Jump to content

Recommended Posts

Dear Experts

I can install any free version of MBam prior to 1.45 (not including 1.45). It will automatically update to 1.46 version 4052 but after that I get the above message. I am also running VIPRE Antivirus Premium on three other computers running Windows XP Service Pack 3, and it updates perfectly. My laptop is running Vista, and VIPRE Antivirus Premium with no problems updating the free version of Mbam. VIPRE deep scan and Mbam deep scan (with the version I do have) all come up clean.

I even uninstalled VIPRE to see if this was affecting Mbam, and it wasn't, as I would still get the same error when trying to update.

I have followed everyone's advise and now resorted to this option, as nothing thus far has worked.

FYI, the GMER scan took 12 hours! When I tried to save the report, my computer froze and I had to shut down, hence losing any information.

Also when running defogger, I do not get a message to reboot it just returned to the defogger disable/re-enable box. I did a manual reboot. The following is the report:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 07:29 on 23/06/2010 ©

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Therefore, I only have the DDS info for you and the zipped "Attach" file.

Thank you for any assistance you can offer.

DDS (Ver_10-03-17.01) - NTFSx86

Run by C at 7:41:31.60 on Wed 23/06/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2686 [GMT 3:00]

AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Sunbelt VIPRE *enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\astsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\C\Desktop\MBAM ASSIST\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

mStart Page = about:blank

uURLSearchHooks: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\c\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hueypr~1.lnk - c:\program files\pantone\hueypro\hueyPROTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240435192937

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

TCP: {ADE4CD74-2633-4DF8-B8B0-B2130F7A6A28} = 41.202.229.144 41.202.229.140

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: PFW - UmxWnp.Dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 60.12.193.37 auto.search.msn.com

Hosts: 60.12.193.37 auto.search.msn.es

Hosts: 60.12.193.37 ie.search.msn.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\c\applic~1\mozilla\firefox\profiles\bdlf5l2z.default\

FF - prefs.js: browser.search.selectedEngine - Google.com (in English)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ug/

FF - component: c:\documents and settings\c\application data\mozilla\firefox\profiles\bdlf5l2z.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]

R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-6-22 13400]

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-6-22 322904]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-6-22 204632]

R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-2-7 1872320]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]

R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-4-30 2730120]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-6-22 69720]

R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-4-30 181584]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-3-10 2789672]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-3-16 115312]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 14896]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-6-22 67800]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-3-10 15656]

S2 gupdate1ca60461afe0434;Google Update Service (gupdate1ca60461afe0434);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]

S2 UmxAgent;HIPS Event Manager; [x]

S2 UmxCfg;HIPS Configuration Interpreter; [x]

S2 UmxPol;HIPS Policy Manager; [x]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-27 1684736]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-6-22 86232]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-2-18 11520]

=============== Created Last 30 ================

2010-06-23 04:26:42 0 ----a-w- c:\documents and settings\c\defogger_reenable

2010-06-22 05:05:27 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2010-06-22 05:05:27 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2010-06-22 04:42:31 0 d-----w- c:\docume~1\c\applic~1\Sunbelt

2010-06-22 04:40:24 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys

2010-06-22 04:40:23 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys

2010-06-22 04:40:21 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys

2010-06-22 04:27:29 67800 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2010-06-22 04:22:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-22 04:22:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-22 04:22:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-20 18:23:17 0 d-----w- c:\windows\system32\wbem\Repository

2010-06-20 18:20:18 0 d-----w- c:\program files\DAMN NFO Viewer

2010-06-13 05:22:09 3245 ----a-w- c:\windows\system32\wbem\Outlook_01cb0ab85f48dee4.mof

2010-06-12 06:26:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 06:18:25 0 d-----w- c:\docume~1\c\applic~1\ElevatedDiagnostics

