19:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-06-10 01:55 . 2011-06-10 01:59 -------- dc-h--w- c:\windows\ie8 2011-06-10 01:47 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VERIZON_BROAD 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ConduitEngine 2011-06-10 01:42 . 2011-06-10 01:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Viewpoint 2011-05-29 20:43 . 2011-05-29 20:43 -------- d-----w- c:\program files\Common Files\Intuit Shared 2011-05-29 20:32 . 2011-05-31 12:05 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\Lacerte 2011-05-29 19:39 . 2009-08-20 21:40 4194304 ----a-w- c:\windows\system32\cdintf400.dll 2011-05-29 19:28 . 2011-05-29 19:49 -------- d-----w- C:\ProWin10 2011-05-29 18:54 . 2011-05-29 19:44 -------- d-----w- C:\BasWin10 2011-05-29 02:58 . 2011-05-29 03:03 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\CasinoOnNet 2011-05-29 02:58 . 2011-05-29 03:00 -------- d-----w- c:\program files\CasinoOnNet 2011-05-18 21:35 . 2011-06-15 15:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-18 20:53 . 2011-05-18 20:53 -------- d-----w- c:\program files\TelevisionFanatic 2011-05-18 20:48 . 2011-05-18 20:49 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\RebateInformer 2011-05-18 20:48 . 2011-05-18 20:48 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\AppGraffiti 2011-05-18 20:48 . 2011-05-19 18:33 -------- d-----w- c:\program files\AppGraffiti 2011-05-18 20:48 . 2011-05-18 20:48 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\PCPowerSpeed 2011-05-18 20:48 . 2011-06-10 22:38 -------- d-----w- c:\program files\RebateInformer 2011-05-18 20:48 . 2011-05-18 20:48 -------- d-----w- c:\documents and settings\Moise Khaski\Application Data\Inbox Toolbar . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2009-07-21 00:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2009-07-21 00:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52 . 2010-05-03 11:09 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25 . 2007-04-27 12:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2008-04-29 21:19 . 2008-06-12 00:44 78561280 ----a-w- c:\program files\Common Files\ATX Fixed Asset Manager Evaluation Workstation.msi 2006-08-20 03:12 . 2006-08-20 03:12 774144 ----a-w- c:\program files\RngInterstitial.dll 2009-11-17 22:07 . 2008-06-29 14:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay] @="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}" [HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay] @="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}" [HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay] @="{84CEF1E4-1356-4063-845F-05047F4DD52C}" [HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay] @="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}" [HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}] 2010-04-22 14:06 329520 ----a-w- c:\program files\Livedrive\LivedriveExtensions.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-25 944008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-12 1122304] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-09-17 2065648] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2010-06-09 161336] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-12-03 126976] . c:\documents and settings\David Khaski\Start Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Remote Access.LNK - c:\windows\Downlo~1\MyWebEx\319\raagtx.exe [2010-11-3 38200] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ lsdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Remote Access.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Remote Access.LNK backup=c:\windows\pss\QuickBooks Remote Access.LNKCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^David Khaski^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\documents and settings\David Khaski\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-11-17 22:07 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1173191900\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livedrive] 2010-04-22 14:06 1348608 ----a-w- c:\program files\Livedrive\Livedrive.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe] 2008-12-03 15:12 69632 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SavRoam"=3 (0x3) "MDM"=2 (0x2) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=2 (0x2) "gupdate"=2 (0x2) "GoogleDesktopManager-110309-193829"=3 (0x3) "GameConsoleService"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "RPSUpdaterR"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "IDriverT"=3 (0x3) "MyWebSearchService"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "atnthost"=2 (0x2) "Radialpoint Security Services"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Documents and Settings\\David Khaski\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1173191900\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AOL 9.0b\\waol.exe"= "c:\\Program Files\\AOL 9.0c\\waol.exe"= "c:\\Program Files\\AOL 9.0d\\waol.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\AOL 9.1a\\waol.exe"= "c:\\Program Files\\AOL 9.1b\\waol.exe"= "c:\\Program Files\\AOL 9.1c\\waol.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Documents and Settings\\David Khaski\\My Documents\\drjava-20080124-1942.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"= "c:\\Program Files\\Intuit\\QuickBooks Basic\\QBDBMgrN.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\My Games\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"= "c:\\Program Files\\Brother\\Brmfl08i\\FAXRX.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "c:\\My Games\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"= "c:\\Magic\\Program\\Manalink.exe"= "c:\\PVSW\\Bin\\W3DBSMGR.EXE"= "c:\\DacEasy\\pvsw\\W3DBSMGR.EXE"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\David Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Moise Khaski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "54925:UDP"= 54925:UDP:Brother Network Scanner "1:TCP"= 1:TCP:LPT1 . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/23/2009 9:12 PM 207792] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/16/2007 10:10 AM 691696] R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [7/28/2010 5:25 PM 146904] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2009 8:00 PM 366640] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/11/2007 10:32 AM 24652] R3 EraserUtilDrvI11;EraserUtilDrvI11;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [6/14/2011 9:27 AM 105592] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [5/25/2011 2:00 AM 15232] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2009 8:00 PM 22712] R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [6/23/2009 4:27 PM 20480] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S3 EraserUtilDrvI10;EraserUtilDrvI10;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 11:47 PM 135664] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/16/2005 6:18 AM 14336] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/23/2009 9:10 PM 359624] S4 atnthost;WebEx Remote Access Agent;c:\windows\Downlo~1\MyWebEx\319\atnthost.exe [11/3/2010 8:07 PM 16776] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/29/2008 10:31 AM 30192] S4 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/16/2005 6:18 AM 5120] S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 8:27 PM 124608] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 06:00] . 