TechSpot

Malwarebytes blocking incomming IP

Inactive
By Michael Best
Sep 3, 2012
  1. Michael Best

    Michael Best TS Rookie Topic Starter Posts: 23

    OTL logfile created on: 9/4/2012 11:11:12 PM - Run 2
    OTL by OldTimer - Version 3.2.61.0 Folder = E:\installers\fixer
    Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 7.22 Gb Available Physical Memory | 90.30% Memory free
    9.31 Gb Paging File | 8.67 Gb Available in Paging File | 93.15% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = E:\Program Files
    Drive C: | 19.99 Gb Total Space | 8.43 Gb Free Space | 42.15% Space Free | Partition Type: NTFS
    Drive E: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
    Drive G: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
    Drive P: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
    Drive S: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
    Drive T: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
    Drive Y: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
    Drive Z: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS

    Computer Name: ECT05 | User Name: mikebest66 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/04 20:24:59 | 000,599,040 | ---- | M] (OldTimer Tools) -- E:\installers\fixer\OTL.exe
    PRC - [2012/07/12 22:11:18 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- E:\program files\LogMeIn\x86\ramaint.exe
    PRC - [2012/07/12 22:10:08 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- E:\program files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- E:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- E:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/10/24 09:40:10 | 000,814,264 | ---- | M] (ESET) -- E:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
    PRC - [2011/10/24 09:40:04 | 002,219,184 | ---- | M] (ESET) -- E:\program files\ESET\ESET NOD32 Antivirus\egui.exe
    PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- E:\program files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- E:\program files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2009/02/16 07:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
    PRC - [2008/04/07 19:09:00 | 000,122,880 | ---- | M] () -- E:\ICVERIFY\ICWin403\Jcard\JCardService.exe
    PRC - [2008/01/10 09:28:10 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- E:\ICVERIFY\ICWin403\jre1.6.0\bin\javaw.exe
    PRC - [2007/11/06 20:40:54 | 000,815,104 | ---- | M] (Intuit Inc.) -- E:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2007/02/17 03:55:16 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
    PRC - [2007/02/17 03:31:58 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lserver.exe
    PRC - [2007/02/17 02:58:36 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/10/19 17:31:02 | 000,102,400 | ---- | M] (SHARP CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SH0XRCV.exe
    PRC - [2000/03/13 03:56:26 | 000,405,504 | ---- | M] (Corel Corporation) -- E:\program files\Corel\Paradox 9 Runtime\Programs\PDXRWN32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
    MOD - [2009/07/30 21:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2008/04/07 19:09:00 | 000,122,880 | ---- | M] () -- E:\ICVERIFY\ICWin403\Jcard\JCardService.exe
    MOD - [2008/03/21 14:56:54 | 000,166,912 | ---- | M] () -- C:\WINDOWS\system32\HylaPrintMon.dll
    MOD - [2005/06/03 01:39:32 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
    MOD - [2000/03/13 03:51:54 | 000,364,544 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\PRVIEW32.dll
    MOD - [2000/03/13 03:51:50 | 000,765,952 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\PXRSRV32.dll
    MOD - [2000/03/13 03:48:14 | 000,081,920 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\PXRFVW32.dll
    MOD - [2000/03/13 03:47:38 | 000,225,280 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\PXRTRN32.dll
    MOD - [2000/03/13 03:18:08 | 000,049,152 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\SrvMFC.dll
    MOD - [2000/03/13 02:58:12 | 000,045,056 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\pxcoed32.dll
    MOD - [1999/06/14 01:46:14 | 000,360,448 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\pxchrt32.dll
    MOD - [1999/01/04 10:45:34 | 000,118,784 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\Pdeldr.dll
    MOD - [1998/10/10 04:01:00 | 000,589,312 | ---- | M] () -- E:\program files\Borland\Common Files\Bde\idapi32.dll
    MOD - [1998/10/10 04:01:00 | 000,255,488 | ---- | M] () -- E:\program files\Borland\Common Files\Bde\idpdx32.dll
    MOD - [1998/10/10 04:01:00 | 000,116,736 | ---- | M] () -- E:\program files\Borland\Common Files\Bde\idr20009.dll
    MOD - [1998/10/10 04:01:00 | 000,101,376 | ---- | M] () -- E:\program files\Borland\Common Files\Bde\bantam.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2012/08/26 13:56:49 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/12 22:11:18 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- E:\program files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2012/07/12 22:10:08 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- E:\program files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\program files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/10/24 09:40:44 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- E:\program files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2011/10/24 09:40:10 | 000,814,264 | ---- | M] (ESET) [Auto | Running] -- E:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- E:\program files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2009/02/16 07:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
    SRV - [2008/05/05 21:08:38 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- E:\ICVERIFY\ICWin403\PCVXWinServiceManager.exe -- (icvmlt32)
    SRV - [2008/04/07 19:09:00 | 000,122,880 | ---- | M] () [Auto | Running] -- E:\ICVERIFY\ICWin403\Jcard\JCardService.exe -- (JCard Service)
    SRV - [2007/02/18 00:30:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
    SRV - [2007/02/17 04:07:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
    SRV - [2007/02/17 03:55:56 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
    SRV - [2007/02/17 03:41:50 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
    SRV - [2007/02/17 03:31:58 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lserver.exe -- (TermServLicensing)
    SRV - [2007/02/17 03:20:52 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
    SRV - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
    SRV - [2007/02/17 03:19:28 | 000,216,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2007/02/17 02:50:02 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
    SRV - [2005/06/03 01:39:42 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
    SRV - [2005/06/03 01:39:32 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/07/12 22:10:09 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/10/24 09:40:20 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
    DRV - [2011/10/24 09:40:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2011/10/24 09:39:24 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
    DRV - [2010/06/16 08:41:38 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
    DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- E:\program files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2007/02/17 04:09:26 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
    DRV - [2007/02/17 03:57:50 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
    DRV - [2007/02/17 02:49:38 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
    DRV - [2007/02/17 02:31:14 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
    DRV - [2005/03/24 19:25:38 | 000,049,664 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 2D AA A2 3B 89 CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/08/26 09:17:40 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/09/04 22:59:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O4 - HKLM..\Run: [egui] E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4 - HKLM..\Run: [LogMeIn GUI] E:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [netconnect] c:\netconnect.cmd ()
    O4 - HKLM..\Run: [SH0XRCV] C:\WINDOWS\system32\spool\drivers\w32x86\3\SH0XRCV.exe (SHARP CORPORATION)
    O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = E:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271125018593 (WUWebControl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36969B39-EF0F-4C74-B318-82CF7A0F3246}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40BBC676-D5F9-42C5-A1C8-7A13A759AEEE}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C78A131-2BDD-4379-A42B-6591861F9B06}: DhcpNameServer = 216.134.212.107
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/04/12 20:34:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/04 23:13:38 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/09/03 22:50:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\mikebest66.ECT01\Desktop\RK_Quarantine
    [2012/08/26 09:17:39 | 000,000,000 | ---D | C] -- E:\Program Files\ESET
    [2012/08/26 09:17:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\ESET
    [2012/08/26 09:17:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\ESET
    [2012/08/08 16:20:58 | 000,000,000 | -HSD | C] -- E:\Documents and Settings\mikebest66.ECT01\IECompatCache
    [2012/08/08 10:24:03 | 000,000,000 | ---D | C] -- E:\Program Files\NirSoft

