Inactive Malwarebytes blocking incomming IP

Status
Not open for further replies.
OTL logfile created on: 9/4/2012 11:11:12 PM - Run 2
OTL by OldTimer - Version 3.2.61.0 Folder = E:\installers\fixer
Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.22 Gb Available Physical Memory | 90.30% Memory free
9.31 Gb Paging File | 8.67 Gb Available in Paging File | 93.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 19.99 Gb Total Space | 8.43 Gb Free Space | 42.15% Space Free | Partition Type: NTFS
Drive E: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
Drive G: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
Drive P: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
Drive S: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
Drive T: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
Drive Y: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
Drive Z: | 350.00 Gb Total Space | 289.34 Gb Free Space | 82.67% Space Free | Partition Type: NTFS

Computer Name: ECT05 | User Name: mikebest66 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/04 20:24:59 | 000,599,040 | ---- | M] (OldTimer Tools) -- E:\installers\fixer\OTL.exe
PRC - [2012/07/12 22:11:18 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- E:\program files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/12 22:10:08 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- E:\program files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- E:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- E:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/24 09:40:10 | 000,814,264 | ---- | M] (ESET) -- E:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/10/24 09:40:04 | 002,219,184 | ---- | M] (ESET) -- E:\program files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- E:\program files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- E:\program files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/02/16 07:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2008/04/07 19:09:00 | 000,122,880 | ---- | M] () -- E:\ICVERIFY\ICWin403\Jcard\JCardService.exe
PRC - [2008/01/10 09:28:10 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- E:\ICVERIFY\ICWin403\jre1.6.0\bin\javaw.exe
PRC - [2007/11/06 20:40:54 | 000,815,104 | ---- | M] (Intuit Inc.) -- E:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/02/17 03:55:16 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2007/02/17 03:31:58 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lserver.exe
PRC - [2007/02/17 02:58:36 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/19 17:31:02 | 000,102,400 | ---- | M] (SHARP CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SH0XRCV.exe
PRC - [2000/03/13 03:56:26 | 000,405,504 | ---- | M] (Corel Corporation) -- E:\program files\Corel\Paradox 9 Runtime\Programs\PDXRWN32.exe


========== Modules (No Company Name) ==========

MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/07/30 21:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2008/04/07 19:09:00 | 000,122,880 | ---- | M] () -- E:\ICVERIFY\ICWin403\Jcard\JCardService.exe
MOD - [2008/03/21 14:56:54 | 000,166,912 | ---- | M] () -- C:\WINDOWS\system32\HylaPrintMon.dll
MOD - [2005/06/03 01:39:32 | 000,016,896 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2000/03/13 03:51:54 | 000,364,544 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\PRVIEW32.dll
MOD - [2000/03/13 03:51:50 | 000,765,952 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\PXRSRV32.dll
MOD - [2000/03/13 03:48:14 | 000,081,920 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\PXRFVW32.dll
MOD - [2000/03/13 03:47:38 | 000,225,280 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\PXRTRN32.dll
MOD - [2000/03/13 03:18:08 | 000,049,152 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\SrvMFC.dll
MOD - [2000/03/13 02:58:12 | 000,045,056 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\pxcoed32.dll
MOD - [1999/06/14 01:46:14 | 000,360,448 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\pxchrt32.dll
MOD - [1999/01/04 10:45:34 | 000,118,784 | ---- | M] () -- E:\program files\Corel\Paradox 9 Runtime\Programs\Pdeldr.dll
MOD - [1998/10/10 04:01:00 | 000,589,312 | ---- | M] () -- E:\program files\Borland\Common Files\Bde\idapi32.dll
MOD - [1998/10/10 04:01:00 | 000,255,488 | ---- | M] () -- E:\program files\Borland\Common Files\Bde\idpdx32.dll
MOD - [1998/10/10 04:01:00 | 000,116,736 | ---- | M] () -- E:\program files\Borland\Common Files\Bde\idr20009.dll
MOD - [1998/10/10 04:01:00 | 000,101,376 | ---- | M] () -- E:\program files\Borland\Common Files\Bde\bantam.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/08/26 13:56:49 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 22:11:18 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- E:\program files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 22:10:08 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- E:\program files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\program files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/24 09:40:44 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- E:\program files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/10/24 09:40:10 | 000,814,264 | ---- | M] (ESET) [Auto | Running] -- E:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- E:\program files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/02/16 07:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2008/05/05 21:08:38 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- E:\ICVERIFY\ICWin403\PCVXWinServiceManager.exe -- (icvmlt32)
SRV - [2008/04/07 19:09:00 | 000,122,880 | ---- | M] () [Auto | Running] -- E:\ICVERIFY\ICWin403\Jcard\JCardService.exe -- (JCard Service)
SRV - [2007/02/18 00:30:26 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/17 04:07:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/17 03:55:56 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/17 03:41:50 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/17 03:31:58 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lserver.exe -- (TermServLicensing)
SRV - [2007/02/17 03:20:52 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/17 03:19:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/17 03:19:28 | 000,216,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007/02/17 02:50:02 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2005/06/03 01:39:42 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2005/06/03 01:39:32 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/12 22:10:09 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/24 09:40:20 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/10/24 09:40:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/10/24 09:39:24 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/06/16 08:41:38 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- E:\program files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/02/17 04:09:26 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/17 03:57:50 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2007/02/17 02:49:38 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2007/02/17 02:31:14 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2005/03/24 19:25:38 | 000,049,664 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 2D AA A2 3B 89 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/08/26 09:17:40 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/09/04 22:59:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [egui] E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LogMeIn GUI] E:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [netconnect] c:\netconnect.cmd ()
O4 - HKLM..\Run: [SH0XRCV] C:\WINDOWS\system32\spool\drivers\w32x86\3\SH0XRCV.exe (SHARP CORPORATION)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = E:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271125018593 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36969B39-EF0F-4C74-B318-82CF7A0F3246}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40BBC676-D5F9-42C5-A1C8-7A13A759AEEE}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C78A131-2BDD-4379-A42B-6591861F9B06}: DhcpNameServer = 216.134.212.107
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 20:34:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/04 23:13:38 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/03 22:50:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\mikebest66.ECT01\Desktop\RK_Quarantine
[2012/08/26 09:17:39 | 000,000,000 | ---D | C] -- E:\Program Files\ESET
[2012/08/26 09:17:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/08/26 09:17:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\ESET
[2012/08/08 16:20:58 | 000,000,000 | -HSD | C] -- E:\Documents and Settings\mikebest66.ECT01\IECompatCache
[2012/08/08 10:24:03 | 000,000,000 | ---D | C] -- E:\Program Files\NirSoft

