Jump to content

drb930

Honorary Members
 View Profile  See their activity

  • Posts

    24

  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Los Angeles
  1. drb930

    LDTate,

    Thanks so much for helping fix my computer!!!

  2. drb930
    LD, It is on, we will see how it goes. Thanks for the help!!! Dave
  3. drb930
    Got the Combo fix uninstalled. How do I turn on the Windows Firewall?
  4. drb930
    LD Thanks! It will not take the copy and pasted ComboFix /Uninstall ??? I tried a few combinations of this also. How do I get a firewall? Thanks, Dave
  5. drb930
    The only place I can find anything with Lavasoft is through search for files and folders- Legacy_Lavasoft_ad-ware_Service.reg C:\Qoobox\Quarantine\Registry_backups 1KB Dat File Service_Lavasoft_ad-ware_Service.reg C:\Qoobox\Quarantine\Registry_backups 4 KB Dat File
  6. drb930
    Tried that, it doesn't find it either, I sent them an error report. Any other ideas? Computer is working better, no more Malwarebytes popup for that outgoing message. Although the computer will not follow links from my outlook anymore?
  7. drb930
    No, it's not there, I just looked again?
  8. drb930
    Heck NO!!! Can we get it off of here? I do want to re-install the Microsoft Security though, unless you have a better recomend? Also of course I have MalWareBytes Pro. Thanks, Dave
  9. drb930
    New file, Thanks, Dave ComboFix 11-09-03.01 - Dave B 09/03/2011 10:39:22.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1379 [GMT -7:00] Running from: c:\documents and settings\Dave B\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Dave B\Desktop\CFScript.txt AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . FILE :: "c:\windows\system32\ConduitEngine.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\ConduitEngine c:\program files\ConduitEngine\appContextMenu.xml c:\program files\ConduitEngine\ConduitEngine.dll c:\program files\ConduitEngine\ConduitEngineHelper.exe c:\program files\ConduitEngine\ConduitEngineUninstall.exe c:\program files\ConduitEngine\engineContextMenu.xml c:\program files\ConduitEngine\EngineSettings.json c:\program files\ConduitEngine\ldrConduitEngine.dll c:\program files\ConduitEngine\prxConduitEngine.dll c:\program files\ConduitEngine\toolbar.cfg c:\program files\uTorrentBar c:\program files\uTorrentBar\GottenAppsContextMenu.xml c:\program files\uTorrentBar\ldrtbuTor.dll c:\program files\uTorrentBar\OtherAppsContextMenu.xml c:\program files\uTorrentBar\prxtbuTor.dll c:\program files\uTorrentBar\SharedAppsContextMenu.xml c:\program files\uTorrentBar\tbuTor.dll c:\program files\uTorrentBar\toolbar.cfg c:\program files\uTorrentBar\ToolbarContextMenu.xml c:\program files\uTorrentBar\uninstall.exe c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe c:\windows\system32\ConduitEngine.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_Lavasoft_Ad-Aware_Service -------\Service_Lavasoft Ad-Aware Service . . ((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 ))))))))))))))))))))))))))))))) . . 2011-08-31 17:25 . 2011-08-31 17:25 -------- d-----w- c:\documents and settings\Dave B\Application Data\webex 2011-08-31 16:00 . 2011-08-31 16:00 175416 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll 2011-08-28 22:34 . 2011-08-28 22:34 -------- d-----w- c:\program files\Conduit 2011-08-28 22:33 . 2011-08-28 22:33 -------- d-----w- c:\program files\uTorrent 2011-08-28 22:32 . 2011-08-28 22:35 -------- d-----w- c:\documents and settings\Dave B\Application Data\uTorrent 2011-08-28 22:32 . 2011-08-28 22:32 -------- d-----w- c:\documents and settings\Dave B\Local Settings\Application Data\uTorrent 2011-08-27 19:50 . 2011-08-27 19:50 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-08-27 19:50 . 2011-08-27 19:50 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-08-27 19:50 . 2011-08-27 19:50 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-08-27 19:50 . 2011-08-27 19:50 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-08-27 19:50 . 2011-08-27 19:50 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-08-27 19:50 . 2011-08-27 19:50 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-08-27 19:50 . 2011-08-27 19:50 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-08-27 19:50 . 