Jump to content

LifeIsPhun

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have a .zip file that VirusTotal says is infected that is sitting on my Win7 desktop and was not caught by either MS Security Essentials or MBAM. Both packages are current binaries and current malware DB updated. Neither a direct scan (right-click & scan) nor a Full Disk Scan catch this file which is known to have multiple infections inside. My computer has been running slowly which made me suspect...now I suspect I have a root kit infection? I followed the "I think I am infected, now what" guide and ran DDS. Below is the results and attached is the Attach.txt file:: Guidance please! =========================== DDS.TXT =============================================== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Mark at 10:16:35 on 2011-12-15 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12278.9746 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation D:\Program Files (x86)\Jump Desktop\JumpService.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe D:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe C:\Windows\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files (x86)\Yamaha\FWDriver\yfwtray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Yamaha\FWDriver\yfwcm.exe C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe D:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\system32\taskeng.exe C:\Windows\sysWow64\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lifeisphun.com/ uInternet Settings,ProxyOverride = *.local BHO: ClickCatcher MSIE handler: {16664845-0e00-11d2-8059-000000000000} - C:\Program Files (x86)\Common Files\ReGet Shared\Catcher.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - C:\Program Files (x86)\PicLensIE\cooliris.dll TB: ReGet Bar: {17939a30-18e2-471e-9d3a-56dd725f1215} - D:\Program Files (x86)\ReGet Software\ReGet Deluxe\IEBar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" mRun: [yfwtray] C:\Program Files (x86)\Yamaha\FWDriver\yfwtray.exe mRun: [yfwcm] C:\Program Files (x86)\Yamaha\FWDriver\yfwcm.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [TrueImageMonitor.exe] "D:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Mark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE uPolicies-explorer: NoAutorun = 1 (0x1) uPolicies-explorer: DontSetAutoplayCheckbox = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-explorer: NoAutorun = 1 (0x1) mPolicies-explorer: DontSetAutoplayCheckbox = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Do&wnload by ReGet Deluxe - C:\Program Files (x86)\Common Files\ReGet Shared\CC_Link.htm IE: Download A&ll by ReGet Deluxe - C:\Program Files (x86)\Common Files\ReGet Shared\CC_All.htm IE: Download all by YouTube Robot - D:\Program Files (x86)\YouTubeRobot\downall.htm IE: Download by YouTube Robot - D:\Program Files (x86)\YouTubeRobot\downlink.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - C:\Program Files (x86)\PicLensIE\cooliris.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{0425BED7-86E3-43DE-BC7B-201B43AEA53B} : DhcpNameServer = 192.168.1.254 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll SEH: {16664848-0E00-11D2-8059-000000000000} - No File SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: ClickCatcher MSIE handler: {16664845-0E00-11D2-8059-000000000000} - C:\Program Files (x86)\Common Files\ReGet Shared\Catcher.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll BHO-X64: Google Dictionary Compression sdch - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll C:\Program Files (x86)\PicLensIE\cooliris.dll BHO-X64: Cooliris Plug-In for Internet Explorer - No File TB-X64: ReGet Bar: {17939A30-18E2-471E-9D3A-56DD725F1215} - D:\Program Files (x86)\ReGet Software\ReGet Deluxe\IEBar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" mRun-x64: [yfwtray] C:\Program Files (x86)\Yamaha\FWDriver\yfwtray.exe mRun-x64: [yfwcm] C:\Program Files (x86)\Yamaha\FWDriver\yfwcm.exe mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun-x64: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [TrueImageMonitor.exe] "D:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun-x64: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" SEH-X64: {16664848-0E00-11D2-8059-000000000000} - No File SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\fymp34h0.default\ FF - prefs.js: browser.startup.homepage - hxxp://lifeisphun.com/ FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll FF - plugin: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: D:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: DrupalForFirebug: DrupalForFirebug@drupal.org - %profile%\extensions\DrupalForFirebug@drupal.org FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?] R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\system32\DRIVERS\vsflt53.sys --> C:\Windows\system32\DRIVERS\vsflt53.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016] R2 JumpDesktop;Jump Desktop Service;D:\Program Files (x86)\Jump Desktop\JumpService.exe [2011-5-8 7680] R2 MBAMService;MBAMService;D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-15 366152] R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-10-12 5739008] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-8-27 2214504] R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-9-8 2932224] R2 ubsbm;Unibrain 1394 SBM Driver;C:\Windows\system32\DRIVERS\ubsbm.sys --> C:\Windows\system32\DRIVERS\ubsbm.sys [?] R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\Windows\system32\DRIVERS\ubumapi.sys --> C:\Windows\system32\DRIVERS\ubumapi.sys [?] R3 iLokDrvr;Usb Driver;C:\Windows\System32\drivers\iLokDrvr.sys [2009-12-2 54328] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SynUSB64;eLicenser;C:\Windows\system32\DRIVERS\SynUSB64.sys --> C:\Windows\system32\DRIVERS\SynUSB64.sys [?] R3 ubohci;Unibrain 1394 OHCI Driver;C:\Windows\system32\DRIVERS\ubohci.sys --> C:\Windows\system32\DRIVERS\ubohci.sys [?] R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\system32\drivers\WsAudioDevice_383S(1).sys --> C:\Windows\system32\drivers\WsAudioDevice_383S(1).sys [?] R3 YFWBUS;Yamaha Steinberg FW Bus;C:\Windows\system32\Drivers\yfwbus.sys --> C:\Windows\system32\Drivers\yfwbus.