2010-06-06 17:00:43 399 ----a-w- c:\windows\lucispro.INI

2010-06-06 16:55:50 0 d-----w- c:\program files\Lucis Pro

2010-06-06 16:01:38 0 d-----w- c:\docume~1\c\applic~1\uTorrent

2010-05-30 11:38:13 18494 ----a-w- c:\windows\system32\FirewallConfig.xml

2010-05-30 11:38:13 1110 ----a-w- c:\windows\system32\ServiceConfig.xml

2010-05-30 11:38:13 0 d-----w- c:\windows\system32\Events

2010-05-29 12:12:25 0 d-----w- c:\program files\Secunia

2010-05-28 04:54:06 0 d-----w- c:\program files\Windows Desktop Search

2010-05-28 04:54:05 0 d-----w- c:\windows\system32\GroupPolicy

2010-05-28 04:53:13 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2010-05-28 04:53:13 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2010-05-28 04:53:13 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2010-05-28 04:53:02 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-05-27 05:19:17 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-05-27 04:58:01 0 d-----w- c:\docume~1\c\applic~1\HpUpdate

==================== Find3M ====================

2010-06-23 04:30:21 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-06-23 04:30:21 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-06-23 04:30:21 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-06-23 04:30:21 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-06-23 04:30:21 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-06-23 04:30:21 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-06-23 04:30:21 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-06-23 04:30:21 314326 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-05-30 11:43:31 143980 ----a-w- c:\windows\hpoins16.dat

2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2010-05-27 05:18:50 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-30 09:31:00 27984 ----a-w- c:\windows\system32\sbbd.exe

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-08 10:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 10:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2004-10-01 12:00:16 40960 ------w- c:\program files\Uninstall_CDS.exe

2010-02-05 17:51:55 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-04-24 03:48:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042420090425\index.dat

============= FINISH: 7:42:40.01 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes..

There is evidence of infection here, so let's address that first and see if your issue remains.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thank you screen317.

Please find below the Combofix log and following therafter the DDS log. Hope this can shed some light.

ComboFix 10-06-28.01 - C 29/06/2010 20:17:47.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2635 [GMT 3:00]

Running from: c:\documents and settings\C\Desktop\ComboFix.exe

AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Sunbelt VIPRE *disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

.

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))

.

2010-06-29 15:39 . 2010-06-29 15:39 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-22 05:05 . 2010-01-04 03:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2010-06-22 05:05 . 2010-01-04 03:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2010-06-22 04:42 . 2010-06-22 04:42 -------- d-----w- c:\documents and settings\C\Application Data\Sunbelt

2010-06-22 04:40 . 2010-04-28 12:12 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys

2010-06-22 04:40 . 2010-04-28 12:12 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys

2010-06-22 04:40 . 2010-04-28 12:12 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys

2010-06-22 04:27 . 2010-01-14 02:42 67800 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2010-06-22 04:22 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-22 04:22 . 2010-06-22 04:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-22 04:22 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-20 18:23 . 2010-06-20 18:23 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-20 18:20 . 2010-06-20 18:20 -------- d-----w- c:\program files\DAMN NFO Viewer

2010-06-13 15:46 . 2010-06-13 15:45 53632 ----a-w- c:\documents and settings\C\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-06-12 06:26 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 06:18 . 2010-06-09 06:18 -------- d-----w- c:\documents and settings\C\Application Data\ElevatedDiagnostics

2010-06-06 16:55 . 2010-06-06 16:55 -------- d-----w- c:\program files\Lucis Pro

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-29 16:26 . 2009-05-08 13:53 -------- d-----w- c:\program files\CCleaner

2010-06-29 16:24 . 2009-04-23 04:35 -------- d-----w- c:\documents and settings\C\Application Data\Skype

2010-06-29 16:20 . 2009-04-24 14:36 -------- d-----w- c:\documents and settings\C\Application Data\WTablet

2010-06-29 16:18 . 2009-03-10 14:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

