jwino

Members
  • Content count

    13
  • Joined

  • Last visited

About jwino

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. I do not have an option to create a restore point from where you directed me. The only option I have is to restore from a previous day. I do not see a radio button for create a restore point. Thanks
  2. Updated, scanned and removed 18 infected objects found. The popup ip block is gone. Thank you, thank you. It was an annoying little pest. Thanks again, Jim
  3. Malwarebytes updated to 1.43 and it had no effect on the blocked ip popup. The popup apears mostly while surfing from on site to another but will just appear randomly as well. Thanks,
  4. I again ran gmer and had the same result as before. I saved GMER on desktop and when attempting to install I get the following in a pop up window c:\windows\system32\config\system: The system cannot find the file specified. I click on OK, the only boxes checked are : services registry files drive C ADS The remaining boxes are grayed out. I click scan and get this message in another popup: c:\windows\system32\config\system: the process cannot access the file because it is being used by another process. I click OK and the scanning starts. Upon completion I get this message: GMER hasn't found any system modification and I saved the file as instructed. After the last message "GMER hasn't found any system modification" there is no file to save or send. Thanks for your help.
  5. Could a Mod take a look at the logs?
  6. I'm continually getting a message that Malwarebytes is blocking 94.102.51.139. It happens every few seconds and I cannot stop it. The message has become very annoying and I would appreciate anyone's help stopping it. The IP address appears to be malicious: http://hosts-file.net/default.asp?s=94.102.51.139 Please follow these instructions (skipping any steps you are unable to complete) for posting in our Malware Removal - HijackThis Logs forum. If you cannot follow any of those steps, then please create a new topic in that forum explaining what happened when you tried to run each of the tools in the instructions, and the expert who helps you will be able to suggest steps to take to get the tools working. Alternately, you may contact our helpdesk and someone can work through this issue with you via e-mail. -------------------- Arthur Wilkinson Malwarebytes Customer Support -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Here are the results of the scans requested. I followed instructions for downloading GMER and I get the following results: I saved GMER on desktop and when attempting to install I get the following in a pop up window c:\windows\system32\config\system: The system cannot find the file specified. I click on OK, the only boxes checked are : services registry files drive C ADS The remaining boxes are grayed out. I click scan and get this message in another popup: c:\windows\system32\config\system: the process cannot access the file because it is being used by another process. I click OK and the scanning starts. Upon completion I get this message: GMER hasn't found any system modification and I saved the file as instructed. DDS (Ver_09-12-01.01) - NTFSX64 Run by Bigdaddy at 6:01:28.23 on Sun 12/27/2009 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8183.6364 [GMT -6:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe C:\Program Files (x86)\Dantz\Retrospect Express HD\retrorun.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\LargeSoftware Password Manager\lspass.exe C:\Program Files (x86)\LargeSoftware Password Manager\lspass.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Maxtor\OneTouch\Utils\OneTouch.exe C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\Warecentral\PrintKey-Pro\PKey_Pro.