2011-08-27 19:50 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-08-26 22:07 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-25 19:31 . 2011-08-25 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Aiseesoft Studio 2011-08-25 19:30 . 2011-09-03 17:08 -------- d-----w- c:\documents and settings\Dave B\Local Settings\Application Data\kbdMapEnum 2011-08-20 05:39 . 1996-10-02 00:18 247184 ----a-w- c:\windows\UNINST16.EXE 2011-08-18 17:32 . 2011-08-18 18:10 -------- d-----w- c:\documents and settings\Dave B\Application Data\TuneAid 2011-08-16 04:07 . 2011-08-16 04:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-08-16 03:24 . 2011-08-16 04:15 -------- d-----w- c:\documents and settings\Dave B\Local Settings\Application Data\MediaMonkey 2011-08-16 03:24 . 2011-08-16 04:15 -------- d-----w- c:\program files\MediaMonkey 2011-08-16 00:33 . 2011-09-03 00:35 -------- d-----w- c:\documents and settings\Dave B\Local Settings\Application Data\Conduit 2011-08-16 00:26 . 2011-08-16 00:26 -------- d-----w- c:\documents and settings\Dave B\Local Settings\Application Data\Babylon 2011-08-16 00:26 . 2011-08-16 00:26 -------- d-----w- c:\documents and settings\Dave B\Application Data\Babylon 2011-08-16 00:26 . 2011-08-16 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2011-08-15 20:35 . 2011-08-15 20:35 -------- d-----w- c:\documents and settings\Dave B\Application Data\iPodtoComputer 2011-08-15 20:34 . 2008-12-17 20:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll 2011-08-15 20:34 . 2008-06-15 16:13 6144 ----a-w- c:\windows\system32\ff_acm.acm 2011-08-15 20:34 . 2008-06-15 05:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2011-08-15 20:34 . 2008-06-15 05:01 258352 ----a-w- c:\windows\system32\unicows.dll 2011-08-15 20:34 . 2011-08-15 20:34 -------- d-----w- c:\program files\Cucusoft 2011-08-15 20:32 . 2011-08-15 23:43 -------- d-----w- c:\documents and settings\Dave B\Application Data\GetRightToGo 2011-08-15 19:15 . 2011-08-15 19:15 -------- d-----w- c:\documents and settings\Dave B\EurekaLog 2011-08-15 19:14 . 2011-08-15 19:15 -------- d-----w- c:\program files\iPhone PC Transfer 2011-08-15 18:28 . 2011-08-18 18:22 -------- d-----w- c:\documents and settings\Dave B\Application Data\WindSolutions 2011-08-15 18:28 . 2011-08-15 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions 2011-08-15 17:31 . 2011-08-15 17:57 -------- d-----w- c:\documents and settings\Dave B\Application Data\DiskAid 2011-08-15 14:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-15 14:53 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-07 03:50 . 2011-08-07 03:50 -------- d-----w- c:\program files\Garmin . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-27 19:34 . 2011-05-19 04:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 02:52 . 2009-08-26 08:08 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52 . 2009-08-26 08:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2009-08-25 20:38 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:18 . 2006-03-04 03:33 667136 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:18 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:18 . 2004-08-04 10:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-06-21 12:58 . 2004-08-04 10:00 369664 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-08-31 16:01 . 2011-08-31 16:01 294712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2011-08-27 19:50 . 2011-08-27 19:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-09-03_17.09.22 ))))))))))))))))))))))))))))))))))))))))) . + 2011-09-03 17:42 . 2011-09-03 17:42 16384 c:\windows\temp\Perflib_Perfdata_6e0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSGTAG"="c:\program files\MSGTAG Status\MSGTAGStatus.exe" [2007-07-11 1820160] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-03 184320] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216] "nwiz"="nwiz.exe" [2006-05-01 1519616] "NVHotkey"="nvHotkey.dll" [2006-05-01 73728] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-8-25 24576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "New Value #1"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Dave B^Start Menu^Programs^Startup^eFax 4.4.lnk] backup=c:\windows\pss\eFax 4.4.