2011-06-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 04:29] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 03:47] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006Core.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3611407486-3785993524-1144906567-1006UA.job - c:\documents and settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-05 21:52] . 2011-06-10 c:\windows\Tasks\Norton Security Scan for Moise Khaski.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18] . 2011-06-14 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2011-06-12 12:46] . 2011-06-15 c:\windows\Tasks\RMSmartUpdate.job - c:\program files\Registry Mechanic\Update.exe [2011-06-12 12:46] . 2011-06-15 c:\windows\Tasks\User_Feed_Synchronization-{6780BEE6-2189-4DB0-92BD-64F495379380}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . 2011-06-15 c:\windows\Tasks\User_Feed_Synchronization-{A78D56A3-BCEE-4D47-9CB7-18007CB57D6B}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: turbotax.com Trusted Zone: musicmatch.com\online TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\documents and settings\David Khaski\Application Data\Mozilla\Firefox\Profiles\ptkf1ro6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: XULRunner: {DB449582-D599-4237-8FDC-295649FBEFC4} - c:\documents and settings\David Khaski\Local Settings\Application Data\{DB449582-D599-4237-8FDC-295649FBEFC4} FF - Ext: XULRunner: {3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} - c:\documents and settings\Moise Khaski\Local Settings\Application Data\{3E3F6067-6C88-44FE-BDD1-55DDEB47A6D1} FF - Ext: XULRunner: {D9F7ED81-4825-48DD-8577-C84F0794B17A} - c:\documents and settings\Maurice Khaski\Local Settings\Application Data\{D9F7ED81-4825-48DD-8577-C84F0794B17A} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: TelevisionFanatic: 64ffxtbr@TelevisionFanatic.com - c:\program files\TelevisionFanatic\bar\1.bin . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll Notify-NavLogon - (no file) MSConfigStartUp-64435830 - c:\docume~1\ALLUSE~1\APPLIC~1\64435830\64435830.exe MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe MSConfigStartUp-lphcgqjj0e7de - c:\windows\system32\lphcgqjj0e7de.exe MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe MSConfigStartUp-RebateInformer - c:\progra~1\REBATE~1\REBATE~1.EXE MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe MSConfigStartUp-RegWork - c:\program files\RegWork\RegWork.exe MSConfigStartUp-sniffer - c:\windows\Temp\_ex-08.exe MSConfigStartUp-vxdhm - c:\documents and settings\David Khaski\Application Data\Google\xtgoj6119471.exe MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\11.0.696.60\Installer\setup.exe AddRemove-Google Pack Screensaver - c:\windows\Google Pack Screensaver Uninstaller.exe AddRemove-Plaxo - c:\documents and settings\Moise Khaski\Local Settings\Application Data\Plaxo\3.25.0.87\uninstall.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_2BE6CD75D520F20B.exe AddRemove-{2A8E36DD-061D-4877-9736-30E7266A4669} - c:\program files\InstallShield Installation Information\{2A8E36DD-061D-4877-9736-30E7266A4669}\setup.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-15 19:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\docume~1\DAVIDK~1\LOCALS~1\Temp\ArmUI.ini 148526 bytes . scan completed successfully hidden files: 1 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD1600JS-75NCB1 rev.10.02E01 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x87037ECC]<< c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86009879; SUB DWORD [EBP-0x4], 0x86009135; PUSH EDI; CALL 0xffffffffffffdf2c; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A50BAB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A580920] 5 PCTCore[0xB9DA3891] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A580B00] [0x8A121658] -> IRP_MJ_CREATE -> 0x87037ECC kernel: MBR read successfully _asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; } detected disk devices: \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskWDC_WD1600JS-75NCB1_____________________10.02E01#5&2510770d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x87037AF1 user & kernel MBR OK sectors 312499998 (+221): user != kernel Warning: possible TDL3 rootkit infection ! . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,96,59,70,a3,a3,2b,46,b4,32,e0,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(5368) c:\windows\system32\WININET.dll c:\program files\Livedrive\LivedriveExtensions.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP3\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\csifcsvc.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\fxssvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\msiexec.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfimon.exe c:\windows\stsystra.exe c:\windows\eHome\ehmsas.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE . ************************************************************************** . Completion time: 2011-06-15 19:51:17 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-15 23:50 . Pre-Run: 20,024,811,520 bytes free Post-Run: 22,126,256,128 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - F36383A57AEAE665324FCD4B180EAD5C HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:44:28 PM, on 6/15/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\csifcsvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\Downlo~1\MyWebEx\319\raagtx.exe C:\Program Files\Microsoft Office\Office14\GROOVE.EXE C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\winmine.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2786678 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: BrowserHelper Class - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files\Livedrive\LivedriveExplorerExtensions.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user') O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O4 - Global Startup: QuickBooks Remote Access.LNK = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games -