    ========== Files - Modified Within 30 Days ==========

    [2012/09/04 23:13:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/09/04 23:12:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2313297223-338309279-785217241-1025UA.job
    [2012/09/04 23:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/09/04 23:04:08 | 000,543,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/09/04 23:04:08 | 000,103,228 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/09/04 23:02:09 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\mikebest66.ECT01\null
    [2012/09/04 23:02:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/04 23:00:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/04 22:59:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/09/04 22:41:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/09/04 21:34:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2313297223-338309279-785217241-1010UA.job
    [2012/09/04 12:26:54 | 000,002,473 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Microsoft Office Excel 2007.lnk
    [2012/09/04 11:18:43 | 000,002,515 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
    [2012/09/04 08:34:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2313297223-338309279-785217241-1010Core.job
    [2012/09/04 04:12:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2313297223-338309279-785217241-1025Core.job
    [2012/09/04 00:00:00 | 000,000,824 | ---- | M] () -- C:\WINDOWS\tasks\Daily Backup Incremental 2.job
    [2012/09/03 23:51:47 | 000,000,512 | ---- | M] () -- E:\Documents and Settings\mikebest66.ECT01\Desktop\MBR.dat
    [2012/09/03 23:03:55 | 000,001,065 | ---- | M] () -- E:\Documents and Settings\mikebest66.ECT01\Desktop\Continue Download Manager Installation.lnk
    [2012/09/03 22:59:44 | 130,692,136 | ---- | M] () -- E:\Documents and Settings\mikebest66.ECT01\My Documents\backup.reg
    [2012/09/02 00:01:00 | 000,000,856 | ---- | M] () -- C:\WINDOWS\tasks\Weekly Backup.job
    [2012/08/30 09:21:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/08/21 09:13:58 | 000,001,512 | ---- | M] () -- E:\Documents and Settings\mikebest66.ECT01\Desktop\Computer Management.lnk
    [2012/08/17 10:41:06 | 000,001,738 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2012/08/15 00:15:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\Monthly Backup.job