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-9 133104] S2 Roxio Upnp Server 11;Roxio Upnp Server 11;D:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe [2008-8-13 367088] S2 RoxLiveShare11;LiveShare P2P Server 11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-8-13 309744] S2 RoxWatch11;Roxio Hard Drive Watcher 11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-8-13 170480] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-9 133104] S3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\Windows\system32\Drivers\KORGUM64.SYS --> C:\Windows\system32\Drivers\KORGUM64.SYS [?] S3 rig2avs_x64;rig2avs_x64;C:\Windows\system32\Drivers\rig2avs_x64.sys --> C:\Windows\system32\Drivers\rig2avs_x64.sys [?] S3 rig2usb_x64;rig2usb_x64;C:\Windows\system32\Drivers\rig2usb_x64.sys --> C:\Windows\system32\Drivers\rig2usb_x64.sys [?] S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;D:\Program Files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [2008-8-13 313840] S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-1-7 1122304] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 YFWAUDIO;Yamaha Steinberg FW WDM Audio;C:\Windows\system32\drivers\yfwaudio.sys --> C:\Windows\system32\drivers\yfwaudio.sys [?] S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\system32\drivers\ymidusbx64.sys --> C:\Windows\system32\drivers\ymidusbx64.sys [?] . =============== Created Last 30 ================ . 2011-12-15 18:10:28 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22CF7848-FB70-4D90-9CE8-FE856EB6B053}\offreg.dll 2011-12-15 18:10:22 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22CF7848-FB70-4D90-9CE8-FE856EB6B053}\mpengine.dll 2011-12-14 02:14:45 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-12-14 02:14:36 723456 ----a-w- C:\Windows\System32\EncDec.dll 2011-12-14 02:14:36 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-12-14 02:14:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2011-12-14 02:12:23 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-12-14 02:12:23 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-12-14 00:45:00 -------- d-----w- C:\Program Files\iPod 2011-12-14 00:44:59 -------- d-----w- C:\Program Files\iTunes 2011-12-14 00:35:07 4200024 ----a-w- C:\Windows\SysWow64\cdintf400.dll 2011-12-13 18:16:19 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys 2011-12-13 18:15:50 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys 2011-12-13 18:15:20 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys 2011-12-13 18:14:31 275552 ----a-w- C:\Windows\System32\drivers\snapman.sys 2011-12-13 02:00:03 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C85FBDBE-62F6-4398-9B81-CC205FA0865A}\gapaengine.dll 2011-12-12 23:30:25 -------- d-sh--w- C:\$RECYCLE.BIN 2011-12-12 20:55:16 -------- d-----w- C:\Windows\pss 2011-12-06 20:04:52 -------- d-----w- C:\ProgramData\Downloaded Installations 2011-11-21 04:47:04 -------- dc-h--w- C:\ProgramData\{E6A5D1F3-568D-4BA2-B7B6-7B6E93D9DA97} 2011-11-21 04:40:46 -------- dc-h--w- C:\ProgramData\{264FEB7A-D0A7-4625-AEE4-8ED9EFDE2E09} 2011-11-21 04:17:44 -------- dc-h--w- C:\ProgramData\{9E46E5C1-EE57-4DB2-9060-6C1D386B3DB0} 2011-11-21 04:06:23 -------- dc-h--w- C:\ProgramData\{A07F7F49-03B9-4B8B-A266-07563B0278A6} 2011-11-21 03:47:57 -------- dc-h--w- C:\ProgramData\{62FADBCC-1E59-4AE4-AA55-3EE453354B64} 2011-11-21 03:31:45 -------- dc-h--w- C:\ProgramData\{544A9B13-F375-4543-8198-54A1542E6015} 2011-11-21 02:26:10 -------- dc-h--w- C:\ProgramData\{1C929C0E-C8EB-4904-BB9D-727835203D59} 2011-11-21 02:10:44 -------- dc-h--w- C:\ProgramData\{34F39B18-8D21-4D30-ABA7-42DA1C8D5D9F} 2011-11-21 02:04:32 -------- dc-h--w- C:\ProgramData\{98352F45-F344-4528-B4AA-8BB717C0157D} 2011-11-20 19:29:53 25720 ----a-w- C:\Windows\System32\drivers\iLokDrvr.sys 2011-11-20 19:29:52 -------- d-----w- C:\ProgramData\PACE 2011-11-20 19:29:50 -------- d-----w- C:\Program Files (x86)\Common Files\PACE 2011-11-19 23:30:16 -------- d-----w- C:\ProgramData\Ableton 2011-11-19 23:30:15 -------- d-----w- C:\Users\Mark\AppData\Roaming\Ableton 2011-11-19 23:28:34 368640 ----a-w- C:\Windows\SysWow64\ReWire.dll 2011-11-19 23:28:34 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll . ==================== Find3M ==================== . 2011-11-15 22:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2011-10-03 12:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 10:17:03.76 =============== Here is the Attach.txt file... Attach.txt
  2. I have been receiving a .zip attachment in email (IRS notice) that I submitted to VirusTotal that found 13 virus/malware hits...BUT MB 1.51.2.1300 PRO did not detect anything. So I think I am infected. I submitted my mbam.exe to VirusTotal and it detected a virus... So I think I am infected...but my MBAM scans doesn't detect anything. I follow the instruction on the "I think I am infected" forum, but I can't get to anywhere on BleepingComputer.com OR Malwarebytes.org for a current clean mbam setup. What next? Oh yeah, and I want to check my local installed mbam executable hashes, but I can only find the hashes for the full setup exes. Is there a location on MB.org for the hashes for the individual files? I was able to download DDS.scr, ran it and attached the two resulting logs here... DDS.txt Attach.txt Thanx in advance for you help! Again today my PC is running slower and slower...and MBAM did not catch a direct scan of a .zip file known to have a virus!!! HELP!!
