Jump to content

Can't completely remove a virus


cycle1

Recommended Posts

Hi,

I caught a bug, and I used Malwarebytes to successfully remove all of it except for one part, which returns within 24 hours of removal. If anyone has time, I would gladly welcome and appreciate any expert help in permanently removing this trojan. Below, I posted my scan results to show what was infected, and thanks in advance for any assistance:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.07.13

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

David :: DFG1FS91 [administrator]

9/23/2012 1:01:52 AM

mbam-log-2012-09-23 (09-03-05).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 474035

Time elapsed: 3 hour(s), 35 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Hello cycle1 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Your database version is very old:

Database version: v2012.09.07.13

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Hi,

Thank you for choosing to help me. Whenever I try to update MBAM, I always get this error:

An error has occurred. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission).

PROGRAM_ERROR_UPDATING(0, 0, Invalid argument)

Also, I wasn't a paying customer, so I'll assume I can't use services from the help desk. Seeing as I can't update MBAM, should I just run the scan anyway and proceed as you said?

Link to post
Share on other sites

Please do the following:


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

Hi,

I ran mbam-clean.exe and restarted my computer. Then I downloaded Malwarebytes from the link in the post above. When it went to update, it gave me the same error. Also, when it started the program, it mentioned that "The Malwarebytes Anti-Malware database is missing or corrupt. Would you like to download a new copy?". When I click yes, it gives me the same updating error mentioned above. I restarted my computer just to see if it would happen again, and it did. Should I download a different copy?

Link to post
Share on other sites

I followed the instructions from the link, and below (and attached) are the logs:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.07.13

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

David :: DFG1FS91 [administrator]

9/25/2012 6:27:20 PM

mbam-log-2012-09-25 (22-03-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 291903

Time elapsed: 21 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

dds.txt

attach.txt

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

Viewpoint Media Player

Windows Savevid Toolbar

Step 2

Please download AppRemover and save it on your desktop. Start the application and click Next and then select Clean Up a Failed Uninstall. Wait until AppRemover finishes scanning the computer and determines which security applications have elements installed. For some applications, AppRemover requires that you restart your computer to finish the uninstallation. If prompted, restart your computer before exiting AppRemover.

Step 3

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • AdwCleaner log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

I apologize, here are the files below:

# AdwCleaner v2.003 - Logfile created 09/26/2012 at 09:39:29

# Updated 23/09/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : David - DFG1FS91

# Boot Mode : Normal

# Running from : C:\Documents and Settings\David Colon-Smith\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess

Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Found : C:\Program Files\Windows Savevid Toolbar

***** [Registry] *****

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\Software\Viewpoint

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.89

*************************

AdwCleaner[R1].txt - [2152 octets] - [26/09/2012 09:39:29]

########## EOF - C:\AdwCleaner[R1].txt - [2212 octets] ##########

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by David at 10:01:29 on 2012-09-26

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.71 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Trend Micro PC-cillin Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\intersystems\cache\bin\cservice.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\altera\91sp2\quartus\bin\jtagserver.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\mcafee.com\personal firewall\MPFService.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

c:\intersystems\cache\bin\cache.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Documents and Settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMEService.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\InterSystems\Cache\httpd\bin\httpd.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\mcafee.com\personal firewall\MPFTray.exe

C:\InterSystems\Cache\httpd\bin\httpd.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\David Colon-Smith\Desktop\adwcleaner.exe

C:\Documents and Settings\David Colon-Smith\Desktop\aswMBR.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi0498~1\datamngr\toolbar\searchqudtx.dll

TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\david colon-smith\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [MPFEXE] "c:\program files\mcafee.com\personal firewall\MPFTray.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "c:\program files\Windows Savevid Toolbar"

mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "c:\program files\windows savevid toolbar\datamngr\ToolBar"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cruzan2.webex.com/client/T27LB/webex/ieatgpc.cab

TCP: DhcpNameServer = 152.3.72.100 152.3.70.100

TCP: Interfaces\{38434B1E-6738-4A86-85C6-579D6B868F8B} : DhcpNameServer = 152.3.72.100 152.3.70.100

Notify: igfxcui - igfxdev.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

AppInit_DLLs: c:\windows\system32\gdi3232.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-12-16 80640]

R1 MpKsl30dd1ea7;MpKsl30dd1ea7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83757166-bbd5-49ea-b802-834d557fa638}\MpKsl30dd1ea7.sys [2012-9-25 29904]

R2 Cache_c-_intersystems_cache;Caché Controller for CACHEWEB;c:\intersystems\cache\bin\cservice.exe [2008-8-18 73728]

R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\david colon-smith\my documents\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

R3 CACHEWEBhttpd;Web Server for CACHEWEB;c:\intersystems\cache\httpd\bin\httpd.exe [2008-8-18 20541]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-24 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Dhcp32;DHCP Client ;c:\windows\system32\gearaspi32.exe --> c:\windows\system32\GEARAspi32.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-1 136176]

S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\cryptdlg32.exe --> c:\windows\system32\cryptdlg32.exe [?]