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "btwdins"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Dave B\\My Documents\\i-Phone 3GS\\tinyumbrella-4.21.05.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/26/2009 1:08 AM 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/26/2009 1:08 AM 22712] S3 silabenm;Super Tuner Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [7/1/2010 4:03 PM 17920] S3 silabser;Super Tuner Driver;c:\windows\system32\drivers\silabser.sys [7/1/2010 4:03 PM 62592] . Contents of the 'Scheduled Tasks' folder . 2011-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1202660629-725345543-1004Core.job - c:\documents and settings\Dave B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-27 19:57] . 2011-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1202660629-725345543-1004UA.job - c:\documents and settings\Dave B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-27 19:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&tagId=-99&CurrentPage=MyeBayNextWatching&ssPageName=STRK:ME:LNLK:MEWAX uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Dave B\Application Data\Mozilla\Firefox\Profiles\deqfr6cb.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&tagId=-99&CurrentPage=MyeBayNextWatching&ssPageName=STRK:ME:LNLK:MEWAX . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTor.dll BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTor.dll Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTor.dll Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\uTorrentBar\prxtbuTor.dll AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe AddRemove-uTorrentBar Toolbar - c:\program files\uTorrentBar\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-03 10:43 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1715567821-1202660629-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(868) c:\windows\system32\NavLogon.dll . - - - - - - - > 'explorer.exe'(2816) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\stsystra.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2011-09-03 10:45:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-03 17:45 ComboFix2.txt 2011-09-03 17:10 . Pre-Run: 41,144,692,736 bytes free Post-Run: 41,046,978,560 bytes free . - - End Of File - - A063D1A915A6221709073A3E3F0EADD5
  10. drb930
    New log. I had to take off the Microsoft Security because there is no way to turn it off? Thanks, Dave ComboFix 11-09-03.01 - Dave B 09/03/2011 10:05:17.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1474 [GMT -7:00] Running from: c:\documents and settings\Dave B\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Dave B\Application Data\1947.bat c:\documents and settings\Dave B\Application Data\3020.bat c:\documents and settings\Dave B\Application Data\4789.bat c:\documents and settings\Dave B\Application Data\684.bat c:\documents and settings\Dave B\Application Data\7399.bat c:\documents and settings\Dave B\Local Settings\Application Data\kbdMapEnum\HpWIUsb.dll c:\documents and settings\Dave B\WINDOWS c:\documents and settings\LocalService\Application Data\3766.bat c:\documents and settings\NetworkService\Application Data\9368.bat c:\windows\system32\comct332.ocx c:\windows\system32\regobj.dll c:\windows\system32\w32apiw.dll . . ((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 ))))))))))))))))))))))))))))))) . . 2011-08-31 17:25 . 2011-08-31 17:25 -------- d-----w- c:\documents and settings\Dave B\Application Data\webex 2011-08-31 16:00 . 2011-08-31 16:00 175416 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll 2011-08-28 22:34 . 2011-08-28 22:34 -------- d-----w- c:\program files\Conduit 2011-08-28 22:33 . 2011-08-28 22:33 -------- d-----w- c:\program files\uTorrent 2011-08-28 22:32 . 2011-08-28 22:35 -------- d-----w- c:\documents and settings\Dave B\Application Data\uTorrent 2011-08-28 22:32 . 2011-08-28 22:32 -------- d-----w- c:\documents and settings\Dave B\Local Settings\Application Data\uTorrent 2011-08-27 19:50 . 2011-08-27 19:50 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-08-27 19:50 . 2011-08-27 19:50 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-08-27 19:50 . 2011-08-27 19:50 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-08-27 19:50 . 2011-08-27 19:50 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-08-27 19:50 . 