  3. ESet log ==================== ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK ===================== It said no threats found. Thanx. ALSO...MBAM Protection Log has not shown any Blocked IPs. I think the torrents were the source. Thank you very much for your assistance. I will consider this issue closed.
  4. I used them once in the past and thought I had uninstalled them a couple of years ago. I can see them as being the entry point of the infections I have had randomly over the last couple of years. I have uninstalled both programs and rebooted. I will watch the MBAM Protection Log throughout the day and post the results tonight or tomorrow. Thanx for your help. 1) So now for a good piece-of-mind maintenance scan. What Root Kit scanner would you recommend I run just to verify that I don't have anything lurking in the background that userspace scanners won't find? 2) Do you feel MS Security Essentials is sufficient for an AV program?
  5. Extras.txt here... =================================================== OTL Extras logfile created on: 7/25/2010 10:14:53 PM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mark\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.63 Gb Total Space | 114.30 Gb Free Space | 40.02% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 75.29 Gb Free Space | 25.26% Space Free | Partition Type: NTFS Drive E: | 12.46 Gb Total Space | 0.91 Gb Free Space | 7.32% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARKLAPTOP Current User Name: Mark Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64 "{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6F42AB02-6626-45DE-AA69-E141FDB82CDF}" = Vegas Pro 9.0 (64-bit) "{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}" = Steinberg HALionOne 64bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour "{8A9065DA-0293-41DA-A349-16E1A2605F64}" = Steinberg Cubase 5 64bit "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials "{9B9DBB81-1F48-48B0-8CB3-051311DC73F7}" = Adobe Photoshop Lightroom 2.7 64-bit "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B653153C-B4C7-45D0-B2EE-037A9F635FB0}" = Yamaha USB-MIDI Driver "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support "{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F2D97EFD-D9C0-4463-8264-2909C8911048}" = Yamaha Steinberg FW Driver "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11 "07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "6A0F7F6D59467F90B3445398E9C6E22FA6D87668" = Windows Driver Package - RT Systems RT CDM Driver Package (02/17/2009 2.04.16) "CA1E2AA9AF8B001E6219DBA9AB4B4486591AD313" = Windows Driver Package - RT Systems RT CDM Driver Package (02/17/2009 2.04.16) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Essentials" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "RolandRDID0045" = FANTOM-X Driver "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1D111953-3C70-48E3-BB62-B669C724585C}" = Steinberg CC121 Extension 64bit "{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = EMC 11 Content "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 20 "{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{294C633F-6933-4F86-A305-BFDF9FCE9EFF}" = HP User Guides 0116 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Central "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4364F7C0-8A77-11DE-72AE-001770EB2CD6}" = IC-T7 Programmer "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{4D5F27BB-93A3-4D41-AEE8-3671B1822FC7}" = muvee Reveal "{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0 "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{55BCD416-7CDD-4CD8-8512-C5038DBAB5DD}" = Cooliris for Internet Explorer "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{64ECC10A-4BAA-41EA-87AA-C51ACA9D6F69}" = Steinberg MR Extension "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69F56014-2C48-4885-8D72-0E069F89647F}" = Roxio Creator 2009 Special Edition "{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009 Special Edition "{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88C27FE5-8972-4E48-9C40-5C73D79217FD}" = Steinberg MR Extension "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA1542E6-D54D-4AB3-97E1-28DB4CEB4B90}" = Garmin City Navigator North America 2008 "{AA749D64-3741-4D5F-B804-B0BC05D179D1}" = Roxio CinePlayer "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C616E4CF-9290-4E4F-9831-E68E4AD61CAD}" = Steinberg MR Extension "{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010 "{C9A7FEDD-46DA-4941-B80B-687E7B8A8912}" = Steinberg MR Editor "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype
  6. Chris, sorry...but the infection took me by surprise. Here is the OTL.txt log:: ================ OTL logfile created on: 7/25/2010 10:14:53 PM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mark\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.63 Gb Total Space | 114.30 Gb Free Space | 40.02% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 75.29 Gb Free Space | 25.26% Space Free | Partition Type: NTFS Drive E: | 12.46 Gb Total Space | 0.91 Gb Free Space | 7.32% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARKLAPTOP Current User Name: Mark Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/07/25 22:14:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe PRC - [2010/06/28 16:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2010/04/29 12:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/04/29 12:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/03/19 07:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009/12/01 11:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe PRC - [2009/12/01 11:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe PRC - [2009/06/22 15:58:05 | 000,039,280 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Microsoft Streets & Trips 2010\StreetsOlkShim.exe PRC - [2009/05/27 11:55:44 | 000,557,056 | ---- | M] (Yamaha Corporation) -- C:\Program Files (x86)\Yamaha\FWDriver\yfwcm.exe PRC - [2009/04/20 05:10:48 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe PRC - [2009/02/26 12:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008/10/06 06:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe PRC - [2008/09/26 00:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008/09/25 16:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008/09/25 16:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008/06/19 12:04:50 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2008/03/06 17:22:28 | 000,110,592 | ---- | M] (Yamaha Corporation) -- C:\Program Files (x86)\Yamaha\FWDriver\yfwtray.exe PRC - [2007/10/10 15:03:28 | 001,077,248 | ---- | M] (PreSonus Audio Electronics) -- C:\Program Files (x86)\PreSonus\1394AudioDriver_FireBox\FireBox.exe ========== Modules (SafeList) ========== MOD - [2010/07/25 22:14:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe MOD - [2009/07/13 15:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/13 15:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010/03/25 20:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/03/23 11:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/07/13 15:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2009/07/13 15:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 15:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2009/07/13 15:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/03/02 15:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2008/09/16 08:33:26 | 000,719,152 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService) SRV - [2010/04/29 12:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/03/19 07:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/03/18 11:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010/03/18 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 10:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/12/01 11:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2009/01/09 03:46:25 | 001,122,304 | R--- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11) SRV - [2008/10/25 08:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/10/06 06:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008/09/16 08:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService) SRV - [2008/08/13 22:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11) SRV - [2008/08/13 22:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11) SRV - [2008/08/13 22:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11) SRV - [2008/08/13 22:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2010/05/27 19:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/04/29 12:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010/04/09 13:44:24 | 000,081,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1045.sys -- (RDID1045) DRV:64bit: - [2010/03/23 11:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/01/13 13:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel® DRV:64bit: - [2009/12/02 11:51:50 | 000,077,656 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr) DRV:64bit: - [2009/11/27 07:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/11/27 05:40:02 | 000,095,232 | ---- | M] (u-blox AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ubloxusb.sys -- (ubloxusb) DRV:64bit: - [2009/11/19 11:32:02 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2009/09/16 07:56:24 | 000,224,512 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yfwbus.sys -- (YFWBUS) DRV:64bit: - [2009/09/16 07:56:24 | 000,033,280 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yfwaudio.sys -- (YFWAUDIO) DRV:64bit: - [2009/09/02 01:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2009/08/21 18:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/08/04 11:15:36 | 000,048,200 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM) DRV:64bit: - [2009/07/13 15:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 15:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 15:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 15:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus) DRV:64bit: - [2009/07/13 15:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt) DRV:64bit: - [2009/07/13 15:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc) DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 13:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap) DRV:64bit: - [2009/07/13 13:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID) DRV:64bit: - [2009/07/13 13:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:64bit: - [2009/06/26 12:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64) DRV:64bit: - [2009/06/26 12:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (SynasUSB) DRV:64bit: - [2009/06/10 10:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 10:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 11:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/09/16 08:33:38 | 000,049,968 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vfs101a.sys -- (vfs101a) DRV:64bit: - [2008/09/04 07:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2008/08/07 07:01:36 | 000,143,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2008/06/16 01:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007/10/09 15:06:56 | 000,069,168 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pae_avs_x64.sys -- (pae_avs) DRV:64bit: - [2007/10/09 15:06:54 | 000,183,344 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pae_1394_x64.sys -- (pae_1394) DRV:64bit: - [2007/06/18 14:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009/12/02 11:51:08 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\iLokDrvr.sys -- (iLokDrvr) DRV - [2009/04/06 12:32:46 | 000,015,504 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mbam.sys -- (MBAMProtector) DRV - [2008/09/26 00:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lifeisphun.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://lifeisphun.com/" FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/01/20 18:10:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/03 16:37:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/22 14:49:23 | 000,000,000 | ---D | M] [2010/04/02 19:38:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions [2010/06/30 09:24:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\q25zu9t4.default\extensions [2010/05/02 19:33:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\q25zu9t4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/05/21 18:32:28 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\q25zu9t4.default\extensions\firebug@software.joehewitt.com [2010/05/02 19:33:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\q25zu9t4.default\extensions\support@lastpass.com [2010/05/22 14:49:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/05/22 14:49:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 14:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2009/10/05 18:01:23 | 000,338,230 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11599 more lines... O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe () O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe (Sonic Solutions) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [yfwcm] C:\Program Files (x86)\Yamaha\FWDriver\yfwcm.exe (Yamaha Corporation) O4 - HKLM..\Run: [yfwtray] C:\Program Files (x86)\Yamaha\FWDriver\yfwtray.exe (Yamaha Corporation) O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.15 66.75.160.15 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/25 22:14:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe [2010/07/16 15:04:14 | 000,019,256 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\HPMDPCoInst11.dll [2010/07/16 15:03:58 | 000,030,520 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpservice.exe [2010/07/16 15:03:54 | 000,020,792 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\accelerometerdll.DLL [2010/07/16 15:03:48 | 000,043,320 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\Accelerometer.sys [2010/07/15 17:16:45 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010/06/28 14:22:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\PeerNetworking [2010/06/28 14:20:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Remote Assistance Logs [2010/06/28 13:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware [2010/06/28 13:10:26 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010/06/28 13:10:26 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010/06/28 13:10:26 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010/06/28 13:10:26 