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Bigdaddy\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = hxxp://cnn.com/ uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\syswow64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.1.0.19\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.1.0.19\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\mif5ba~1\office12\GR469A~1.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: TBSB07286 Class: {c23d0d6a-8cba-4b33-9735-47d81f5b2b85} - c:\program files (x86)\ecobar\ecobar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.1.0.19\coIEPlg.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: Ecobar: {59382727-9048-6123-1523-597264847187} - c:\program files (x86)\ecobar\ecobar.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll uRun: [PasswordManager] c:\program files (x86)\largesoftware password manager\lspass.exe uRun: [LargeSoftPasswordManager] c:\program files (x86)\largesoftware password manager\lspass.exe uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe mRun: [shwiconXP9106] c:\program files (x86)\multimedia card reader(9106)\ShwiconXP9106.exe mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe" mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [MaxtorOneTouch] c:\progra~2\maxtor\onetouch\utils\OneTouch.exe mRun: [RetroExpress] c:\progra~2\dantz\retros~1\RetroExpress.exe /h mRun: [Acrobat Assistant 7.0] "c:\program files (x86)\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [NeroFilterCheck] c:\windows\syswow64\NeroCheck.exe mRun: [EEventManager] c:\program files (x86)\epson\creativity suite\event manager\EEventManager.exe mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\users\bigdaddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe StartupFolder: c:\users\bigdaddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe StartupFolder: c:\users\bigdaddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\common files\logishrd\ereg\common\eReg.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files (x86)\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\printk~1.lnk - c:\program files (x86)\warecentral\printkey-pro\PKey_Pro.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Convert link target to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~2\mif5ba~1\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\mif5ba~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\mif5ba~1\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\mif5ba~1\office12\GRA32A~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\mif5ba~1\office12\GR469A~1.DLL BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB-X64: {59382727-9048-6123-1523-597264847187} - No File mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe mRun-x64: [skytel] c:\program files\realtek\audio\hda\Skytel.exe mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm ============= SERVICES / DRIVERS =============== R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-12-15 55280] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1101000.013\SymDS64.sys [2009-12-21 433200] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1101000.013\SymEFA64.sys [2009-12-21 219184] R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20091205.001\BHDrvx64.sys [2009-12-4 668720] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1101000.013\cchpx64.sys [2009-12-21 615040] R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20091217.002\IDSviA64.sys [2009-12-21 466992] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1101000.013\Ironx64.sys [2009-12-21 146992] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1101000.013\symtdiv.sys [2009-12-21 450608] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/12/15 20:25:38];c:\program files (x86)\cyberlink\powerdvd dx\000.fcl [2009-12-15 146928] R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2009-12-15 92160] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648] R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2009-12-22 276816] R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\17.1.0.19\ccSvcHst.exe [2009-12-21 126392] R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-12-24 598856] R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2009-12-24 51120] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-24 132656] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-12-15 317480] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-22 22104] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-12-15 83488] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-6-10 166384] S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?] S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-10 1124848] S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-6-10 309744] =============== Created Last 30 ================ 2009-12-27 11:58:49 0 ----a-w- c:\users\bigdaddy\defogger_reenable 2009-12-26 21:41:02 1508 ----a-w- c:\users\bigdaddy\.recently-used.xbel 2009-12-26 15:52:24 0 d-----w- c:\users\bigdaddy\.thumbnails 2009-12-26 15:51:24 0 d-----w- c:\users\bigdaddy\.gimp-2.6 2009-12-26 15:51:03 0 d-----w- c:\program files (x86)\GIMP-2.0 2009-12-26 15:25:13 0 d-----w- c:\program files (x86)\ecobar 2009-12-26 15:24:56 0 d-----w- C:\sysmon 2009-12-26 15:14:24 0 d-----w- c:\users\bigdaddy\appdata\roaming\uTorrent 2009-12-26 14:27:01 0 d-----w- c:\program files\WinRAR 2009-12-26 04:41:40 0 d-----w- c:\users\bigdaddy\appdata\roaming\LimeWire 2009-12-26 04:41:04 0 d-----w- c:\program files (x86)\LimeWire 2009-12-25 16:38:25 0 d-----w- c:\programdata\NOS 2009-12-25 04:30:15 0 d-----w- c:\users\bigdaddy\appdata\roaming\Largesoft 2009-12-25 04:27:59 58368 ----a-w- c:\windows\mpfClean.exe 2009-12-25 04:26:48 0 d-----w- c:\programdata\Webroot 2009-12-25 04:26:39 194888 ----a-w- c:\windows\Unwash6.exe 2009-12-25 04:24:53 0 d-----w- c:\users\bigdaddy\appdata\roaming\Webroot 2009-12-25 04:24:53 0 d-----w- c:\program files\Webroot 2009-12-25 04:24:53 0 d-----w- c:\program files (x86)\common files\Webroot Shared 2009-12-25 04:20:49 603 ----a-w- c:\windows\system32\btneighborhood.dll.manifest 2009-12-25 04:20:49 593 ----a-w- c:\windows\system32\btcss.dll.manifest 2009-12-25 04:20:49 586 ----a-w- c:\windows\system32\btcpl.cpl.manifest 2009-12-25 04:20:30 114176 ----a-w- c:\windows\system32\btw_ci.dll 2009-12-25 04:20:29 78640 ----a-w- c:\windows\system32\drivers\btwhid.sys 2009-12-25 04:20:29 54320 ----a-w- c:\windows\system32\drivers\btport.sys 2009-12-25 04:20:29 156456 ----a-w- c:\windows\system32\drivers\btwdndis.sys 2009-12-25 04:20:29 1149096 ----a-w- c:\windows\system32\drivers\btkrnl.sys 2009-12-25 04:20:28 174120 ----a-w- c:\windows\system32\drivers\btaudio.sys 2009-12-25 04:20:18 0 d-----w- c:\program files\WIDCOMM 2009-12-25 04:14:01 0 d-----w- c:\program files (x86)\LargeSoftware Password Manager 2009-12-24 21:36:03 676224 ----a-w- c:\windows\system32\OGACheckControl.DLL 2009-12-24 21:26:57 0 d-----w- c:\program files\Microsoft Office 2009-12-24 21:26:54 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2009-12-24 21:26:23 0 d-----w- c:\programdata\Microsoft Help 2009-12-24 21:04:47 0 d-----w- C:\HP LJ1320 PCL6 Driver 2009-12-24 21:03:10 0 d-----w- c:\program files\Hewlett-Packard 2009-12-24 21:03:08 0 ----a-w- c:\windows\HPMProp.INI 2009-12-24 21:02:47 0 d-----w- c:\programdata\Hewlett-Packard 2009-12-24 21:02:35 64024 ----a-w- c:\windows\syswow64\hppccompio.dll 2009-12-24 21:02:35 61464 ----a-w- c:\windows\system32\hppdcompio.dll 2009-12-24 21:02:35 432128 ----a-w- c:\windows\system32\hpmml094.dll 2009-12-24 21:02:35 410112 ----a-w- c:\windows\system32\hpmpm081.dll 2009-12-24 21:02:35 388096 ----a-w- c:\windows\system32\hpmtp094.dll 2009-12-24 21:02:35 376320 ----a-w- c:\windows\system32\hpmja094.dll 2009-12-24 21:02:35 341504 ----a-w- c:\windows\system32\hpmpw081.dll 2009-12-24 21:02:35 22016 ----a-w- c:\windows\system32\hppmopjl.dll 2009-12-24 21:02:34 671816 ----a-w- c:\windows\syswow64\hpcdmc32.dll 2009-12-24 21:02:34 60440 ----a-w- c:\windows\system32\FxCompChannel_x64.dll 2009-12-24 21:02:34 276480 ----a-w- c:\windows\syswow64\hpcc3094.DLL 2009-12-24 21:02:34 157184 ----a-w- c:\windows\system32\hpcpn094.dll 2009-12-24 20:36:34 53296 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2009-12-24 18:34:41 0 d-----w- c:\program files (x86)\Auction Sentry 2009-12-24 18:15:15 0 d-----w- c:\programdata\Cloudmark 2009-12-24 18:15:10 0 d-----w- c:\users\bigdaddy\appdata\roaming\Cloudmark 2009-12-24 18:14:44 0 d-----w- c:\program files (x86)\common files\Cloudmark 2009-12-24 18:14:44 0 d-----w- c:\program files (x86)\Cloudmark 2009-12-24 18:14:26 0 d-----w- c:\program files\common files\Zero G Software 2009-12-24 17:44:35 0 d-----w- c:\programdata\WinZip 2009-12-24 17:36:11 0 d-sh--w- C:\Diskeeper 2009-12-24 17:32:00 51120 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys 2009-12-24 17:31:56 0 d-----w- c:\programdata\Diskeeper Corporation 2009-12-24 17:31:56 0 d-----w- c:\program files\Diskeeper Corporation 2009-12-24 17:31:56 0 d-----w- c:\program files\common files\Diskeeper Corporation 2009-12-24 17:30:36 0 d-----w- c:\users\bigdaddy\Diskeeper 2009-12-24 17:16:50 0 d-----w- c:\program files (x86)\Diskeeper Corporation 2009-12-24 17:06:25 379 ----a-w- c:\windows\PowerReg.dat 2009-12-24 16:55:46 36 ----a-w- c:\windows\iltwain.ini 2009-12-24 16:55:45 62 ----a-w- c:\windows\Addrfixr.ini 2009-12-24 16:53:40 57344 ----a-w- c:\windows\syswow64\DYMOCFG.DLL 2009-12-24 16:53:37 418304 ----a-w- c:\windows\syswow64\DYMOSmartPaste.dll 2009-12-24 16:53:37 172032 ----a-w- c:\windows\syswow64\Clw.dll 2009-12-24 16:53:36 0 d-----w- c:\program files (x86)\DYMO Label 2009-12-24 16:52:51 155648 ----a-w- c:\windows\syswow64\DYMOINST.DLL 2009-12-24 16:37:53 0 d-----w- c:\program files (x86)\Warecentral 2009-12-24 16:18:32 0 d-----w- C:\EPSONREG 2009-12-24 16:06:01 0 d-----w- c:\program files (x86)\NewSoft 2009-12-24 16:05:59 306688 ----a-w- c:\windows\IsUninst.exe 2009-12-24 16:04:24 0 d-----w- c:\program files (x86)\ABBYY FineReader 6.0 Sprint 2009-12-24 15:58:17 5632 ----a-w- c:\windows\system32\escdev.dll 2009-12-24 15:58:17 4608 ----a-w- c:\windows\system32\esxwiaml.dll 2009-12-24 15:58:16 95744 ----a-w- c:\windows\system32\esxwia54.dll 2009-12-24 15:58:16 65793 ----a-w- c:\windows\system32\esfw54.bin 2009-12-24 15:58:16 184832 ----a-w- c:\windows\system32\esxuin54.dll 2009-12-24 15:58:16 172032 ----a-w- c:\windows\syswow64\esint54.dll 2009-12-24 15:57:41 44 ----a-w- c:\windows\PERF4490.ini 2009-12-24 12:39:19 0 d-----w- c:\programdata\Nero 2009-12-24 12:39:05 2388176 ----a-w- c:\windows\syswow64\d3dx9_30.dll 2009-12-24 12:29:54 0 d-----w- c:\program files (x86)\Nero 2009-12-24 03:45:16 0 d-----w- c:\programdata\Adobe Systems 2009-12-24 03:45:11 0 d-----w- c:\program files (x86)\common files\Adobe Systems Shared 2009-12-24 03:14:52 0 d-----w- c:\windows\syswow64\spool 2009-12-24 00:24:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-12-24 00:24:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-12-24 00:23:45 190992 ----a-w- c:\windows\system32\BtCoreIf.dll 2009-12-24 00:23:31 95760 ----a-w- c:\windows\system32\KemXML.dll 2009-12-24 00:23:31 235536 ----a-w- c:\windows\system32\kemutb.dll 2009-12-24 00:23:31 232976 ----a-w- c:\windows\system32\KemUtil.dll 2009-12-24 00:23:31 158736 ----a-w- c:\windows\system32\KemWnd.dll 2009-12-24 00:23:11 0 d-----w- c:\programdata\Logitech 2009-12-24 00:23:07 0 d-----w- c:\program files\common files\Logishrd 2009-12-24 00:23:00 0 d-----w- c:\program files\Logitech 2009-12-24 00:22:07 0 d-----w- c:\programdata\LogiShrd 2009-12-23 03:38:08 0 d-----w- c:\program files (x86)\common files\Symantec Shared 2009-12-23 01:28:09 0 d-----w- c:\programdata\RetroExp 2009-12-23 01:27:59 0 d-----w- c:\program files (x86)\Dantz 2009-12-23 01:26:27 743126 ----a-w- c:\windows\syswow64\PerfStringBackup.INI 2009-12-23 01:26:06 0 d-----w- c:\windows\syswow64\URTTEMP 2009-12-23 01:25:24 0 d-----w- c:\program