    ========== Files Created - No Company Name ==========

    [2012/09/03 23:51:47 | 000,000,512 | ---- | C] () -- E:\Documents and Settings\mikebest66.ECT01\Desktop\MBR.dat
    [2012/09/03 23:03:55 | 000,001,065 | ---- | C] () -- E:\Documents and Settings\mikebest66.ECT01\Desktop\Continue Download Manager Installation.lnk
    [2012/09/03 22:59:30 | 130,692,136 | ---- | C] () -- E:\Documents and Settings\mikebest66.ECT01\My Documents\backup.reg
    [2012/08/17 10:41:06 | 000,002,181 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2012/08/17 10:41:06 | 000,001,738 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2012/05/14 17:38:10 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\mikebest66.ECT01\null
    [2010/06/21 14:57:47 | 000,000,434 | RHS- | C] () -- E:\Documents and Settings\All Users\ntuser.pol

    ========== LOP Check ==========

    [2012/05/17 12:29:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\AppAssure
    [2012/08/26 09:17:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ESET
    [2012/09/04 08:44:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\LogMeIn
    [2011/04/01 08:02:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Trusteer
    [2012/09/04 00:00:00 | 000,000,824 | ---- | M] () -- C:\WINDOWS\Tasks\Daily Backup Incremental 2.job
    [2012/08/15 00:15:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\Tasks\Monthly Backup.job
    [2012/09/04 22:56:19 | 000,032,444 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
    [2012/09/02 00:01:00 | 000,000,856 | ---- | M] () -- C:\WINDOWS\Tasks\Weekly Backup.job

    ========== Purity Check ==========


    < End of report >
     
  2. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Good news :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  3. Michael Best

    Michael Best TS Rookie Topic Starter Posts: 23

    Results of screen317's Security Check version 0.99.50
    Service Pack 2 x86
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Please wait while WMIC is being installed.
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Adobe Reader X (10.1.4)
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 2%
    ````````````````````End of Log``````````````````````
     