2011-08-27 19:50 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-08-27 19:50 . 2011-08-27 19:50 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-08-27 19:50 . 2011-08-27 19:50 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-08-27 19:50 . 2011-08-27 19:50 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-08-26 22:07 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-25 19:31 . 2011-08-25 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Aiseesoft Studio 2011-08-25 19:30 . 2011-09-03 17:08 -------- d-----w- c:\documents and settings\Dave B\Local Settings\Application Data\kbdMapEnum 2011-08-20 05:39 . 1996-10-02 00:18 247184 ----a-w- c:\windows\UNINST16.EXE 2011-08-18 17:32 . 2011-08-18 18:10 -------- d-----w- c:\documents and settings\Dave B\Application Data\TuneAid 2011-08-16 04:07 . 2011-08-16 04:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-08-16 03:24 . 2011-08-16 04:15 -------- d-----w- c:\documents and settings\Dave B\Local Settings\Application Data\MediaMonkey 2011-08-16 03:24 . 2011-08-16 04:15 -------- d-----w- c:\program files\MediaMonkey 2011-08-16 00:33 . 2011-08-28 22:34 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-08-16 00:33 . 2011-09-03 00:35 -------- d-----w- c:\documents and settings\Dave B\Local Settings\Application Data\Conduit 2011-08-16 00:26 . 2011-08-16 00:26 -------- d-----w- c:\documents and settings\Dave B\Local Settings\Application Data\Babylon 2011-08-16 00:26 . 2011-08-16 00:26 -------- d-----w- c:\documents and settings\Dave B\Application Data\Babylon 2011-08-16 00:26 . 2011-08-16 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2011-08-15 20:35 . 2011-08-15 20:35 -------- d-----w- c:\documents and settings\Dave B\Application Data\iPodtoComputer 2011-08-15 20:34 . 2008-12-17 20:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll 2011-08-15 20:34 . 2008-06-15 16:13 6144 ----a-w- c:\windows\system32\ff_acm.acm 2011-08-15 20:34 . 2008-06-15 05:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2011-08-15 20:34 . 2008-06-15 05:01 258352 ----a-w- c:\windows\system32\unicows.dll 2011-08-15 20:34 . 2011-08-15 20:34 -------- d-----w- c:\program files\Cucusoft 2011-08-15 20:32 . 2011-08-15 23:43 -------- d-----w- c:\documents and settings\Dave B\Application Data\GetRightToGo 2011-08-15 19:15 . 2011-08-15 19:15 -------- d-----w- c:\documents and settings\Dave B\EurekaLog 2011-08-15 19:14 . 2011-08-15 19:15 -------- d-----w- c:\program files\iPhone PC Transfer 2011-08-15 18:28 . 2011-08-18 18:22 -------- d-----w- c:\documents and settings\Dave B\Application Data\WindSolutions 2011-08-15 18:28 . 2011-08-15 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions 2011-08-15 17:31 . 2011-08-15 17:57 -------- d-----w- c:\documents and settings\Dave B\Application Data\DiskAid 2011-08-15 14:54 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-15 14:53 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-07 03:50 . 2011-08-07 03:50 -------- d-----w- c:\program files\Garmin . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-27 19:34 . 2011-05-19 04:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 02:52 . 2009-08-26 08:08 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52 . 2009-08-26 08:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2009-08-25 20:38 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:18 . 2006-03-04 03:33 667136 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:18 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:18 . 2004-08-04 10:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-06-21 12:58 . 2004-08-04 10:00 369664 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-08-31 16:01 . 2011-08-31 16:01 294712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2011-08-27 19:50 . 2011-08-27 19:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSGTAG"="c:\program files\MSGTAG Status\MSGTAGStatus.exe" [2007-07-11 1820160] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-03 184320] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216] "nwiz"="nwiz.exe" [2006-05-01 1519616] "NVHotkey"="nvHotkey.dll" [2006-05-01 73728] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-8-25 24576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "New Value #1"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Dave B^Start Menu^Programs^Startup^eFax 4.4.lnk] backup=c:\windows\pss\eFax 4.4.