S2 HTTPFilter32;HTTP SSL ;c:\windows\system32\atl7132.exe --> c:\windows\system32\ATL7132.exe [?]

S2 lanmanserver32;Server ;c:\windows\system32\postwpp32.exe --> c:\windows\system32\POSTWPP32.exe [?]

S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\rastls32.exe --> c:\windows\system32\rastls32.exe [?]

S2 RegSrvc32;RegSrvc ;c:\windows\system32\gcdef32.exe --> c:\windows\system32\gcdef32.exe [?]

S2 VSS32;Volume Shadow Copy ;c:\windows\system32\dlccutil(3)32.exe --> c:\windows\system32\dlccutil(3)32.exe [?]

S2 xmlprov32;Network Provisioning Service ;c:\windows\system32\tossndapi32.exe --> c:\windows\system32\TosSndAPI32.exe [?]

S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [2011-9-19 58960]

S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2007-6-15 16194]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-1 136176]

S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-12-16 114464]

S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-6-3 120168]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2072-07-31 22:44:42 375808 ----a-w- c:\program files\microsoft games\halo\binkw32.dll

2012-09-26 02:21:09 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83757166-bbd5-49ea-b802-834d557fa638}\MpKsl30dd1ea7.sys

2012-09-24 20:46:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-09-24 20:46:56 -------- d-----w- c:\documents and settings\david colon-smith\application data\Malwarebytes

2012-09-24 20:46:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-09-24 20:46:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-24 20:46:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-21 11:35:54 -------- d-----w- c:\documents and settings\david colon-smith\application data\McAfee

2012-09-21 11:31:22 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2012-09-21 11:31:22 23112 ----a-w- c:\windows\system32\MFEOtlk.dll

2012-09-21 11:28:29 -------- d-----w- c:\program files\McAfee

.

==================== Find3M ====================

.

2008-04-05 21:01:47 3778594 ----a-w- c:\program files\bluejsetup-221.exe

.

============= FINISH: 10:01:45.59 ===============

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-26 09:41:40

-----------------------------

09:41:40.187 OS Version: Windows 5.1.2600 Service Pack 3

09:41:40.187 Number of processors: 1 586 0xD08

09:41:40.187 ComputerName: DFG1FS91 UserName: David

09:41:40.734 Initialize success

09:41:51.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

09:41:51.750 Disk 0 Vendor: Hitachi_HTS721060G9AT00 MC3OA53A Size: 55796MB BusType: 3

09:41:51.765 Disk 0 MBR read successfully

09:41:51.765 Disk 0 MBR scan

09:41:51.765 Disk 0 unknown MBR code

09:41:51.765 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63

09:41:51.781 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52046 MB offset 96390

09:41:51.812 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3694 MB offset 106687665

09:41:51.812 Disk 0 scanning sectors +114254280

09:41:51.890 Disk 0 scanning C:\WINDOWS\system32\drivers

09:42:02.781 Service scanning

09:42:05.421 Service BVRPMPR5 D:\INSTAL~E\Core\BVRPMPR5.SYS **LOCKED** 21

09:42:12.234 Service MpKsl30dd1ea7 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl30dd1ea7.sys **LOCKED** 32

09:42:22.046 Modules scanning

09:42:32.078 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**

09:42:34.046 Disk 0 trace - called modules:

09:42:34.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

09:42:34.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8710bab8]

09:42:34.078 3 CLASSPNP.SYS[f7687fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87174d98]

09:42:34.078 Scan finished successfully

09:43:19.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Colon-Smith\Desktop\MBR.dat"

09:43:19.484 The log file has been saved successfully to "C:\Documents and Settings\David Colon-Smith\Desktop\aswMBR.txt"

Sorry again for attaching them earlier.