2010-06-29 16:17 . 2009-04-22 19:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-06-29 16:17 . 2009-04-22 19:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-06-29 16:17 . 2009-04-22 19:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-06-29 16:17 . 2009-04-22 19:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-06-29 16:17 . 2009-04-22 19:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-06-29 16:17 . 2009-04-22 19:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-06-29 16:17 . 2009-04-22 19:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-06-29 16:17 . 2009-04-22 19:53 314326 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-06-29 16:12 . 2009-04-24 04:11 -------- d-----w- c:\documents and settings\C\Application Data\Apple Computer

2010-06-29 16:11 . 2009-04-10 17:51 -------- d-----w- c:\program files\iTunes

2010-06-29 16:10 . 2009-04-10 17:51 -------- d-----w- c:\program files\iPod

2010-06-29 16:05 . 2008-08-21 11:59 -------- d-----w- c:\program files\Bonjour

2010-06-29 15:06 . 2009-04-23 05:33 -------- d-----w- c:\documents and settings\C\Application Data\skypePM

2010-06-22 04:22 . 2010-05-20 17:50 -------- d-----w- c:\documents and settings\C\Application Data\Malwarebytes

2010-06-22 04:22 . 2010-05-20 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-20 18:20 . 2009-04-26 12:18 -------- d-----w- c:\program files\PhotomatixPro3

2010-06-15 03:44 . 2009-04-24 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-13 15:46 . 2009-07-26 11:25 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-06-09 16:39 . 2009-11-07 08:17 -------- d-----w- c:\program files\FocalBlade

2010-06-09 08:36 . 2010-05-27 04:58 -------- d-----w- c:\documents and settings\C\Application Data\HpUpdate

2010-06-06 16:55 . 2008-08-20 10:12 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-03 16:10 . 2009-05-08 11:20 -------- d-----w- c:\documents and settings\C\Application Data\Lucis

2010-06-02 16:48 . 2010-02-15 15:21 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2010-06-02 16:43 . 2010-02-17 21:16 -------- d-----w- c:\program files\VideoLAN

2010-06-02 16:00 . 2010-05-28 04:54 -------- d-----w- c:\program files\Windows Desktop Search

2010-06-01 15:56 . 2009-02-12 17:59 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-05-30 11:45 . 2008-08-21 13:58 -------- d-----w- c:\program files\Pantone

2010-05-30 11:43 . 2009-08-23 10:58 143980 ----a-w- c:\windows\hpoins16.dat

2010-05-29 12:25 . 2010-05-29 12:21 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2010-05-29 12:12 . 2010-05-29 12:12 -------- d-----w- c:\program files\Secunia

2010-05-28 11:04 . 2009-06-17 12:20 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2010-05-27 05:19 . 2010-05-27 05:19 503808 ----a-w- c:\documents and settings\C\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1473846f-n\msvcp71.dll

2010-05-27 05:19 . 2010-05-27 05:19 499712 ----a-w- c:\documents and settings\C\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1473846f-n\jmc.dll

2010-05-27 05:19 . 2010-05-27 05:19 348160 ----a-w- c:\documents and settings\C\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1473846f-n\msvcr71.dll

2010-05-27 05:19 . 2010-05-27 05:19 61440 ----a-w- c:\documents and settings\C\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-54efd0fa-n\decora-sse.dll

2010-05-27 05:19 . 2010-05-27 05:19 12800 ----a-w- c:\documents and settings\C\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-54efd0fa-n\decora-d3d.dll

2010-05-27 05:19 . 2008-08-21 08:30 -------- d-----w- c:\program files\Common Files\Java

2010-05-27 05:18 . 2010-04-24 11:17 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-27 05:18 . 2008-08-21 08:30 -------- d-----w- c:\program files\Java

2010-05-27 05:03 . 2009-10-03 10:42 -------- d-----w- c:\program files\BookSmart

2010-05-27 05:03 . 2009-06-26 17:14 -------- d-----w- c:\program files\RescuePRO

2010-05-27 04:04 . 2010-02-07 16:07 -------- d-----w- c:\program files\a-squared Free

