Jump to content

helpmePLS

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello there! I ran the Kaspersky online anti-virus scanner and my laptop seems to be back on track and working well. Please let me know if I should be purchasing anti-virus protection, and if so, what kind? I do have a problem with my desktop however, which I was wondering whether you could help with. My desktop got infected with Vista Internet Security 2010. I had previously used MBAM to clean up that mess, and I thought I'd gotten rid of all the problems, however the POP-ups are back and now it's not letting me open any program, stating that I need to create an association in the Set Associations Control Panel. I've googled this and tried to figure out how the change the associations, but to no avail. I tried Combo_fix, MBAM, AVG, etc.. but the associations seem to be blocked for everything. Do you have any ideas? The OS is Windows Vista. Thank you again for the help with my laptop. I very much appreciate it.
  2. Hi there!! I was able to run the MBAM on my computer and it deleted two infections! I've pasted below the log from the program. I haven't had a chance to do the JAVA scan, but I plan to get to it ASAP. I was wondering, what does that scan do? Anyways, thank you so much for your help!! My computer is already up and running again which is a HUGE relief, but just let me know if there are other things I need to do. I'm willing to clean my computer completely. And I'll reply again after I complete the JAVA scan. Malwarebytes' Anti-Malware 1.44 Database version: 3787 Windows 6.0.6000 Internet Explorer 7.0.6000.16982 2/24/2010 3:59:13 PM mbam-log-2010-02-24 (15-59-13).txt Scan type: Quick Scan Objects scanned: 112512 Time elapsed: 46 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Palak\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
  3. I'm attaching the Combofix.txt file that I got after running ComboFix.exe. Let me know how to continue! Thank you! ComboFix.txt
  4. I saved ComboFix.exe to my desktop and when I tried to run it, a window pops up saying that ComboFix.exe has stopped working. Is there another way around this? Thanks again!
  5. Ok, I followed your steps completely and I'm attaching the text file. Let me know how to proceed from there! Thank you for your help. I really appreciate it. OTS.Txt
  6. Hello! Thank you for your help. I did what you said, and I'll paste the OTL.txt below. I did change the Drivers and Standard Registry to All, but when I hit Quick Scan, it automatically changed it back to the previous settings. So I ran it again, but then changed Drivers and Standard Registry to All after hitting Quick Scan, only to realize I wasn't going to get the Extras.Txt again. Sorry! Will that affect anything? OTL.txt OTL logfile created on: 2/21/2010 10:44:45 PM - Run 3 OTL by OldTimer - Version 3.1.30.1 Folder = D:\ Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 147.00 Mb Available Physical Memory | 15.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 68.21 Gb Total Space | 13.74 Gb Free Space | 20.14% Space Free | Partition Type: NTFS Drive D: | 3.77 Gb Total Space | 3.76 Gb Free Space | 99.80% Space Free | Partition Type: FAT E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/02/21 21:56:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2010/01/14 09:16:05 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/10/16 12:13:04 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe PRC - [2009/10/16 12:13:03 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys PRC - [2009/06/05 12:39:22 | 000,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/06/05 12:39:14 | 000,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe PRC - [2008/02/25 17:23:34 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe PRC - [2008/02/11 19:13:12 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2008/02/11 19:13:10 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2008/02/11 19:13:08 | 000,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2008/02/11 19:13:02 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2007/11/02 17:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0500Mon.exe PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007/07/05 17:20:28 | 000,820,520 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007/07/05 17:00:50 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PRC - [2007/02/22 07:46:24 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe PRC - [2007/02/21 16:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe PRC - [2007/02/14 21:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe PRC - [2007/02/14 21:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lktsrv.exe PRC - [2007/02/14 21:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkads.exe PRC - [2007/01/22 10:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe PRC - [2006/12/25 21:06:00 | 000,037,168 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe PRC - [2006/12/13 22:13:02 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2006/12/13 21:59:04 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe PRC - [2006/12/13 20:46:08 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe PRC - [2006/12/13 10:52:44 | 000,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe PRC - [2006/11/30 10:10:24 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2006/10/31 23:15:38 | 000,036,392 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe PRC - [2006/10/16 21:55:20 | 001,097,728 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2006/10/12 20:09:00 | 000,073,256 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2006/10/12 20:08:56 | 000,055,928 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2006/09/05 23:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2006/08/04 00:39:00 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe ========== Modules (SafeList) ========== MOD - [2010/02/21 21:56:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\OTL.exe MOD - [2006/11/02 01:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/16 12:13:03 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager) SRV - [2009/06/15 11:05:40 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/06/05 