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010/06/28 13:10:25 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010/06/28 13:10:25 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010/06/28 13:10:25 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010/06/28 13:10:25 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010/06/28 10:30:20 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010/06/28 10:30:14 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010/06/28 10:30:14 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010/06/28 10:30:13 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010/06/28 10:30:13 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010/06/28 10:30:13 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010/06/28 10:30:13 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010/06/28 10:30:13 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax ========== Files - Modified Within 30 Days ========== [2010/07/25 22:16:33 | 007,077,888 | -HS- | M] () -- C:\Users\Mark\NTUSER.DAT [2010/07/25 22:14:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe [2010/07/25 22:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/25 22:04:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-435221593-2596880326-3948742366-1000UA.job [2010/07/25 18:56:44 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/25 18:56:44 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/25 18:53:55 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/07/25 18:53:55 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/07/25 18:53:55 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/07/25 18:49:44 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/25 18:49:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/25 18:49:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/25 18:49:08 | 3219,017,728 | -HS- | M] () -- C:\hiberfil.sys [2010/07/25 18:48:12 | 007,599,354 | -H-- | M] () -- C:\Users\Mark\AppData\Local\IconCache.db [2010/07/25 17:34:40 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-435221593-2596880326-3948742366-1000Core.job [2010/07/21 18:19:53 | 000,000,764 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010/07/17 09:36:46 | 000,000,055 | ---- | M] () -- C:\Users\Mark\Desktop\Peak Oil on Vimeo.url [2010/07/16 15:04:14 | 000,019,256 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\HPMDPCoInst11.dll [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\hpdskflt.sys [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpservice.exe [2010/07/16 15:03:54 | 000,020,792 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\accelerometerdll.DLL [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\Accelerometer.sys [2010/06/28 14:22:53 | 000,044,222 | ---- | M] () -- C:\Users\Mark\AppData\Local\RAContactHistory.xml [2010/06/28 13:27:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf ========== Files Created - No Company Name ========== [2010/07/17 09:36:46 | 000,000,055 | ---- | C] () -- C:\Users\Mark\Desktop\Peak Oil on Vimeo.url [2010/06/28 14:22:53 | 000,044,222 | ---- | C] () -- C:\Users\Mark\AppData\Local\RAContactHistory.xml [2010/06/28 13:27:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2009/12/03 06:12:13 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/07/13 13:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 11:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/03/06 16:13:15 | 000,001,610 | ---- | C] () -- C:\Windows\TVEpaDrv.ini [2008/10/07 06:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/10/07 06:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2007/11/14 14:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll [2004/01/30 13:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll < End of report > ================ I'll post the Extras.txt file in the next posting...
  7. WWWWTTTTFFFF!!!!!!! Who are you? I thought you were a moderator and I could trust!! I clicked on the link you gave me above to OTL.exe and followed your instructions...MBAM gave me a warning that OLT.exe (Trojan.Dropper) was attempting to access my computer, which I interpreted as something that would detect/eliminate trojans NOT INJECT THEM?!? So I selected the "Ignore" button and got infected. Here is the Protection Log:: ================== 08:08:12 Mark IP-BLOCK 212.117.174.136 08:09:00 Mark IP-BLOCK 89.28.62.124 08:09:09 Mark IP-BLOCK 89.28.90.51 08:23:19 Mark IP-BLOCK 94.96.103.210 08:41:02 Mark MESSAGE IP Protection stopped 08:41:07 Mark MESSAGE Database updated successfully 08:41:07 Mark MESSAGE IP Protection started successfully 09:06:51 Mark IP-BLOCK 89.28.15.117 09:06:59 Mark IP-BLOCK 89.28.125.140 09:20:56 Mark IP-BLOCK 94.96.45.193 09:22:09 Mark IP-BLOCK 94.96.67.33 10:07:03 Mark IP-BLOCK 212.117.174.136 10:07:11 Mark IP-BLOCK 62.45.217.40 10:08:01 Mark IP-BLOCK 95.211.11.164 10:21:31 Mark IP-BLOCK 58.241.160.65 10:21:32 Mark IP-BLOCK 212.117.174.136 10:21:48 Mark IP-BLOCK 58.241.210.108 10:51:49 Mark IP-BLOCK 89.28.50.8 10:51:58 Mark IP-BLOCK 213.182.202.135 10:52:46 Mark IP-BLOCK 117.205.48.92 11:06:35 Mark IP-BLOCK 213.182.202.135 17:45:23 Mark IP-BLOCK 59.34.5.82 17:46:04 Mark IP-BLOCK 83.128.14.225 18:00:39 Mark IP-BLOCK 95.211.2.174 18:17:47 Mark IP-BLOCK 89.28.88.163 18:30:24 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:30:24 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:30:24 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:30:45 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:30:45 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:30:45 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:30:45 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:32:16 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:32:16 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:32:16 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:32:16 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:34:14 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:41:33 Mark DETECTION C:\Users\Mark\Desktop\OTL.exe Trojan.Dropper ALLOW 18:43:28 Mark MESSAGE IP Protection stopped 18:43:32 Mark MESSAGE Database updated successfully 18:43:32 Mark MESSAGE IP Protection started successfully 18:51:40 Mark MESSAGE Protection started successfully 18:51:43 Mark MESSAGE IP Protection started successfully ======================================= Here is the MBAM log of the detection:: ========================= Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4349 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 7/25/2010 6:47:41 PM mbam-log-2010-07-25 (18-47-41).txt Scan type: Quick scan Objects scanned: 140627 Time elapsed: 3 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\$RECYCLE.BIN\S-1-5-21-435221593-2596880326-3948742366-1000\$RJXJA5I.exe (Trojan.Dropper) -> Quarantined and deleted successfully. ========================= Here is the MBAM log after the scan and removal:: ================================= Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4350 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 7/25/2010 6:58:03 PM mbam-log-2010-07-25 (18-58-03).txt Scan type: Quick scan Objects scanned: 140640 Time elapsed: 5 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ================================= ?!? NOW WHAT ?!? I am going to report this event...