2010-05-18 13:35 . 2010-05-18 13:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 13:35 . 2010-05-18 13:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-09 11:54 . 2008-08-21 09:26 -------- d-----w- c:\program files\Google

2010-05-08 05:03 . 2009-04-24 17:25 -------- d-----w- c:\program files\Lavasoft

2010-05-08 05:02 . 2009-04-24 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 11:14 . 2010-05-02 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt

2010-05-02 11:12 . 2010-05-02 11:12 -------- d-----w- c:\program files\Sunbelt Software

2010-05-02 10:49 . 2010-02-06 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-30 09:31 . 2010-04-30 09:31 27984 ----a-w- c:\windows\system32\sbbd.exe

2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-11 06:10 . 2010-04-11 06:10 53088 ------w- c:\windows\system32\drivers\pxrts.sys

2010-04-11 06:10 . 2010-04-11 06:10 30280 ------w- c:\windows\system32\drivers\pxscan.sys

2010-04-11 06:10 . 2010-04-11 06:10 24368 ------w- c:\windows\system32\drivers\pxkbf.sys

2004-10-01 12:00 . 2008-08-21 11:15 40960 ------w- c:\program files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-04-30 1291600]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\C\Start Menu\Programs\Startup\

Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-5-28 911920]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2010-5-30 1081344]

TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-8-21 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]

2007-05-18 11:30 79368 ------w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ------w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ------w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2009-03-11 10:54 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-10-03 08:35 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-10-03 08:37 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 13:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

2010-03-18 18:19 557056 ------w- c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 13:44 3883856 ------w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 18:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-02 17:24 32768 ------w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2006-11-05 08:22 221184 ------w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [19/03/2008 11:56 AM 93712]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [21/03/2008 4:00 PM 63504]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [21/03/2008 4:00 PM 45584]

R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [19/03/2008 11:56 AM 115216]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [22/06/2010 8:05 AM 13400]

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [22/06/2010 7:40 AM 322904]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [13/10/2009 9:02 AM 95024]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [22/06/2010 7:40 AM 204632]

R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [7/02/2010 7:07 PM 1872320]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [4/06/2008 12:27 PM 134648]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [21/03/2008 4:00 PM 66576]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [22/06/2010 8:05 AM 69720]

R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [30/04/2010 12:30 PM 181584]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [10/03/2009 5:12 PM 2789672]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [16/03/2010 7:31 PM 115312]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [30/05/2008 4:56 PM 88816]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 3:20 PM 14896]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [22/06/2010 7:27 AM 67800]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [10/03/2009 6:54 PM 15656]

S2 gupdate1ca60461afe0434;Google Update Service (gupdate1ca60461afe0434);c:\program files\Google\Update\GoogleUpdate.exe [12/02/2009 7:25 PM 133104]

S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [30/04/2010 12:31 PM 2730120]

S2 UmxAgent;HIPS Event Manager; [x]

S2 UmxCfg;HIPS Configuration Interpreter; [x]

S2 UmxPol;HIPS Policy Manager; [x]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27/03/2010 8:03 AM 1684736]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 AM 11336]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [22/06/2010 7:40 AM 86232]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [18/02/2010 6:55 PM 11520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 16:24]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 16:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = about:blank

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: {ADE4CD74-2633-4DF8-B8B0-B2130F7A6A28} = 41.202.229.144 41.202.229.140

FF - ProfilePath - c:\documents and settings\C\Application Data\Mozilla\Firefox\Profiles\bdlf5l2z.default\

FF - prefs.js: browser.search.selectedEngine - Google.com (in English)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ug/

FF - component: c:\documents and settings\C\Application Data\Mozilla\Firefox\Profiles\bdlf5l2z.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-29 20:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)

c:\windows\system32\UmxWnp.Dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3784)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Completion time: 2010-06-29 20:26:14