This is a copy of the log of ip address blocking. I dont know what is wrong but malwarebytes is not detecting any viruses. 00:00:01 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:00:04 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:00:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:01:22 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:01:25 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:01:31 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:02:43 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:02:46 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:02:52 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:04:04 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:04:07 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:04:13 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:07 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:16 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:25 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:28 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:28 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:05:31 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:05:34 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:05:38 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:06:42 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:06:45 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:06:46 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:06:49 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:06:51 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:06:55 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:07:11 David Khaski IP-BLOCK 67.29.139.153 (Type: outgoing) 00:07:14 David Khaski IP-BLOCK 67.29.139.153 (Type: outgoing) 00:08:07 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:16 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:27 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:29 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:30 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:32 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:36 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:37 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:08:48 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:08:50 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:08:52 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:08:53 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:08:58 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:08:59 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:09:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:11 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:13 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:14 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:19 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:20 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:28 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:31 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:09:37 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:29 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:32 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:36 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:38 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:39 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:45 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:49 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:50 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:10:52 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:53 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:10:58 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:10:59 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:11:11 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:11:14 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:11:20 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:13 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:19 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:28 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:31 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:37 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:49 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:12:52 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:12:53 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:56 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:12:58 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:13:02 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:10 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:13 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:14 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:13:17 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:13:19 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:23 David Khaski IP-BLOCK 91.213.217.190 (Type: outgoing) 00:13:31 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:34 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:35 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:38 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:40 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:13:44 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:14:52 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:14:55 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:15:01 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:16:13 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:16:16 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:16:22 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:17:34 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:17:37 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:17:43 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:18:55 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:18:58 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:19:04 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:20:16 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:20:19 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:20:25 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:21:37 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:21:40 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) 00:21:46 David Khaski IP-BLOCK 95.64.56.6 (Type: outgoing) Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6830 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/10/2011 6:06:18 PM mbam-log-2011-06-10 (18-06-18).txt Scan type: Full scan (C:\|) Objects scanned: 294210 Time elapsed: 2 hour(s), 53 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This is a copy of the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:41:32 AM, on 6/12/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\csifcsvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\Downlo~1\MyWebEx\319\raagtx.exe C:\Program Files\Microsoft Office\Office14\GROOVE.EXE C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user') O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O4 - Global Startup: QuickBooks Remote Access.LNK = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
-
malwarebytes wont install
hachamdavid replied to hachamdavid's topic in Resolved Malware Removal Logs
My father just informed me that he performed a system restore, and it seems that the problem is gone. Are there any other problems in the log entries that you see? -
malwarebytes wont install
hachamdavid replied to hachamdavid's topic in Resolved Malware Removal Logs