  8. Thanx Chris, Here is the MBAM log:: ========================= Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4346 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 7/25/2010 8:46:05 AM mbam-log-2010-07-25 (08-46-05).txt Scan type: Quick scan Objects scanned: 141136 Time elapsed: 4 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ========================= Here is the DDS log:: ========================= DDS (Ver_10-03-17.01) - NTFSX64 Run by Mark at 8:47:40.78 on Sun 07/25/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4093.2265 [GMT -10:00] SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\SMINST\BLService.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\vfsFPService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Mark\Program Files (x86)\DNA\btdna.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\PreSonus\1394AudioDriver_FireBox\FireBox.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Yamaha\FWDriver\yfwcm.exe C:\Program Files (x86)\Yamaha\FWDriver\yfwtray.exe C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\DigitalPersona\Bin\DPAgent.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Streets & Trips 2010\StreetsOlkShim.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Mark\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uStart Page = hxxp://lifeisphun.com/ mLocal Page = c:\windows\syswow64\blank.htm uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files (x86)\digitalpersona\bin\DpOtsPluginIe8.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files (x86)\lastpass\LPBar.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files (x86)\piclensie\cooliris.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files (x86)\lastpass\LPBar.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [bitTorrent DNA] "c:\users\mark\program files (x86)\dna\btdna.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Google Update] "c:\users\mark\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [<NO NAME>] mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe" mRun: [CPMonitor] "c:\program files (x86)\roxio creator 2009 special edition\5.0\CPMonitor.exe" mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe" mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe mRun: [hpWirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start mRun: [RoxWatchTray] "c:\program files (x86)\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe" mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe" mRun: [uCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam" mRun: [updateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [updatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [yfwcm] "c:\program files (x86)\yamaha\fwdriver\yfwcm.exe" mRun: [yfwtray] "c:\program files (x86)\yamaha\fwdriver\yfwtray.exe" mRun: [DpAgent] c:\program files (x86)\digitalpersona\bin\dpagent.exe mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [switchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\firebo~1.lnk - c:\program files (x86)\presonus\1394audiodriver_firebox\FireBox.exe uPolicies-explorer: NoAutorun = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-explorer: NoAutorun = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000 IE: LastPass - file://c:\program files (x86)\lastpass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files (x86)\lastpass\context.html?cmd=fillforms IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files (x86)\piclensie\cooliris.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files (x86)\lastpass\LPBar.dll IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli DPPWDFLT BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll BHO-X64: DigitalPersona Personal Extension - No File BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files (x86)\lastpass\LPBar64.dll BHO-X64: LastPass Browser Helper Object - No File TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files (x86)\lastpass\LPBar64.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\q25zu9t4.default\ FF - prefs.js: browser.startup.homepage - hxxp://lifeisphun.com/ FF - component: c:\program files (x86)\digitalpersona\bin\firefoxext\components\dpffcli.dll FF - component: c:\users\mark\appdata\roaming\mozilla\firefox\profiles\q25zu9t4.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files (x86)\pace anti-piracy\ilok\NPPaceILok.dll FF - plugin: c:\users\mark\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\users\mark\program files (x86)\dna\plugins\npbtdna.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-1-17 55024] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 173984] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2008-9-26 27632] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 30520] R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-5-2 304464] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2008-10-27 365952] R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-9-16 719152] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-27 193840] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 64000] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-8-7 143360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-27 24664] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 40832] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2010-1-13 