ComboFix-quarantined-files.txt 2010-06-29 17:26

ComboFix2.txt 2010-06-29 16:40

Pre-Run: 34,828,304,384 bytes free

Post-Run: 34,801,848,320 bytes free

- - End Of File - - 18B56BAC1F34B4586AA6251828EFFA4C

DDS log

DDS (Ver_10-03-17.01) - NTFSx86

Run by C at 20:27:29.78 on Tue 29/06/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2608 [GMT 3:00]

AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Sunbelt VIPRE *disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\astsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\C\Desktop\MBAM ASSIST\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

mStart Page = about:blank

uURLSearchHooks: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\c\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hueypr~1.lnk - c:\program files\pantone\hueypro\hueyPROTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240435192937

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

TCP: {ADE4CD74-2633-4DF8-B8B0-B2130F7A6A28} = 41.202.229.144 41.202.229.140

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: PFW - UmxWnp.Dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\c\applic~1\mozilla\firefox\profiles\bdlf5l2z.default\

FF - prefs.js: browser.search.selectedEngine - Google.com (in English)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ug/

FF - component: c:\documents and settings\c\application data\mozilla\firefox\profiles\bdlf5l2z.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]

R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-6-22 13400]

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-6-22 322904]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-6-22 204632]

R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-2-7 1872320]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-6-22 69720]

R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-4-30 181584]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-3-10 2789672]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-3-16 115312]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 14896]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-6-22 67800]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-3-10 15656]

S2 gupdate1ca60461afe0434;Google Update Service (gupdate1ca60461afe0434);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]

S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-4-30 2730120]

S2 UmxAgent;HIPS Event Manager; [x]

S2 UmxCfg;HIPS Configuration Interpreter; [x]

S2 UmxPol;HIPS Policy Manager; [x]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-27 1684736]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-6-22 86232]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-2-18 11520]

=============== Created Last 30 ================

2010-06-29 16:28:13 98816 ----a-w- c:\windows\sed.exe

2010-06-29 16:28:13 77312 ----a-w- c:\windows\MBR.exe

2010-06-29 16:28:13 256512 ----a-w- c:\windows\PEV.exe

2010-06-29 16:28:13 161792 ----a-w- c:\windows\SWREG.exe

2010-06-23 04:26:42 0 ----a-w- c:\documents and settings\c\defogger_reenable

2010-06-22 05:05:27 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2010-06-22 05:05:27 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2010-06-22 04:42:31 0 d-----w- c:\docume~1\c\applic~1\Sunbelt

2010-06-22 04:40:24 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys

2010-06-22 04:40:23 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys

2010-06-22 04:40:21 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys

2010-06-22 04:27:29 67800 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2010-06-22 04:22:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-22 04:22:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-22 04:22:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-20 18:23:17 0 d-----w- c:\windows\system32\wbem\Repository

2010-06-20 18:20:18 0 d-----w- c:\program files\DAMN NFO Viewer

2010-06-13 05:22:09 3245 ----a-w- c:\windows\system32\wbem\Outlook_01cb0ab85f48dee4.mof

2010-06-12 06:26:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 06:18:25 0 d-----w- c:\docume~1\c\applic~1\ElevatedDiagnostics

2010-06-06 17:00:43 399 ----a-w- c:\windows\lucispro.INI

2010-06-06 16:55:50 0 d-----w- c:\program files\Lucis Pro

==================== Find3M ====================

2010-06-29 16:17:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-06-29 16:17:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-06-29 16:17:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-06-29 16:17:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-06-29 16:17:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-06-29 16:17:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-06-29 16:17:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-06-29 16:17:00 314326 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-05-30 11:43:31 143980 ----a-w- c:\windows\hpoins16.dat

2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2010-05-27 05:18:50 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-18 13:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 13:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-30 09:31:00 27984 ----a-w- c:\windows\system32\sbbd.exe

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2004-10-01 12:00:16 40960 ------w- c:\program files\Uninstall_CDS.exe

2010-02-05 17:51:55 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-04-24 03:48:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042420090425\index.dat

============= FINISH: 20:27:45.59 ===============

Link to post
Share on other sites

I'm so sorry: Here is the DDS log with the attach.txt attached. Thank you.