  4. Michael Best

    Michael Best TS Rookie Topic Starter Posts: 23

    Farbar Service Scanner Version: 06-08-2012
    Ran by mikebest66 (administrator) on 04-09-2012 at 23:28:10
    Running from "E:\installers\fixer"
    Microsoft(R) Windows(R) Server 2003, Enterprise Edition Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Nsi Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
    nsiproxy Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open nsiproxy registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open nsiproxy registry key. The service key does not exist.
    tdx Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open mpsdrv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open mpsdrv registry key. The service key does not exist.
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
    System Restore Disabled Policy:
    ========================
    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Other Services:
    ==============
    File Check:
    ========
    ATTENTION!=====> C:\WINDOWS\system32\nsisvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
    ATTENTION!=====> C:\WINDOWS\system32\Drivers\nsiproxy.sys FILE IS MISSING AND SHOULD BE RESTORED.
    C:\WINDOWS\system32\Drivers\afd.sys
    [2005-03-24 18:55] - [2011-02-10 09:44] - 0150528 ____A (Microsoft Corporation) 336D51E35C5737809449128F421431A1
    ATTENTION!=====> C:\WINDOWS\system32\Drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED.
    C:\WINDOWS\system32\Drivers\tcpip.sys
    [2005-03-24 19:25] - [2009-08-15 05:57] - 0393216 ____A (Microsoft Corporation) 238DC2B879D1B37B91F8D5D44F3815D3
    C:\WINDOWS\system32\dnsrslvr.dll
    [2009-04-20 14:38] - [2009-04-20 14:38] - 0045568 ____A (Microsoft Corporation) E927F3B46F85D934C8F420FE08593D1B
    ATTENTION!=====> C:\WINDOWS\system32\mpssvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
    ATTENTION!=====> C:\WINDOWS\system32\bfe.dll FILE IS MISSING AND SHOULD BE RESTORED.
    ATTENTION!=====> C:\WINDOWS\system32\Drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED.
    ATTENTION!=====> C:\WINDOWS\system32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED.
    C:\WINDOWS\system32\vssvc.exe
    [2012-05-17 12:29] - [2007-08-31 10:38] - 0837120 ____A (Microsoft Corporation) C10C5C9E1D24614393106722F6388C24
    ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2010-04-12 21:59] - [2007-02-17 04:09] - 0143360 ____A (Microsoft Corporation) F8D5B9C1A26C933B9EA7740BAB35BCF5
    C:\WINDOWS\system32\wuaueng.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll
    [2010-04-12 20:33] - [2007-02-17 03:55] - 0380928 ____A (Microsoft Corporation) 9D7A318B2C7AE51E9D5374F8EEDE856C
    C:\WINDOWS\system32\es.dll
    [2008-04-29 17:33] - [2008-04-29 17:33] - 0247296 ____A (Microsoft Corporation) C17C56E91045E14DF45D62DD89AED50C
    C:\WINDOWS\system32\cryptsvc.dll
    [2010-04-12 21:59] - [2007-02-17 02:35] - 0056320 ____A (Microsoft Corporation) FEB85DA744DD3F41A427CF6D2BC04FE4
    ATTENTION!=====> E:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
    C:\WINDOWS\system32\svchost.exe
    [2010-04-12 21:59] - [2007-02-17 04:04] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682
    C:\WINDOWS\system32\rpcss.dll
    [2010-04-12 22:37] - [2009-02-09 07:02] - 0486912 ____A (Microsoft Corporation) 305A8757D66B5D416B47C497C27A01FE
    **** End of log ****
     
  5. Michael Best

    Michael Best TS Rookie Topic Starter Posts: 23

    # AdwCleaner v2.000 - Logfile created 09/04/2012 at 23:30:43
    # Updated 30/08/2012 by Xplode
    # Operating system : Microsoft Windows Server 2003 Service Pack 2 (32 bits)
    # User : mikebest66 - ECT05
    # Boot Mode : Normal
    # Running from : E:\Documents and Settings\mikebest66.ECT01\Local Settings\Temporary Internet Files\Content.IE5\LQ3QP6TS\adwcleaner[1].exe
    # Option [Search]
    ***** [Services] *****
    ***** [Files / Folders] *****
    ***** [Registry] *****
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    [OK] Registry is clean.
    *************************
    AdwCleaner[R1].txt - [608 octets] - [04/09/2012 23:30:43]
    ########## EOF - E:\AdwCleaner[R1].txt - [667 octets] ##########
     
  6. Michael Best

    Michael Best TS Rookie Topic Starter Posts: 23

    Might have celebrated too soon.
    2012/09/05 00:00:29 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 00:00:29 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 07:36:58 -0400ECT05(null)MESSAGEExecuting scheduled update: Daily
    2012/09/05 07:37:09 -0400ECT05(null)MESSAGEScheduled update executed successfully: database updated from version v2012.09.04.05 to version v2012.09.05.05
    2012/09/05 07:37:09 -0400ECT05(null)MESSAGEStarting database refresh
    2012/09/05 07:37:21 -0400ECT05(null)MESSAGEDatabase refreshed successfully
    2012/09/05 08:15:55 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 08:15:55 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 08:20:22 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 08:20:22 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 08:45:22 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 08:45:22 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 08:50:01 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 08:50:01 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 08:59:32 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 08:59:32 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 09:02:23 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 09:02:23 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 09:14:19 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 09:14:19 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 09:19:29 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 09:19:29 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 09:35:11 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 09:35:11 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 10:19:14 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 10:19:14 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 16:41:28 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 16:41:28 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
    2012/09/05 17:21:11 -0400ECT05(null)MESSAGEStarting IP protection
    2012/09/05 17:21:11 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
     
  7. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    I'd like to see F-Secure log.
     