Link to post
Share on other sites

It's okay. :)

Step 1

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Step 2

Please open www.virustotal.com and upload the following file:

C:\WINDOWS\System32\DLA\DLADResN.SYS

Wait until scan finished and copy/paste the URL in your next reply here.

In your next reply, post the following log files:

  • AdwCleaner log
  • Virustotal log

Link to post
Share on other sites

Below is the posted log and the URL:

# AdwCleaner v2.003 - Logfile created 09/29/2012 at 01:01:36

# Updated 23/09/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : David - DFG1FS91

# Boot Mode : Normal

# Running from : C:\Documents and Settings\David Colon-Smith\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Deleted : C:\Program Files\Windows Savevid Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\Software\Viewpoint

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

*************************

AdwCleaner[R1].txt - [2281 octets] - [26/09/2012 09:39:29]

AdwCleaner[R2].txt - [2341 octets] - [26/09/2012 09:56:22]

AdwCleaner[R3].txt - [2401 octets] - [26/09/2012 09:57:36]

AdwCleaner[R4].txt - [2281 octets] - [26/09/2012 09:58:27]

AdwCleaner[s1].txt - [2681 octets] - [29/09/2012 01:01:36]

########## EOF - C:\AdwCleaner[s1].txt - [2741 octets] ##########

https://www.virustotal.com/file/25b18fef62395abb1eb4c17d81d9eb31759f6c5dbaa5cdb192949055d69e3071/analysis/1348895321/

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hi, below is my log after running ComboFix:

ComboFix 12-09-27.03 - David 09/30/2012 1:48.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.620 [GMT -4:00]

Running from: c:\documents and settings\David Colon-Smith\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Trend Micro PC-cillin Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\956ab021

c:\documents and settings\All Users\SPL591.tmp

c:\documents and settings\All Users\SPLF0.tmp

c:\documents and settings\David Colon-Smith\Application Data\40933372

c:\documents and settings\David Colon-Smith\Application Data\Adobe\plugs

c:\documents and settings\David Colon-Smith\Application Data\Adobe\shed

c:\documents and settings\David Colon-Smith\hkaiwhwauv.tmp

c:\documents and settings\David Colon-Smith\My Documents\~WRL0217.tmp

c:\documents and settings\David Colon-Smith\My Documents\~WRL0341.tmp

c:\documents and settings\David Colon-Smith\My Documents\~WRL0407.tmp

c:\documents and settings\David Colon-Smith\My Documents\~WRL0408.tmp

c:\documents and settings\David Colon-Smith\My Documents\~WRL0883.tmp

c:\documents and settings\David Colon-Smith\My Documents\~WRL1560.tmp

c:\documents and settings\David Colon-Smith\My Documents\~WRL3040.tmp

c:\documents and settings\David Colon-Smith\My Documents\~WRL3743.tmp

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\install.rdf

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome\xulcache.jar

c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\install.rdf

c:\documents and settings\Ivy Colon\hkaiwhwauv.tmp

c:\windows\iun6002.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\SET11A.tmp

c:\windows\system32\SET2E.tmp

c:\windows\system32\SET2F.tmp

c:\windows\system32\SET30.tmp

c:\windows\system32\SET7C7.tmp

c:\windows\system32\SET7D3.tmp

c:\windows\system32\SET7DB.tmp

c:\windows\system32\SET7DC.tmp

c:\windows\system32\SET7DE.tmp

c:\windows\system32\SET7E1.tmp

c:\windows\system32\SETDC.tmp

c:\windows\system32\SETF0.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\wt