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "btwdins"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Dave B\\My Documents\\i-Phone 3GS\\tinyumbrella-4.21.05.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/26/2009 1:08 AM 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/26/2009 1:08 AM 22712] S3 silabenm;Super Tuner Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [7/1/2010 4:03 PM 17920] S3 silabser;Super Tuner Driver;c:\windows\system32\drivers\silabser.sys [7/1/2010 4:03 PM 62592] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?] . Contents of the 'Scheduled Tasks' folder . 2011-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1202660629-725345543-1004Core.job - c:\documents and settings\Dave B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-27 19:57] . 2011-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1202660629-725345543-1004UA.job - c:\documents and settings\Dave B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-27 19:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&tagId=-99&CurrentPage=MyeBayNextWatching&ssPageName=STRK:ME:LNLK:MEWAX uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Dave B\Application Data\Mozilla\Firefox\Profiles\deqfr6cb.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&tagId=-99&CurrentPage=MyeBayNextWatching&ssPageName=STRK:ME:LNLK:MEWAX . - - - - ORPHANS REMOVED - - - - . HKCU-Run-eFax 4.4 - files\efax messenger 4.4\j2gdllcmd.exe HKCU-Run-HpWIUsb - c:\documents and settings\Dave B\Local Settings\Application Data\kbdMapEnum\HpWIUsb.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-03 10:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1715567821-1202660629-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(864) c:\windows\system32\NavLogon.dll . Completion time: 2011-09-03 10:10:29 ComboFix-quarantined-files.txt 2011-09-03 17:10 . Pre-Run: 41,085,255,680 bytes free Post-Run: 41,141,280,768 bytes free . - - End Of File - - 66609A02DD87101234D347E665951BC8
  11. drb930
    BTW, How do I get this Lavasoft Ad-Watch Live off my computer? Thanks, Dave
  12. drb930
    LDTate, Logs as requested. Thanks, Dave . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26 Run by Dave B at 9:25:26 on 2011-09-03 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1271 [GMT -7:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\MSGTAG Status\MSGTAGStatus.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&tagId=-99&CurrentPage=MyeBayNextWatching&ssPageName=STRK:ME:LNLK:MEWAX uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [MSGTAG] "c:\program files\msgtag status\MSGTAGStatus.exe" /startup uRun: [eFax 4.4] //~c:\program files\efax messenger 4.4\j2gdllcmd.exe /r uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [HpWIUsb] rundll32.exe "c:\documents and settings\dave b\local settings\application data\kbdmapenum\HpWIUsb.dll",iTunesUserInit advMapClock uRun: [Google Update] "c:\documents and settings\dave b\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe mPolicies-explorer: New Value #1 = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{95BC6D4A-A035-401A-B887-C4984EE99E51} : DhcpNameServer = 192.168.1.1 Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 74.208.10.249 gs.apple.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\dave b\application data\mozilla\firefox\profiles\deqfr6cb.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&tagId=-99&CurrentPage=MyeBayNextWatching&ssPageName=STRK:ME:LNLK:MEWAX FF - component: c:\documents and settings\dave b\application data\mozilla\firefox\profiles\deqfr6cb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\dave b\application data\mozilla\firefox\profiles\deqfr6cb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll FF - component: c:\documents and settings\dave b\application data\mozilla\firefox\profiles\deqfr6cb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll FF - plugin: c:\documents and settings\dave b\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKsl264d13cb;MpKsl264d13cb;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cefba7e-d7f6-4f3b-bb12-1e8310726d4a}\MpKsl264d13cb.sys [2011-9-3 28752] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-26 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-26 22712] S3 silabenm;Super Tuner Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2010-7-1 17920] S3 silabser;Super Tuner Driver;c:\windows\system32\drivers\silabser.sys [2010-7-1 62592] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?] . =============== Created Last 30 ================ . 