7675392] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-8-21 84512] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-11-27 295424] R3 vfs101a;vfs101a;c:\windows\system32\drivers\vfs101a.sys [2008-9-16 49968] R3 YFWBUS;Yamaha Steinberg FW Bus;c:\windows\system32\drivers\yfwbus.sys [2009-9-16 224512] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-10-29 133104] S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files (x86)\roxio creator 2009 special edition\digital home 11\RoxioUpnpService11.exe [2008-8-13 367088] S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files (x86)\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-13 309744] S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files (x86)\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-13 170480] S2 VCom;VCom;c:\windows\system32\drivers\VCom.sys [2009-7-28 11997] S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [2009-12-2 77656] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RDID1045;FANTOM-X;c:\windows\system32\drivers\Rdwm1045.sys [2010-4-9 81920] S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files (x86)\roxio creator 2009 special edition\digital home 11\RoxioUPnPRenderer11.exe [2008-8-13 313840] S3 RoxMediaDB11;RoxMediaDB11;c:\program files (x86)\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-1-7 1122304] S3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synusb64.sys [2010-1-20 30352] S3 synusb64;eLicenser;c:\windows\system32\drivers\synusb64.sys [2010-1-20 30352] S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2009-11-27 95232] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1255736] S3 YFWAUDIO;Yamaha Steinberg FW WDM Audio;c:\windows\system32\drivers\yfwaudio.sys [2009-9-16 33280] S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2009-8-4 48200] =============== Created Last 30 ================ 2010-07-17 01:04:14 19256 ----a-w- c:\windows\system32\HPMDPCoInst11.dll 2010-07-17 01:03:58 30520 ----a-w- c:\windows\system32\hpservice.exe 2010-07-17 01:03:54 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL 2010-07-17 01:03:48 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys 2010-07-16 03:16:45 144384 ----a-w- c:\windows\system32\cdd.dll 2010-06-29 00:22:43 0 d-----w- c:\users\mark\appdata\roaming\PeerNetworking 2010-06-28 23:27:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf 2010-06-28 23:24:10 0 d-----w- c:\program files (x86)\Microsoft Antimalware 2010-06-28 23:10:26 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll 2010-06-28 23:10:26 49472 ----a-w- c:\windows\syswow64\netfxperf.dll 2010-06-28 23:10:26 297808 ----a-w- c:\windows\syswow64\mscoree.dll 2010-06-28 23:10:26 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe 2010-06-28 23:10:26 1130824 ----a-w- c:\windows\syswow64\dfshim.dll 2010-06-28 23:10:25 48960 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-28 23:10:25 444752 ----a-w- c:\windows\system32\mscoree.dll 2010-06-28 23:10:25 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-28 23:10:25 1942856 ----a-w- c:\windows\system32\dfshim.dll 2010-06-28 23:10:25 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-28 20:30:20 1736608 ----a-w- c:\windows\system32\ntdll.dll 2010-06-28 20:30:20 1289528 ----a-w- c:\windows\syswow64\ntdll.dll 2010-06-28 20:30:14 961024 ----a-w- c:\windows\system32\CPFilters.dll 2010-06-28 20:30:14 641536 ----a-w- c:\windows\syswow64\CPFilters.dll 2010-06-28 20:30:13 552960 ----a-w- c:\windows\system32\msdri.dll 2010-06-28 20:30:13 288256 ----a-w- c:\windows\system32\MSNP.ax 2010-06-28 20:30:13 258560 ----a-w- c:\windows\system32\mpg2splt.ax 2010-06-28 20:30:13 204288 ----a-w- c:\windows\syswow64\MSNP.ax 2010-06-28 20:30:13 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax ==================== Find3M ==================== 2010-07-17 01:04:04 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys 2010-06-01 17:37:48 270208 ------w- c:\windows\system32\MpSigStub.exe 2010-05-28 05:32:56 320560 ----a-w- c:\windows\system32\drivers\SynTP.sys 2010-05-28 05:29:42 107816 ----a-w- c:\windows\syswow64\SynTPCOM.dll 2010-05-28 05:29:36 147752 ----a-w- c:\windows\system32\SynTPCo4.dll 2010-05-28 05:29:32 214824 ----a-w- c:\windows\system32\SynTPAPI.dll 2010-05-28 05:29:28 210216 ----a-w- c:\windows\syswow64\SynCtrl.dll 2010-05-28 05:29:26 265000 ----a-w- c:\windows\system32\SynCtrl.dll 2010-05-28 05:29:26 173352 ----a-w- c:\windows\syswow64\SynCOM.dll 2010-05-28 05:29:24 396584 ----a-w- c:\windows\system32\SynCOM.dll 2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll 2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll 2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll 2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll 2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll 2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-01-22 11:19:53 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-01-17 04:00:05 16384 --sha-w- c:\windows\syswow64\%appdata%\microsoft\windows\ietldcache\index.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 8:48:41.79 =============== Let me know if you want the "Attach.txt" file.
  9. WOW! Big delay...yes I still need help, but on the road right now so my replies will not be immediate. Thanx in advance for your help.