c:\windows\wt\data.wts

c:\windows\wt\updater\wcmdmgr.exe

c:\windows\wt\updater\wcmdmgrl.exe

c:\windows\wt\updater\wt.ini

c:\windows\wt\webdriver.dll

c:\windows\wt\webdriver\4.1.1\actorobject.dll

c:\windows\wt\webdriver\4.1.1\dx5drv.dll

c:\windows\wt\webdriver\4.1.1\dx7drv.dll

c:\windows\wt\webdriver\4.1.1\objectbundle.dll

c:\windows\wt\webdriver\4.1.1\sound.dll

c:\windows\wt\webdriver\4.1.1\wdcaps.ded

c:\windows\wt\webdriver\4.1.1\wdengine.dll

c:\windows\wt\webdriver\4.1.1\webdriver.dll

c:\windows\wt\webdriver\4.1.1\wthost.exe

c:\windows\wt\webdriver\4.1.1\wthostctl.dll

c:\windows\wt\webdriver\4.1.1\wtmulti.dll

c:\windows\wt\webdriver\4.1.1\wtmulti.jar

c:\windows\wt\webdriver\4.1.1\wtwmplug.ax

c:\windows\wt\webdriver\4.1.1\wtwmplug.ini

c:\windows\wt\webdriver\jdriver.dll

c:\windows\wt\webdriver\rdriver.dll

c:\windows\wt\webdriver\wildtangent.jar

c:\windows\wt\webdriver\wtdmmp.dll

c:\windows\wt\webdriver\wtdmmpi.jar

c:\windows\wt\webdriver\wtdmmpv.dll

c:\windows\wt\wt3d.dll

c:\windows\wt\wt3d.ini

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll

c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo

c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto

c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo

c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas

c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html

c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts

c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt

c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts

c:\windows\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded

c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo

c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas

c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas

c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar

c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini

c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe

c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar

c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax

c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini

c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo

c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll

c:\windows\wt\wtupdates\wtdmmp\update_info\data.wts

c:\windows\wt\wtupdates\wtupdater\appinfo.dat

c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts

c:\windows\wt\wtvh.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_DHCP32

-------\Service_Dhcp32

.

.

((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))

.

.

2072-07-31 22:44 . 2004-08-24 19:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll

2012-09-24 20:46 . 2012-09-25 20:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-09-24 20:46 . 2012-09-24 20:46 -------- d-----w- c:\documents and settings\David Colon-Smith\Application Data\Malwarebytes

2012-09-24 20:46 . 2012-09-24 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-09-24 20:46 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-24 20:46 . 2012-09-25 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-21 11:35 . 2012-09-21 11:35 -------- d-----w- c:\documents and settings\David Colon-Smith\Application Data\McAfee

2012-09-21 11:31 . 2012-09-21 11:29 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2012-09-21 11:31 . 2012-09-21 11:29 23112 ----a-w- c:\windows\system32\MFEOtlk.dll

2012-09-21 11:28 . 2012-09-23 04:55 -------- d-----w- c:\program files\McAfee

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-05 21:01 . 2008-04-05 21:01 3778594 ----a-w- c:\program files\bluejsetup-221.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"MPFEXE"="c:\program files\mcafee.com\personal firewall\MPFTray.exe" [2006-03-07 992808]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]

"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CACHEWEB.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CACHEWEB.lnk

backup=c:\windows\pss\CACHEWEB.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]

[X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-11-10 17:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

2007-02-06 15:20 478800 ----a-w- c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2005-12-15 15:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-11-01 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 13:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2006-04-11 02:21 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-06-01 22:19 136176 ----atw- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-10-15 01:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-10-15 01:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

2005-09-09 00:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2005-09-09 00:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

2006-03-07 20:05 992808 ----a-w- c:\program files\mcafee.com\personal firewall\MpfTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 10:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]

2006-06-09 16:47 47104 ----a-w- c:\windows\system32\ico.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2006-04-11 02:12 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-08-10 00:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-08-24 09:38 247144 ----a-w- c:\documents and settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\dlcccoms.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\David Colon-Smith\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=

"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6000:TCP"= 6000:TCP:test

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 0 (0x0)

.

R2 Cache_c-_intersystems_cache;Caché Controller for CACHEWEB;c:\intersystems\Cache\Bin\cservice.exe [8/18/2008 9:35 PM 73728]

R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008]

R3 CACHEWEBhttpd;Web Server for CACHEWEB;c:\intersystems\Cache\httpd\bin\httpd.exe [8/18/2008 9:35 PM 20541]

S1 MpKsl057b8bd2;MpKsl057b8bd2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl057b8bd2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl057b8bd2.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 6:19 PM 136176]

S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\cryptdlg32.exe --> c:\windows\system32\cryptdlg32.exe [?]

S2 HTTPFilter32;HTTP SSL ;c:\windows\system32\ATL7132.exe --> c:\windows\system32\ATL7132.exe [?]

S2 lanmanserver32;Server ;c:\windows\system32\POSTWPP32.exe --> c:\windows\system32\POSTWPP32.exe [?]

S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\rastls32.exe --> c:\windows\system32\rastls32.exe [?]

S2 RegSrvc32;RegSrvc ;c:\windows\system32\gcdef32.exe --> c:\windows\system32\gcdef32.exe [?]

S2 VSS32;Volume Shadow Copy ;c:\windows\system32\dlccutil(3)32.exe --> c:\windows\system32\dlccutil(3)32.exe [?]