2011-09-03 16:19:02 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cefba7e-d7f6-4f3b-bb12-1e8310726d4a}\MpKsl264d13cb.sys 2011-09-02 23:50:50 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5cefba7e-d7f6-4f3b-bb12-1e8310726d4a}\mpengine.dll 2011-08-31 17:25:54 -------- d-----w- c:\documents and settings\dave b\application data\webex 2011-08-31 16:00:54 175416 ----a-w- c:\program files\mozilla firefox\plugins\npatgpc.dll 2011-08-28 22:34:18 -------- d-----w- c:\program files\Conduit 2011-08-28 22:34:15 -------- d-----w- c:\program files\ConduitEngine 2011-08-28 22:34:15 -------- d-----w- c:\documents and settings\dave b\local settings\application data\uTorrentBar 2011-08-28 22:34:15 -------- d-----w- c:\documents and settings\dave b\local settings\application data\ConduitEngine 2011-08-28 22:34:12 -------- d-----w- c:\program files\uTorrentBar 2011-08-28 22:33:56 -------- d-----w- c:\program files\uTorrent 2011-08-28 22:32:35 -------- d-----w- c:\documents and settings\dave b\local settings\application data\uTorrent 2011-08-28 22:32:35 -------- d-----w- c:\documents and settings\dave b\application data\uTorrent 2011-08-28 03:23:38 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2011-08-27 19:50:37 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-08-27 19:50:37 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-08-27 19:50:37 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-08-27 19:50:37 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-08-27 19:50:37 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-08-27 19:50:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-08-27 19:50:36 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-08-27 19:50:36 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-08-26 22:07:31 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-26 22:05:15 -------- d-----w- c:\program files\Microsoft Security Client 2011-08-25 19:31:52 -------- d-----w- c:\documents and settings\all users\application data\Aiseesoft Studio 2011-08-25 19:30:52 -------- d-----w- c:\documents and settings\dave b\local settings\application data\kbdMapEnum 2011-08-20 05:39:37 247184 ----a-w- c:\windows\UNINST16.EXE 2011-08-18 17:32:32 -------- d-----w- c:\documents and settings\dave b\application data\TuneAid 2011-08-16 03:24:53 -------- d-----w- c:\documents and settings\dave b\local settings\application data\MediaMonkey 2011-08-16 03:24:52 -------- d-----w- c:\program files\MediaMonkey 2011-08-16 00:33:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-08-16 00:33:50 -------- d-----w- c:\documents and settings\dave b\local settings\application data\Conduit 2011-08-16 00:26:26 -------- d-----w- c:\documents and settings\dave b\local settings\application data\Babylon 2011-08-16 00:26:25 -------- d-----w- c:\documents and settings\dave b\application data\Babylon 2011-08-16 00:26:25 -------- d-----w- c:\documents and settings\all users\application data\Babylon 2011-08-15 20:35:01 -------- d-----w- c:\documents and settings\dave b\application data\iPodtoComputer 2011-08-15 20:34:44 6144 ----a-w- c:\windows\system32\ff_acm.acm 2011-08-15 20:34:44 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2011-08-15 20:34:44 57344 ----a-w- c:\windows\system32\ff_vfw.dll 2011-08-15 20:34:44 258352 ----a-w- c:\windows\system32\unicows.dll 2011-08-15 20:34:43 -------- d-----w- c:\program files\Cucusoft 2011-08-15 20:32:42 -------- d-----w- c:\documents and settings\dave b\application data\GetRightToGo 2011-08-15 19:15:08 -------- d-----w- c:\documents and settings\dave b\EurekaLog 2011-08-15 19:14:43 -------- d-----w- c:\program files\iPhone PC Transfer 2011-08-15 18:28:58 -------- d-----w- c:\documents and settings\dave b\application data\WindSolutions 2011-08-15 18:28:17 -------- d-----w- c:\documents and settings\all users\application data\WindSolutions 2011-08-15 17:31:35 -------- d-----w- c:\documents and settings\dave b\application data\DiskAid 2011-08-15 14:54:05 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-15 14:53:35 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-07 03:50:12 -------- d-----w- c:\program files\Garmin . ==================== Find3M ==================== . 