12:39:14 | 000,541,992 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/10/20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007/06/22 14:46:48 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2007/05/17 23:18:15 | 001,831,936 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager) SRV - [2007/03/25 14:11:47 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2007/03/09 13:23:08 | 000,194,096 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007/03/09 13:23:02 | 000,083,504 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007/02/22 07:46:24 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2007/02/21 16:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc) SRV - [2007/02/14 21:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2007/02/14 21:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync) SRV - [2007/02/14 21:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds) SRV - [2007/02/06 21:47:46 | 000,703,264 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2007/01/29 14:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2007/01/22 10:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer) SRV - [2006/12/25 21:06:00 | 000,037,168 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC) SRV - [2006/12/13 22:13:02 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2006/12/13 22:11:14 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2006/12/13 20:46:08 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk) SRV - [2006/12/13 10:52:44 | 000,722,496 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService) SRV - [2006/11/19 21:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC) SRV - [2006/11/15 15:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2006/11/02 04:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/11/02 04:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006/11/02 01:46:05 | 000,017,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\irmon.dll -- (Irmon) SRV - [2006/10/31 23:15:38 | 000,036,392 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2006/10/26 23:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/24 21:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2006/10/24 21:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2006/10/24 21:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006/10/24 21:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006/10/13 14:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2006/10/12 20:08:56 | 000,055,928 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2006/09/20 17:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2006/08/04 00:39:00 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004/12/02 07:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum) SRV - [2004/08/16 01:43:54 | 000,536,576 | ---- | M] () [Auto | Stopped] -- C:\MATLAB701\webserver\bin\win32\matlabserver.exe -- (matlabserver) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 20:15:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 09:16:36 | 000,000,000 | ---D | M] [2010/01/20 20:15:38 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Extensions [2010/02/21 19:41:53 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\t8xk2wp0.default\extensions [2008/11/19 21:44:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2005/10/12 14:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll [2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [GrooveMonitor] C:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe () O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKLM..\Run: [V0500Mon.exe] C:\Windows\V0500Mon.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{163d1cd7-ca22-11dd-88b3-000000000000}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 14 Days ========== ========== Files - Modified Within 14 Days ========== [2010/02/21 17:30:41 | 000,668,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/02/21 17:30:40 | 000,786,636 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/02/21 17:30:40 | 000,122,390 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/02/21 17:19:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat ========== Files Created - No Company Name ========== [2010/01/20 20:33:49 | 000,004,608 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/17 14:52:30 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini [2009/04/29 14:27:07 | 000,311,384 | ---- | C] () -- C:\Windows\System32\disretizer.dll [2009/04/29 14:27:07 | 000,123,904 | ---- | C] () -- C:\Windows\System32\sdi.dll [2009/04/29 14:27:07 | 000,094,208 | ---- | C] () -- C:\Windows\System32\sdit.dll [2009/02/01 22:24:49 | 000,004,903 | ---- | C] () -- C:\ProgramData\qnobttcl.zyf [2009/01/31 12:31:56 | 000,005,058 | ---- | C] () -- C:\ProgramData\kvdkyhfm.noo [2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2007/04/29 11:00:31 | 000,041,324 | ---- | C] () -- C:\Windows\System32\winio.sys [2007/04/29 10:59:17 | 000,000,157 | ---- | C] () -- C:\Windows\matlab.ini [2007/03/25 13:33:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll [2007/03/25 13:27:28 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS [2007/02/22 10:19:06 | 000,052,000 | ---- | C] () -- C:\Windows\System32\nipcload.dll [2007/02/21 18:30:50 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini [2007/02/21 09:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys [2006/12/14 10:14:16 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI [2006/12/14 10:14:10 | 000,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI [2006/11/30 09:31:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006/11/29 14:28:54 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006/11/02 05:02:10 | 000,000,680 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/09/05 13:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL [2005/06/10 09:00:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\cviUSI.dll [2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010/01/31 14:55:10 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/01/31 14:55:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job ========== Purity Check ========== < End of report > Thank you. I hope you are able to help!