DDS (Ver_10-03-17.01) - NTFSx86

Run by C at 17:42:16.51 on Wed 30/06/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2700 [GMT 3:00]

AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Sunbelt VIPRE *disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\astsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Documents and Settings\C\Desktop\MBAM ASSIST\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

mStart Page = about:blank

uURLSearchHooks: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [sBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\c\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hueypr~1.lnk - c:\program files\pantone\hueypro\hueyPROTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240435192937

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

TCP: {ADE4CD74-2633-4DF8-B8B0-B2130F7A6A28} = 41.202.229.144 41.202.229.140

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: PFW - UmxWnp.Dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\c\applic~1\mozilla\firefox\profiles\bdlf5l2z.default\

FF - prefs.js: browser.search.selectedEngine - Google.com (in English)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ug/

FF - component: c:\documents and settings\c\application data\mozilla\firefox\profiles\bdlf5l2z.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]

R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]

R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-6-22 13400]

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-6-22 322904]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-6-22 204632]

R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-2-7 1872320]

R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]

R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-6-22 69720]

R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-4-30 181584]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-3-10 2789672]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-3-16 115312]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 14896]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-6-22 67800]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-3-10 15656]

S2 gupdate1ca60461afe0434;Google Update Service (gupdate1ca60461afe0434);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]

S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-4-30 2730120]

S2 UmxAgent;HIPS Event Manager; [x]

S2 UmxCfg;HIPS Configuration Interpreter; [x]

S2 UmxPol;HIPS Policy Manager; [x]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-27 1684736]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-6-22 86232]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-2-18 11520]

=============== Created Last 30 ================

2010-06-29 16:28:13 98816 ----a-w- c:\windows\sed.exe

2010-06-29 16:28:13 77312 ----a-w- c:\windows\MBR.exe

2010-06-29 16:28:13 256512 ----a-w- c:\windows\PEV.exe

2010-06-29 16:28:13 161792 ----a-w- c:\windows\SWREG.exe

2010-06-23 04:26:42 0 ----a-w- c:\documents and settings\c\defogger_reenable

2010-06-22 05:05:27 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2010-06-22 05:05:27 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2010-06-22 04:42:31 0 d-----w- c:\docume~1\c\applic~1\Sunbelt

2010-06-22 04:40:24 86232 ----a-w- c:\windows\system32\drivers\sbhips.sys

2010-06-22 04:40:23 204632 ----a-w- c:\windows\system32\drivers\sbtis.sys

2010-06-22 04:40:21 322904 ----a-w- c:\windows\system32\drivers\SbFw.sys

2010-06-22 04:27:29 67800 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2010-06-22 04:22:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-22 04:22:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-22 04:22:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-20 18:23:17 0 d-----w- c:\windows\system32\wbem\Repository

2010-06-20 18:20:18 0 d-----w- c:\program files\DAMN NFO Viewer

2010-06-13 05:22:09 3245 ----a-w- c:\windows\system32\wbem\Outlook_01cb0ab85f48dee4.mof

2010-06-12 06:26:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-09 06:18:25 0 d-----w- c:\docume~1\c\applic~1\ElevatedDiagnostics

2010-06-06 17:00:43 399 ----a-w- c:\windows\lucispro.INI

2010-06-06 16:55:50 0 d-----w- c:\program files\Lucis Pro

==================== Find3M ====================

2010-06-30 05:20:18 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7

2010-06-30 05:20:18 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6

2010-06-30 05:20:18 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5

2010-06-30 05:20:18 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4

2010-06-30 05:20:18 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3

2010-06-30 05:20:18 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2

2010-06-30 05:20:18 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1

2010-06-30 05:20:18 314326 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0