  10. * Windows 7 64-bit (current WinUpdate) * Microsoft Security Essentials AV (current version & DB) * MBAM 1.46 DB::4289 w/protection module enabled Full scans from both MS-SE & MBAM show 0 infections, however MBAM protection modules continually displays the "Successfully blocked access to a potentially malicious website..." balloon and the MBAM logs show lots of blocked IPs. I have had infections on this machine in the past, so I am suspect that something is still lurking. I installed MBAM PRO because I kept getting infections, and have not had any "found" infections since running the MBAM protection module...so I think these blocked IPs are the reason. Below is a sample of the blocked IPs...all overseas :-( ============================================== 01:19:05 Mark IP-BLOCK 218.10.58.190 01:20:58 Mark IP-BLOCK 89.28.64.59 01:30:08 Mark IP-BLOCK 94.96.227.45 01:35:23 Mark IP-BLOCK 193.138.246.90 01:35:55 Mark IP-BLOCK 121.8.170.78 01:36:11 Mark IP-BLOCK 58.240.158.157 01:42:55 Mark IP-BLOCK 121.10.120.182 01:42:55 Mark IP-BLOCK 121.10.120.182 02:19:30 Mark IP-BLOCK 195.161.7.26 02:23:56 Mark IP-BLOCK 212.117.174.138 02:33:05 Mark IP-BLOCK 218.10.58.190 02:47:44 Mark IP-BLOCK 219.152.102.235 02:56:45 Mark IP-BLOCK 218.7.39.178 03:01:59 Mark IP-BLOCK 121.8.170.78 03:02:32 Mark IP-BLOCK 222.71.39.153 03:16:15 Mark IP-BLOCK 94.96.213.149 03:20:26 Mark IP-BLOCK 89.28.94.165 03:30:23 Mark IP-BLOCK 188.65.50.42 03:45:44 Mark IP-BLOCK 94.96.225.232 04:16:23 Mark IP-BLOCK 121.8.170.78 04:33:20 Mark IP-BLOCK 195.161.132.79 04:47:03 Mark IP-BLOCK 89.149.202.104 05:02:24 Mark IP-BLOCK 94.96.70.117 05:03:04 Mark IP-BLOCK 89.28.113.139 05:03:20 Mark IP-BLOCK 121.11.193.143 05:03:28 Mark IP-BLOCK 222.70.119.241 05:17:52 Mark IP-BLOCK 89.28.113.139 05:33:04 Mark IP-BLOCK 212.117.170.6 ============================================== I printed and read the "I'm infected - What do I do now?" HJT page, but I didn't want to jump past the Avira section just because I have MS-SE installed. Should I replace MS-SE with Avira and continue, or start at the Defogger section? Thanx in advance for your assistance.
  11. Oh, well in that case I am not using any of those. I am a software developer, so I am sensitive to subtle "differences" in system behavior and this thread has triggered some thoughts. I have MS Live Messenger configured to autoLoad when Win boots, but periodically I will get a message from Messenger right after Win | boot | user login that says MS Messenger could not startup. I have just blown it off as a usual Win 7 problem and manually started MS Messenger. The boot of my machine this morning got that message, BUT I happened to not load Messenger manually! And guess what...absolutely NO IP Blocking messages! Now, being a developer I can't pin it only on MS Messenger not loading BUT maybe there is some other malicious process/daemon that crashed that didn't load properly that was an IP "shim" to MS Msngr. So I waited for a couple of hours while busy on my machine and I still have not had ANY IP Blocking activity. Normally I would have had at least a few by now. The reason I think it may be some other malicious process is because I then manually started MS Msngr and it have been running active for about 30 minutes still with NO IP Blocking activity. I checked the mbam Protection Logs, nothing but the "startup" messages I expected. Next, I will disable MS Msngr autoLoad, reboot and see if I get IP Blocking messages. If so, then I will go to the "threat removal" section of this site and go from there. If I don't get any IP Blocking messages I will then manually start MS Msngr again and see if the IP Blocking messages start up again. I will post my results here... Stay tuned.
  12. Yes, in my case I am running MS Messenger in the background all of the time. I also run Skype, but only when actually communicating with others...it doesn't autoLoad. I will do a test of not loading MS Live Messenger on startup and see if all of the IP Blocking messages go away. Thanx for the input. Ok, now lets say the IP Blocking does not catch anything when MS Live Msngr (or any other P2P) is not running. Does that mean that these P2P programs are malicious in their own right? I will start to do more research on this myself and come back here with answers there as well...
  13. I am interested in this exact same thing...newbie here just to interact on this issue... I get the IP Blocking popup bubble quite a bit...sometimes just after running a program like Outlook (which makes me suspect) and sometimes during random times. I checked the logs and there are many, many different IP addresses from different countries. I did a IP Reverse Lookup on most of them and they are from Moldovia, China, Saudi Arabia, etc. Like tommyTiko above, I can see NO reason that my system should be attaching to any system overseas. This is a home computer that has never done any business overseas, I don't visit foreign domains (as far as I know), BUT I have had viruses that I have cleaned from my computer in the past but current scans don't find anything. I know, re-asking the same questions as tommy, and Yes I did read ALL of the recommended This Page (Section G) but didn't see any recommendations of a tool to use. Is CurrPorts the best tool for this? Also like tommy, I am concerned about leakage and getting to the bottom of the processes that are making these contacts. Doese MalwareBytes scans look for processes that would make these kinds of attempts a attempt to eradicate them? I have attached my protection-log and as you can see...quite a lot of blocked IPs in a short time. Where do I find the "Process Name" you mention in the quote above? Is this in CurrPorts? protection_log_2010_05_25.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.