========== Files - Modified Within 30 Days ==========

[2012/09/04 23:13:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/04 23:12:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2313297223-338309279-785217241-1025UA.job
[2012/09/04 23:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/04 23:04:08 | 000,543,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/04 23:04:08 | 000,103,228 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/04 23:02:09 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\mikebest66.ECT01\null
[2012/09/04 23:02:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/04 23:00:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/04 22:59:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/04 22:41:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/04 21:34:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2313297223-338309279-785217241-1010UA.job
[2012/09/04 12:26:54 | 000,002,473 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Microsoft Office Excel 2007.lnk
[2012/09/04 11:18:43 | 000,002,515 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
[2012/09/04 08:34:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2313297223-338309279-785217241-1010Core.job
[2012/09/04 04:12:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2313297223-338309279-785217241-1025Core.job
[2012/09/04 00:00:00 | 000,000,824 | ---- | M] () -- C:\WINDOWS\tasks\Daily Backup Incremental 2.job
[2012/09/03 23:51:47 | 000,000,512 | ---- | M] () -- E:\Documents and Settings\mikebest66.ECT01\Desktop\MBR.dat
[2012/09/03 23:03:55 | 000,001,065 | ---- | M] () -- E:\Documents and Settings\mikebest66.ECT01\Desktop\Continue Download Manager Installation.lnk
[2012/09/03 22:59:44 | 130,692,136 | ---- | M] () -- E:\Documents and Settings\mikebest66.ECT01\My Documents\backup.reg
[2012/09/02 00:01:00 | 000,000,856 | ---- | M] () -- C:\WINDOWS\tasks\Weekly Backup.job
[2012/08/30 09:21:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/21 09:13:58 | 000,001,512 | ---- | M] () -- E:\Documents and Settings\mikebest66.ECT01\Desktop\Computer Management.lnk
[2012/08/17 10:41:06 | 000,001,738 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/08/15 00:15:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\Monthly Backup.job

========== Files Created - No Company Name ==========

[2012/09/03 23:51:47 | 000,000,512 | ---- | C] () -- E:\Documents and Settings\mikebest66.ECT01\Desktop\MBR.dat
[2012/09/03 23:03:55 | 000,001,065 | ---- | C] () -- E:\Documents and Settings\mikebest66.ECT01\Desktop\Continue Download Manager Installation.lnk
[2012/09/03 22:59:30 | 130,692,136 | ---- | C] () -- E:\Documents and Settings\mikebest66.ECT01\My Documents\backup.reg
[2012/08/17 10:41:06 | 000,002,181 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/17 10:41:06 | 000,001,738 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/14 17:38:10 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\mikebest66.ECT01\null
[2010/06/21 14:57:47 | 000,000,434 | RHS- | C] () -- E:\Documents and Settings\All Users\ntuser.pol