2011-08-27 19:34:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-25 21:25:55 0 ----a-w- c:\windows\system32\w32apiw.dll 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:18:34 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:18:34 667136 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:18:34 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-06-21 12:58:45 369664 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll . ============= FINISH: 9:25:57.42 =============== dds.txt attach.zip
  13. drb930
    LDTate, Thanks for picking up my thread. In my add/remove programs there is nothing from Lavasoft. I also checked by searching files and folders, nothing. I did used to have Lavasoft on here though. Your link of- Please download ATF Cleaner by Atribune, does not work after trying 3 different browsers. Could the web site be down? Thanks, Dave
  14. drb930
    Will anyone help me with this? Thanks, Dave . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26 Run by Dave B at 18:57:10 on 2011-08-28 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1405 [GMT -7:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\MediaDirect\PCMService.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\MSGTAG Status\MSGTAGStatus.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&tagId=-99&CurrentPage=MyeBayNextWatching&ssPageName=STRK:ME:LNLK:MEWAX uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [MSGTAG] "c:\program files\msgtag status\MSGTAGStatus.exe" /startup uRun: [eFax 4.4] //~c:\program files\efax messenger 4.4\j2gdllcmd.exe /r uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [HpWIUsb] rundll32.exe "c:\documents and settings\dave b\local settings\application data\kbdmapenum\HpWIUsb.dll",iTunesUserInit advMapClock uRun: [Google Update] "c:\documents and settings\dave b\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe mPolicies-explorer: New Value #1 = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{95BC6D4A-A035-401A-B887-C4984EE99E51} : DhcpNameServer = 192.168.1.1 Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 74.208.10.249 gs.apple.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\dave b\application data\mozilla\firefox\profiles\deqfr6cb.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&tagId=-99&CurrentPage=MyeBayNextWatching&ssPageName=STRK:ME:LNLK:MEWAX FF - component: c:\documents and settings\dave b\application data\mozilla\firefox\profiles\deqfr6cb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\dave b\application data\mozilla\firefox\profiles\deqfr6cb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll FF - component: c:\documents and settings\dave b\application data\mozilla\firefox\profiles\deqfr6cb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll FF - plugin: c:\documents and settings\dave b\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKsl7d5f804b;MpKsl7d5f804b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{412e12f0-c59b-4f5b-8654-22c8df55fb29}\MpKsl7d5f804b.sys [2011-8-28 28752] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-26 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-26 22712] S3 silabenm;Super Tuner Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2010-7-1 17920] S3 silabser;Super Tuner Driver;c:\windows\system32\drivers\silabser.sys [2010-7-1 62592] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?] . =============== Created Last 30 ================ . 