DDS (Ver_09-10-12.01) - NTFSx86 Run by David Khaski at 22:56:06.81 on Sun 10/11/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1258 [GMT -4:00] AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\csifcsvc.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Documents and Settings\David Khaski\DAEMON Tools\daemon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Plaxo\3.22.0.7\PlaxoHelper_en.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\TurboTax\Premier 2005\32bit\ttax.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\My Documents\Downloads\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80229 mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229 mURLSearchHooks: AOL Search Class: {b253725d-8341-4b61-81d5-fc9f2ecb021c} - c:\program files\moviefone toolbar\moviefonetb.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {09A26406-041E-4FF5-9A88-0574721445B4} - No File BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll BHO: Moviefone Toolbar Loader: {cc40a9f8-4270-425e-972f-4140f0b6f71b} - c:\program files\moviefone toolbar\moviefonetb.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll TB: Moviefone Toolbar: {669c4c34-7457-4490-a642-a2ed3bf3bbbe} - c:\program files\moviefone toolbar\moviefonetb.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [Google Update] "c:\documents and settings\david khaski\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: turbotax.com Trusted Zone: musicmatch.com\online DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} - hxxp://zone.msn.com/bingame/zpagames/zpa_catan.cab55579.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks basic\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\davidk~1\applic~1\mozilla\firefox\profiles\ptkf1ro6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\david khaski\application data\mozilla\firefox\profiles\ptkf1ro6.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\documents and settings\david khaski\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\picasa2\npPicasa2.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-23 130936] R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-23 348752] R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2009-6-23 36480] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328] R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889] R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-11 24652] R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2009-6-23 20480] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-29 29744] S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2005-8-16 5120] S4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608] =============== Created Last 30 ================ 2009-10-09 01:39 <DIR> --d----- c:\program files\CCleaner 2009-10-08 11:33 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-10-08 11:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-08 11:30 <DIR> --d----- c:\program files\Moviefone Toolbar 2009-10-08 11:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Moviefone Toolbar 2009-10-08 11:30 <DIR> --d----- c:\program files\Yahoo! 2009-10-08 11:30 <DIR> --d----- c:\program files\AskBarDis 2009-10-08 11:29 <DIR> --d----- c:\program files\common files\HP 2009-10-08 09:54 1,744 a---h--- c:\windows\system32\yidajeyi 2009-10-08 00:49 <DIR> --d----- c:\program files\FileASSASSIN 2009-10-07 18:12 57,344 a------- c:\windows\system32\MFC71ENU.DLL 2009-10-07 16:37 12,632 a------- c:\windows\system32\lsdelete.exe 2009-10-07 16:18 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-13 21:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\31FE 2009-09-13 21:00 483,328 a------- c:\windows\system32\actskn45.ocx ==================== Find3M ==================== 2009-10-08 20:51 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll 2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll 2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll 2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe 2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll 2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll 2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll 2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll 2008-04-29 17:19 78,561,280 a------- c:\program files\common files\ATX Fixed Asset Manager Evaluation Workstation.msi 2008-03-30 22:33 487,288 a------- c:\program files\2006 ANCONA RAE COPY GIVEN BY HER.tax 2008-02-24 14:58 446,816 a------- c:\program files\2006 KHASKI MARSIL Tax Return.tax 2007-02-02 08:58 306,496 a------- c:\program files\2006 KHASKI JACK Tax Return.tax 2006-08-19 23:12 774,144 a------- c:\program files\RngInterstitial.dll 2009-07-08 07:59 88,576 a--sh--- c:\windows\system32\yivabada(2).dll 2008-08-28 08:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat ============= FINISH: 22:58:24.07 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-12.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/26/2006 11:28:43 PM System Uptime: 10/11/2009 7:22:55 PM (3 hours ago) Motherboard: Dell Inc. | | 0WG261 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 144 GiB total, 66.281 GiB free. D: is CDROM (CDFS) E: is CDROM () G: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP422: 9/30/2009 7:44:56 PM - System Checkpoint RP423: 10/1/2009 2:02:07 AM - System Checkpoint RP424: 10/2/2009 3:09:10 AM - System Checkpoint RP425: 10/4/2009 10:19:02 PM - System Checkpoint RP426: 10/7/2009 3:20:11 AM - System Checkpoint RP427: 10/7/2009 6:15:08 PM - Removed HP Update RP428: 10/8/2009 11:28:35 AM - Restore Operation RP429: 10/9/2009 12:05:12 PM - System Checkpoint RP430: 10/11/2009 7:40:23 PM - System Checkpoint ==== Installed Programs ====================== 2000 TurboTax for Business 2001 Lacerte Tax 2001 Lacerte Tax Planner 2001 TurboTax Business 7300_Help 7300Trb 7400 AAC Decoder Acrobat.com Ad-Aware Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Shockwave Player AiO_Scan AiOSoftware AnswerWorks 4.0 Runtime - English AnswerWorks 5.0 English Runtime AOL Uninstaller (Choose which Products to Remove) AOLIcon Apple Mobile Device Support Apple Software Update Ask Toolbar ATI Control Panel ATI Display Driver ATX / Kleinrock Tax Products 2007 (Remove Only) ATX Fixed Asset Manager Evaluation Workstation ATX W2/1099 Printer ATX -
I cannot install malwarebytes. When i try to i see the file install but when i click the finish button on the install window the mbam file disappears. I am also getting this stopsearchclick.com popup. I ran hijackthis and here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:36:56 PM, on 10/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\winmine.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {09A26406-041E-4FF5-9A88-0574721445B4} - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [filopedat] Rundll32.exe "c:\windows\system32\vejunetu.dll",a O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David Khaski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user') O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
-
It seems my pc is infected with something. I got this pctools popup and tray item. I was able to delete those files but Im still getting this stopsearchclick.com popup and its also redirecting some of my searches. Also when I tried to run mbam the pc told me it could not find the file. I tried reinstalling but right when I click finished on the install window the mbam.exe file disappears and i cannot run mbam. Not sure what to do.