  8. Michael Best

    Michael Best TS Rookie Topic Starter Posts: 23


    Scanning Report

    Thursday, September 6, 2012 07:14:15 - 07:18:41

    Computer name: ECT05
    Scanning type: Quick scan
    Target: System
    12 malware found

    TrackingCookie.2o7 (spyware)
    • System (Disinfected)
    TrackingCookie.Advertising (spyware)
    • System (Disinfected)
    TrackingCookie.Atdmt (spyware)
    • System (Disinfected)
    TrackingCookie.Doubleclick (spyware)
    • System (Disinfected)
    TrackingCookie.Revsci (spyware)
    • System (Disinfected)
    TrackingCookie.WebTrendsLive (spyware)
    • System (Disinfected)
    TrackingCookie.Fastclick (spyware)
    • System (Disinfected)
    TrackingCookie.Adbrite (spyware)
    • System (Disinfected)
    TrackingCookie.Webtrends (spyware)
    • System (Disinfected)
    TrackingCookie.Mediaplex (spyware)
    • System (Disinfected)
    TrackingCookie.Liveperson (spyware)
    • System (Disinfected)
    TrackingCookie.Yieldmanager (spyware)
    • System (Disinfected)
    Statistics

    Scanned:
    • Files: 3872
    • System: 3872
    • Not scanned: 0
    Actions:
    • Disinfected: 12
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0
    Options

    Scanning engines:
     
  9. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Please click HERE to download Kaspersky Virus Removal Tool.

    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop (be patient; it may take a while).
    • Accept license agreement and click "Start" button.
    • Click on Settings button [​IMG]
      • In Scan scope leave pre-checked items as they're and also checkmark My Computer
      • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
    • Click on Automatic Scan tab and then click on Start scanning button.
    • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
    • When the scan is done NO log will be produced.
    • Click on Report button [​IMG] then on Automatic Scan report tab.
    • Right click anywhere within right pane, click Select All then right click again and click Copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
     
  10. Michael Best

    Michael Best TS Rookie Topic Starter Posts: 23

    I had trouble clicking and highlighting the report. I think I dbl clicked it and it selected or opened everything it scanned. Then when I tried to select all it locked up. I ended up restarting the server. It did find and remove 12 items. Before the restart I checked the Malwarebytes logs and saw huge log files still being created. After the restart and no more logs and no error messages from Malwarebytes.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Update me in a day or so.
     
     
  12. Michael Best

    Michael Best TS Rookie Topic Starter Posts: 23

    Re-ran Kaspersky due to the ip-blocks started up again.
    Here are the items it found. It did not automatically delete or clean. I had to click on the "Detected Threats" to get this report.
    Status: Detected (events: 10)
    9/8/2012 10:35:42 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\ICVERIFY\data1.cab//iKernel.exe High
    9/8/2012 10:36:01 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\ICVERIFY\data1.hdr//iKernel.exe High
    9/8/2012 10:36:18 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\ICVERIFY\data2.cab//iKernel.exe High
    9/8/2012 10:37:15 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\User Manager\data1.cab//iKernel.exe High
    9/8/2012 10:37:16 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\User Manager\data1.hdr//iKernel.exe High
    9/8/2012 10:37:16 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\User Manager\data2.cab//iKernel.exe High
    9/8/2012 10:39:54 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\program files\InstallShield Installation Information\{6C5E8393-68D6-4FAF-96DF-A2B4D3A8BF0B}\data1.cab//iKernel.exe High
    9/8/2012 10:39:55 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\program files\InstallShield Installation Information\{AA53316F-C568-4069-9EFC-CA3D39E418A6}\data1.cab//iKernel.exe High
    9/8/2012 10:41:48 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\program files\InstallShield Installation Information\{6C5E8393-68D6-4FAF-96DF-A2B4D3A8BF0B}\data1.hdr//iKernel.exe High
    9/8/2012 10:41:50 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\program files\InstallShield Installation Information\{AA53316F-C568-4069-9EFC-CA3D39E418A6}\data1.hdr//iKernel.exe High
    IC Verify is the program we use to process credit cards. This is the install directory not the actual working folder.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Keep me posted.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.