  7. Hi! I'm new to the forum, and I just used MBAM on my desktop to clean up Vista Guardian 2010 malware, and it worked great. I have some bigger issues (I think) with my laptop. I have no idea what kind of virus is on my laptop, all I know is that it my computer (when it actually decides to run) doesn't open to my usual desktop, but some alternate desktop, with a black background. It's not in SAFE MODE either. When I try to run the program I get an alert that says Malwarebytes' Anti-Malware has stopped working. I renamed the file and that didn't work either. Problem details gave me the following information, not quite sure how to proceed from there. Problem signature: Problem Event Name: APPCRASH Application Name: abooyah.exe.exe Application Version: 1.43.0.0 Application Timestamp: 2a425e19 Fault Module Name: abooyah.exe.exe Fault Module Version: 1.43.0.0 Fault Module Timestamp: 2a425e19 Exception Code: 80000003 Exception Offset: 00009b24 OS Version: 6.0.6000.2.0.0.768.3 Locale ID: 1033 Additional Information 1: 8d13 Additional Information 2: cdca9b1d21d12b77d84f02df48e34311 Additional Information 3: 8d13 Additional Information 4: cdca9b1d21d12b77d84f02df48e34311 abooyah.exe is what I had renamed the MBAM file as, just FYI. Any suggestions would be greatly welcomed. Thanks!
  8. Hi! I'm new to the forum, and I just used MBAM on my desktop to clean up Vista Guardian 2010 malware, and it worked great. I have some bigger issues (I think) with my laptop. I have no idea what kind of virus is on my laptop, all I know is that it my computer (when it actually decides to run) doesn't open to my usual desktop, but some alternate desktop, with a black background. It's not in SAFE MODE either. When I try to run the program I get an alert that says Malwarebytes' Anti-Malware has stopped working. I renamed the file and that didn't work either. Problem details gave me the following information, not quite sure how to proceed from there. Problem signature: Problem Event Name: APPCRASH Application Name: abooyah.exe.exe Application Version: 1.43.0.0 Application Timestamp: 2a425e19 Fault Module Name: abooyah.exe.exe Fault Module Version: 1.43.0.0 Fault Module Timestamp: 2a425e19 Exception Code: 80000003 Exception Offset: 00009b24 OS Version: 6.0.6000.2.0.0.768.3 Locale ID: 1033 Additional Information 1: 8d13 Additional Information 2: cdca9b1d21d12b77d84f02df48e34311 Additional Information 3: 8d13 Additional Information 4: cdca9b1d21d12b77d84f02df48e34311 abooyah.exe is what I had renamed the MBAM file as, just FYI. Any suggestions would be greatly welcomed. Thanks!
  9. Hi! I'm new to the forum, and I just used MBAM on my desktop to clean up Vista Guardian 2010 malware, and it worked great. I have some bigger issues (I think) with my laptop. I have no idea what kind of virus is on my laptop, all I know is that it my computer (when it actually decides to run) doesn't open to my usual desktop, but some alternate desktop, with a black background. It's not in SAFE MODE either. When I try to run the program I get an alert that says Malwarebytes' Anti-Malware has stopped working. I renamed the file and that didn't work either. Problem details gave me the following information, not quite sure how to proceed from there. Problem signature: Problem Event Name: APPCRASH Application Name: abooyah.exe.exe Application Version: 1.43.0.0 Application Timestamp: 2a425e19 Fault Module Name: abooyah.exe.exe Fault Module Version: 1.43.0.0 Fault Module Timestamp: 2a425e19 Exception Code: 80000003 Exception Offset: 00009b24 OS Version: 6.0.6000.2.0.0.768.3 Locale ID: 1033 Additional Information 1: 8d13 Additional Information 2: cdca9b1d21d12b77d84f02df48e34311 Additional Information 3: 8d13 Additional Information 4: cdca9b1d21d12b77d84f02df48e34311 abooyah.exe is what I had renamed the MBAM file as, just FYI. Any suggestions would be greatly welcomed. Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.