========== LOP Check ==========

[2012/05/17 12:29:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\AppAssure
[2012/08/26 09:17:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ESET
[2012/09/04 08:44:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/04/01 08:02:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Trusteer
[2012/09/04 00:00:00 | 000,000,824 | ---- | M] () -- C:\WINDOWS\Tasks\Daily Backup Incremental 2.job
[2012/08/15 00:15:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\Tasks\Monthly Backup.job
[2012/09/04 22:56:19 | 000,032,444 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2012/09/02 00:01:00 | 000,000,856 | ---- | M] () -- C:\WINDOWS\Tasks\Weekly Backup.job

========== Purity Check ==========


< End of report >
 
Good news :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
Results of screen317's Security Check version 0.99.50
Service Pack 2 x86
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Please wait while WMIC is being installed.
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 06-08-2012
Ran by mikebest66 (administrator) on 04-09-2012 at 23:28:10
Running from "E:\installers\fixer"
Microsoft(R) Windows(R) Server 2003, Enterprise Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Nsi Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
nsiproxy Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open nsiproxy registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open nsiproxy registry key. The service key does not exist.
tdx Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open mpsdrv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open mpsdrv registry key. The service key does not exist.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Other Services:
==============
File Check:
========
ATTENTION!=====> C:\WINDOWS\system32\nsisvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
ATTENTION!=====> C:\WINDOWS\system32\Drivers\nsiproxy.sys FILE IS MISSING AND SHOULD BE RESTORED.
C:\WINDOWS\system32\Drivers\afd.sys
[2005-03-24 18:55] - [2011-02-10 09:44] - 0150528 ____A (Microsoft Corporation) 336D51E35C5737809449128F421431A1
ATTENTION!=====> C:\WINDOWS\system32\Drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED.
C:\WINDOWS\system32\Drivers\tcpip.sys
[2005-03-24 19:25] - [2009-08-15 05:57] - 0393216 ____A (Microsoft Corporation) 238DC2B879D1B37B91F8D5D44F3815D3
C:\WINDOWS\system32\dnsrslvr.dll
[2009-04-20 14:38] - [2009-04-20 14:38] - 0045568 ____A (Microsoft Corporation) E927F3B46F85D934C8F420FE08593D1B
ATTENTION!=====> C:\WINDOWS\system32\mpssvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
ATTENTION!=====> C:\WINDOWS\system32\bfe.dll FILE IS MISSING AND SHOULD BE RESTORED.
ATTENTION!=====> C:\WINDOWS\system32\Drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED.
ATTENTION!=====> C:\WINDOWS\system32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED.
C:\WINDOWS\system32\vssvc.exe
[2012-05-17 12:29] - [2007-08-31 10:38] - 0837120 ____A (Microsoft Corporation) C10C5C9E1D24614393106722F6388C24
ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-04-12 21:59] - [2007-02-17 04:09] - 0143360 ____A (Microsoft Corporation) F8D5B9C1A26C933B9EA7740BAB35BCF5
C:\WINDOWS\system32\wuaueng.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll
[2010-04-12 20:33] - [2007-02-17 03:55] - 0380928 ____A (Microsoft Corporation) 9D7A318B2C7AE51E9D5374F8EEDE856C
C:\WINDOWS\system32\es.dll
[2008-04-29 17:33] - [2008-04-29 17:33] - 0247296 ____A (Microsoft Corporation) C17C56E91045E14DF45D62DD89AED50C
C:\WINDOWS\system32\cryptsvc.dll
[2010-04-12 21:59] - [2007-02-17 02:35] - 0056320 ____A (Microsoft Corporation) FEB85DA744DD3F41A427CF6D2BC04FE4
ATTENTION!=====> E:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
C:\WINDOWS\system32\svchost.exe
[2010-04-12 21:59] - [2007-02-17 04:04] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682
C:\WINDOWS\system32\rpcss.dll
[2010-04-12 22:37] - [2009-02-09 07:02] - 0486912 ____A (Microsoft Corporation) 305A8757D66B5D416B47C497C27A01FE
**** End of log ****
 
# AdwCleaner v2.000 - Logfile created 09/04/2012 at 23:30:43
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows Server 2003 Service Pack 2 (32 bits)
# User : mikebest66 - ECT05
# Boot Mode : Normal
# Running from : E:\Documents and Settings\mikebest66.ECT01\Local Settings\Temporary Internet Files\Content.IE5\LQ3QP6TS\adwcleaner[1].exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [608 octets] - [04/09/2012 23:30:43]
########## EOF - E:\AdwCleaner[R1].txt - [667 octets] ##########
 