S2 xmlprov32;Network Provisioning Service ;c:\windows\system32\TosSndAPI32.exe --> c:\windows\system32\TosSndAPI32.exe [?]

S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [9/19/2011 5:11 PM 58960]

S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [6/15/2007 8:59 PM 16194]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 6:19 PM 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/24/2012 4:46 PM 40776]

S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [6/3/2009 4:52 PM 120168]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*NewlyCreated* - WUAUSERV

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 22:19]

.

2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 22:19]

.

2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1705149355-52376669-1174297957-1006Core.job

- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 22:19]

.

2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1705149355-52376669-1174297957-1006UA.job

- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 22:19]

.

2012-08-18 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]

.

2012-09-30 c:\windows\Tasks\User_Feed_Synchronization-{4DBF9887-0447-4DA1-8377-9B6F318E27D7}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

2012-08-18 c:\windows\Tasks\XoftSpySE.job

- c:\program files\XoftSpySE\XoftSpy.exe [2007-03-07 23:58]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.1.1

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

Toolbar-Locked - (no file)

MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe

MSConfigStartUp-AOLSPScheduler - c:\program files\Common Files\AOL\1166243950\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1166243950\ee\AOLSoftware.exe

MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe

MSConfigStartUp-sscRun - c:\program files\Common Files\AOL\1166243950\ee\SSCRun.exe

AddRemove-West_Point_Bridge_Designer_2007 - c:\windows\iun6002.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-30 02:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MPFEXE = "c:\program files\mcafee.com\personal firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(772)

c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

- - - - - - - > 'explorer.exe'(3328)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\xpsp3res.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\altera\91sp2\quartus\bin\jtagserver.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\intersystems\cache\bin\cache.exe

c:\program files\mcafee.com\personal firewall\MPFService.exe

c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

c:\windows\system32\PSIService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\intersystems\cache\bin\cache.exe

c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe

c:\windows\stsystra.exe

c:\windows\system32\dlcccoms.exe

c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe

c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe

.

**************************************************************************

.

Completion time: 2012-09-30 02:22:47 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-30 06:22

ComboFix2.txt 2011-04-13 02:14

.

Pre-Run: 2,237,669,376 bytes free

Post-Run: 4,292,571,136 bytes free

.

- - End Of File - - D1EBF97A03A820C32D6B9BDF378725DE

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

When I pressed Start after making sure that the Remove found threats option and the Scan unwanted applications option were checked, it began trying to download the definitions, and it stopped, mentioning: "Can not get update. Is proxy configured?". Should I try to configure a proxy?

Link to post
Share on other sites

I retried (after refreshing my connection) and it returned the same error. I think the issue with ESET (and for why I can't update Malwarebytes) might be something I noticed two years ago, but could never find a way to fix. When I deactivated a firewall I had, a program that uses SSH connections worked fine, but when the firewall was active, it made the program through a "fatal error". I uninstalled the program that manages that firewall, but I think the settings on it are still active somehow. By chance, do you know any suggestions on how to undo effects like those?

Link to post
Share on other sites

Thanks for the advice, I was able to run it in Safe Mode with Networking. Below is teh log file:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=49153

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28d70e7ab708d94e92bb6a87df588e7c

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-10-02 02:50:25

# local_time=2012-10-01 10:50:25 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16774142 0 93 31153540 84731206 0 0

# compatibility_mode=5891 16776870 42 87 8926 45072727 0 0

# compatibility_mode=8192 67108863 100 0 9088 9088 0 0

# scanned=202201

# found=24

# cleaned=24

# scan_time=4769

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28d70e7ab708d94e92bb6a87df588e7c

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-10-02 05:04:46

# local_time=2012-10-02 01:04:46 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16774142 0 93 31161201 84738867 0 0

# compatibility_mode=5891 16776870 42 87 16587 45080388 0 0

# compatibility_mode=8192 67108863 100 0 16749 16749 0 0

# scanned=210462

# found=1

# cleaned=1

# scan_time=5168

C:\WINDOWS\system32\Improve Your PC.lnk LNK/URL.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

I ran a quick scan of Malwarebytes again and the infected key still shows up. Here is the log report below. Should I run ESET another time?

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.07.13

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

David :: DFG1FS91 [administrator]

10/3/2012 10:04:48 PM

mbam-log-2012-10-03 (22-33-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 280389

Time elapsed: 28 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.