2010-05-30 11:43:31 143980 ----a-w- c:\windows\hpoins16.dat

2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2010-05-27 05:18:50 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-18 13:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 13:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-30 09:31:00 27984 ----a-w- c:\windows\system32\sbbd.exe

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2004-10-01 12:00:16 40960 ------w- c:\program files\Uninstall_CDS.exe

2010-02-05 17:51:55 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-04-24 03:48:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042420090425\index.dat

============= FINISH: 17:42:43.60 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

This is most likely being caused by interference by your other security software.

Please reboot to Safe Mode With Networking (tap the F8 key just before Windows starts to load and select the Safe Mode With Networking option from the menu).

See if MBAM will update and run from there.

Link to post
Share on other sites

Hi - thanks for your time. Unfortunately when running in Safe Mode Networking my computer fails to detect my modem, which is a USB dongle. So, I can't try to do what you have suggested. I only started to experience these problems a couple of months back, so something in my system has changed. I will wait to see what happens when a new version of MBAM is released. If not, this might be a sign that I need to do some spring cleaning on my computer and I will have to reformat it. If you have any other ideas though, I would be very happy to hear them. Again, thank you for your time. Clare5858 PS: At least I don't seem to have an infection, which is a good thing.

Link to post
Share on other sites

Hi - thanks for the suggestion. I did this before I actually posted to confirm that it wasn't my virus software. Even with it uninstalled, MBAM still failed to update 1.46 and gave the same message. Maybe this is just one of those problems without an answer! As I said, I will wait until MBAM brings out their next version to see what happens, as I would actually like to purchase a full copy. Thanks again for your help.

Link to post
Share on other sites

  • Staff

Hi,

Is Vipre the only security software you have installed? If so, reinstall it, then add this website to its exclusion/trusted sites list:

data-cdn.mbamupdates.com

It may have been blocked previously and the setting may have been stored elsewhere when it was uninstalled.

After that, restart your computer and see if the issue persists.

-screen317

Link to post
Share on other sites

Hi - not sure what happened to my post of yesterday. It seems to have disappeared. Was logging in to tell you that I had taken my computer to work to try it out with a wireless LAN card, in case it was my USB dongle causing problems. It still wouldn't update even when using wireless, so I logged in in safe mode with networking and it did update! Anyway, it was this info I was going to tell you when I saw your post about the exclusion to VIPRE. Without uninstalling VIPRE I added the exclusion and it WORKED! Mbam updated and is updating without a hitch. So thank you, thank you, thank you for not giving up on me. I find it very strange that even with the two computers at work also running XP and VIPRE the free version of Mbam works perfectly. Guess, just like humans, our computers have quirks too! Once again thank you for your kind help. Clare

Link to post
Share on other sites

  • Staff

Hi Clare,

Hooray. :)

Glad to hear MBAM updates fine now.

Guess, just like humans, our computers have quirks too!
Guess so; keep in mind that even if computers are running the same software, they are created differently with different hardware components..

Anything else I can help you with?

Link to post
Share on other sites

Hi Chris - thank you, but no, nothing further you can assist me with. You have been a great help thus far. Love it when one can solve problems!

However, please send out some positive vibes to the people of Uganda - I live in Kampala, Uganda and you may or may not know we have just had a spate of bombings which have been terrifying for all of us. Fortunately my husband stayed home the night of the World Cup (only because he has the flu!). The restaurant that was hit is just down the road from us and the rugby club is also a place we have frequented. Guess we just aren't safe anywhere anymore! We're all pretty scared, especially as they say now that they are targetting foreigners. We've lived here 11 years and apart from the odd riot or two, this is the worst thing that I can recall happening. All the best. Clare

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.