Might have celebrated too soon.
2012/09/05 00:00:29 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 00:00:29 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 07:36:58 -0400ECT05(null)MESSAGEExecuting scheduled update: Daily
2012/09/05 07:37:09 -0400ECT05(null)MESSAGEScheduled update executed successfully: database updated from version v2012.09.04.05 to version v2012.09.05.05
2012/09/05 07:37:09 -0400ECT05(null)MESSAGEStarting database refresh
2012/09/05 07:37:21 -0400ECT05(null)MESSAGEDatabase refreshed successfully
2012/09/05 08:15:55 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 08:15:55 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 08:20:22 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 08:20:22 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 08:45:22 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 08:45:22 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 08:50:01 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 08:50:01 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 08:59:32 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 08:59:32 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 09:02:23 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 09:02:23 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 09:14:19 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 09:14:19 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 09:19:29 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 09:19:29 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 09:35:11 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 09:35:11 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 10:19:14 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 10:19:14 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 16:41:28 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 16:41:28 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
2012/09/05 17:21:11 -0400ECT05(null)MESSAGEStarting IP protection
2012/09/05 17:21:11 -0400ECT05(null)ERRORIP protection failed: PfMakeLog failed with error code 85
 
[FONT=Verdana] [/FONT]
[FONT=Arial]Scanning Report[/FONT]

[FONT=Arial]Thursday, September 6, 2012 07:14:15 - 07:18:41[/FONT]

Computer name: ECT05
Scanning type: Quick scan
Target: System
[FONT=Arial]12 malware found[/FONT]

[FONT=Verdana]TrackingCookie.2o7[/FONT][FONT=Verdana] (spyware) [/FONT]
  • System (Disinfected)
TrackingCookie.Advertising (spyware)
  • System (Disinfected)
TrackingCookie.Atdmt (spyware)
  • System (Disinfected)
TrackingCookie.Doubleclick (spyware)
  • System (Disinfected)
TrackingCookie.Revsci (spyware)
  • System (Disinfected)
TrackingCookie.WebTrendsLive (spyware)
  • System (Disinfected)
TrackingCookie.Fastclick (spyware)
  • System (Disinfected)
TrackingCookie.Adbrite (spyware)
  • System (Disinfected)
TrackingCookie.Webtrends (spyware)
  • System (Disinfected)
TrackingCookie.Mediaplex (spyware)
  • System (Disinfected)
TrackingCookie.Liveperson (spyware)
  • System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
  • System (Disinfected)
[FONT=Arial]Statistics[/FONT]

Scanned:
  • Files: 3872
  • System: 3872
  • Not scanned: 0
Actions:
  • Disinfected: 12
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
[FONT=Arial]Options[/FONT]

Scanning engines:
 
Please click HERE to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button
    p4484522.gif
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button
    p4484523.gif
    then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.
 
I had trouble clicking and highlighting the report. I think I dbl clicked it and it selected or opened everything it scanned. Then when I tried to select all it locked up. I ended up restarting the server. It did find and remove 12 items. Before the restart I checked the Malwarebytes logs and saw huge log files still being created. After the restart and no more logs and no error messages from Malwarebytes.
 
Re-ran Kaspersky due to the ip-blocks started up again.
Here are the items it found. It did not automatically delete or clean. I had to click on the "Detected Threats" to get this report.
Status: Detected (events: 10)
9/8/2012 10:35:42 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\ICVERIFY\data1.cab//iKernel.exe High
9/8/2012 10:36:01 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\ICVERIFY\data1.hdr//iKernel.exe High
9/8/2012 10:36:18 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\ICVERIFY\data2.cab//iKernel.exe High
9/8/2012 10:37:15 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\User Manager\data1.cab//iKernel.exe High
9/8/2012 10:37:16 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\User Manager\data1.hdr//iKernel.exe High
9/8/2012 10:37:16 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\installers\ICVerify_Install_Disk\ICVerify_Install_Disk\User Manager\data2.cab//iKernel.exe High
9/8/2012 10:39:54 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\program files\InstallShield Installation Information\{6C5E8393-68D6-4FAF-96DF-A2B4D3A8BF0B}\data1.cab//iKernel.exe High
9/8/2012 10:39:55 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\program files\InstallShield Installation Information\{AA53316F-C568-4069-9EFC-CA3D39E418A6}\data1.cab//iKernel.exe High
9/8/2012 10:41:48 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\program files\InstallShield Installation Information\{6C5E8393-68D6-4FAF-96DF-A2B4D3A8BF0B}\data1.hdr//iKernel.exe High
9/8/2012 10:41:50 PM Detected Trojan program Trojan.Win32.Agent2.ffbq E:\program files\InstallShield Installation Information\{AA53316F-C568-4069-9EFC-CA3D39E418A6}\data1.hdr//iKernel.exe High
IC Verify is the program we use to process credit cards. This is the install directory not the actual working folder.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back