2011-08-29 01:56:09 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{412e12f0-c59b-4f5b-8654-22c8df55fb29}\MpKsl7d5f804b.sys 2011-08-28 22:34:18 -------- d-----w- c:\program files\Conduit 2011-08-28 22:34:15 -------- d-----w- c:\program files\ConduitEngine 2011-08-28 22:34:15 -------- d-----w- c:\documents and settings\dave b\local settings\application data\uTorrentBar 2011-08-28 22:34:15 -------- d-----w- c:\documents and settings\dave b\local settings\application data\ConduitEngine 2011-08-28 22:34:12 -------- d-----w- c:\program files\uTorrentBar 2011-08-28 22:33:56 -------- d-----w- c:\program files\uTorrent 2011-08-28 22:32:35 -------- d-----w- c:\documents and settings\dave b\local settings\application data\uTorrent 2011-08-28 22:32:35 -------- d-----w- c:\documents and settings\dave b\application data\uTorrent 2011-08-28 03:23:38 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2011-08-28 03:23:22 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{412e12f0-c59b-4f5b-8654-22c8df55fb29}\mpengine.dll 2011-08-27 19:50:37 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-08-27 19:50:37 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-08-27 19:50:37 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-08-27 19:50:37 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-08-27 19:50:37 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-08-27 19:50:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-08-27 19:50:36 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-08-27 19:50:36 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-08-26 22:07:31 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-26 22:05:15 -------- d-----w- c:\program files\Microsoft Security Client 2011-08-25 19:31:52 -------- d-----w- c:\documents and settings\all users\application data\Aiseesoft Studio 2011-08-25 19:30:52 -------- d-----w- c:\documents and settings\dave b\local settings\application data\kbdMapEnum 2011-08-20 05:39:37 247184 ----a-w- c:\windows\UNINST16.EXE 2011-08-18 17:32:32 -------- d-----w- c:\documents and settings\dave b\application data\TuneAid 2011-08-16 03:24:53 -------- d-----w- c:\documents and settings\dave b\local settings\application data\MediaMonkey 2011-08-16 03:24:52 -------- d-----w- c:\program files\MediaMonkey 2011-08-16 00:33:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-08-16 00:33:50 -------- d-----w- c:\documents and settings\dave b\local settings\application data\Conduit 2011-08-16 00:26:26 -------- d-----w- c:\documents and settings\dave b\local settings\application data\Babylon 2011-08-16 00:26:25 -------- d-----w- c:\documents and settings\dave b\application data\Babylon 2011-08-16 00:26:25 -------- d-----w- c:\documents and settings\all users\application data\Babylon 2011-08-15 20:35:01 -------- d-----w- c:\documents and settings\dave b\application data\iPodtoComputer 2011-08-15 20:34:44 6144 ----a-w- c:\windows\system32\ff_acm.acm 2011-08-15 20:34:44 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2011-08-15 20:34:44 57344 ----a-w- c:\windows\system32\ff_vfw.dll 2011-08-15 20:34:44 258352 ----a-w- c:\windows\system32\unicows.dll 2011-08-15 20:34:43 -------- d-----w- c:\program files\Cucusoft 2011-08-15 20:32:42 -------- d-----w- c:\documents and settings\dave b\application data\GetRightToGo 2011-08-15 19:15:08 -------- d-----w- c:\documents and settings\dave b\EurekaLog 2011-08-15 19:14:43 -------- d-----w- c:\program files\iPhone PC Transfer 2011-08-15 18:28:58 -------- d-----w- c:\documents and settings\dave b\application data\WindSolutions 2011-08-15 18:28:17 -------- d-----w- c:\documents and settings\all users\application data\WindSolutions 2011-08-15 17:31:35 -------- d-----w- c:\documents and settings\dave b\application data\DiskAid 2011-08-15 14:54:05 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-15 14:53:35 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-07 03:50:12 -------- d-----w- c:\program files\Garmin . ==================== Find3M ==================== . 2011-08-27 19:34:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-25 21:25:55 0 ----a-w- c:\windows\system32\w32apiw.dll 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:18:34 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:18:34 667136 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:18:34 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-06-21 12:58:45 369664 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 18:57:41.64 ===============
  15. drb930
    I have MalwareBytes Pro and Microsoft Security Essentials Logs posted as requested. Thanks in advance for your help. Dave I have not received any help on this yet. Thanks, Dave protection-log-2011-08-28.txt dds.txt attach.zip ark.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.