files (x86)\Maxtor 2009-12-23 01:24:58 0 d-----w- c:\windows\Downloaded Installations 2009-12-23 00:00:10 22104 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-22 23:59:50 0 d-----w- c:\users\bigdaddy\appdata\roaming\Malwarebytes 2009-12-22 23:59:46 0 d-----w- c:\programdata\Malwarebytes 2009-12-22 23:59:46 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2009-12-22 23:48:44 0 d--h--w- c:\programdata\CanonBJ 2009-12-22 23:37:37 376 ----a-w- c:\windows\ODBC.INI 2009-12-22 23:36:54 0 d-----w- c:\program files (x86)\common files\L&H 2009-12-22 23:36:51 0 d-----w- c:\program files (x86)\Microsoft ActiveSync 2009-12-22 23:10:46 66560 ----a-w- c:\windows\system32\esxcwiab.dll 2009-12-22 23:10:46 0 d-----w- c:\program files (x86)\epson 2009-12-22 23:10:31 0 d-----w- C:\EPSON 2009-12-22 03:39:39 149280 ----a-w- c:\windows\syswow64\javaws.exe 2009-12-22 03:39:38 145184 ----a-w- c:\windows\syswow64\javaw.exe 2009-12-22 03:39:38 145184 ----a-w- c:\windows\syswow64\java.exe 2009-12-22 03:33:07 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF 2009-12-22 03:33:07 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT 2009-12-22 03:33:07 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2009-12-22 03:33:03 0 d-----w- c:\program files\Symantec 2009-12-22 03:33:03 0 d-----w- c:\program files\common files\Symantec Shared 2009-12-22 03:32:26 0 d-----w- c:\windows\system32\drivers\NISx64 2009-12-22 03:32:13 0 d-----w- c:\program files (x86)\Norton Internet Security 2009-12-22 03:28:32 0 d-----w- c:\programdata\Norton 2009-12-22 03:24:06 0 d-----w- c:\programdata\NortonInstaller 2009-12-22 03:24:06 0 d-----w- c:\program files (x86)\NortonInstaller 2009-12-22 03:18:58 0 d-----w- c:\users\bigdaddy\appdata\roaming\Dell 2009-12-16 04:14:47 88064 ----a-w- c:\windows\system32\CmdRtr64.DLL 2009-12-16 04:14:47 72704 ----a-w- c:\windows\syswow64\CmdRtr.DLL 2009-12-16 04:14:47 188416 ----a-w- c:\windows\system32\APOMgr64.DLL 2009-12-16 04:14:47 159 ---ha-r- c:\windows\ctfile.rfc 2009-12-16 04:14:47 146432 ----a-w- c:\windows\syswow64\APOMngr.DLL 2009-12-16 04:14:33 0 d-----w- c:\windows\syswow64\RTCOM 2009-12-16 04:14:33 0 d-----w- c:\program files\Realtek 2009-12-16 04:13:54 0 d-sh--w- c:\windows\Installer 2009-12-16 04:13:49 539168 ----a-w- c:\windows\system32\nvuninst.exe 2009-12-16 04:13:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-16 04:11:04 25394 ---ha-r- C:\dell.sdr 2009-12-16 04:08:16 0 d-----w- c:\windows\system32\oem 2009-12-16 04:08:14 0 d-----w- c:\windows\Panther 2009-12-16 04:08:14 0 d-----w- C:\Drivers 2009-12-16 04:02:03 0 d-----w- C:\dell 2009-12-16 02:38:21 782444 -c--a-w- c:\windows\system32\chklogo6.wtl 2009-12-16 02:35:58 0 d-----w- c:\program files (x86)\Dell 2009-12-16 02:34:51 0 d-----w- c:\programdata\McAfee 2009-12-16 02:31:53 0 d-----w- c:\program files\Dell 2009-12-16 02:30:23 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-12-16 02:30:23 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll 2009-12-16 02:30:04 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2009-12-16 02:28:48 0 d-----w- c:\program files (x86)\Microsoft 2009-12-16 02:28:24 0 d-----w- c:\program files (x86)\Windows Live SkyDrive 2009-12-16 02:27:52 0 d-----w- c:\windows\PCHEALTH 2009-12-16 02:25:47 0 d-----w- c:\program files (x86)\common files\Windows Live 2009-12-16 02:25:35 0 d-----w- c:\programdata\Dell 2009-12-16 02:25:35 0 d-----w- c:\programdata\CyberLink 2009-12-16 02:25:18 0 d-----w- c:\programdata\Uninstall 2009-12-16 02:25:14 0 d-----w- c:\program files\Roxio 2009-12-16 02:24:38 0 d-----w- c:\programdata\Sonic 2009-12-16 02:24:24 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys 2009-12-16 02:24:24 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-12-16 02:24:24 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-12-16 02:24:04 0 d-----w- c:\programdata\Roxio 2009-12-16 02:23:45 0 d-----w- c:\program files (x86)\common files\SureThing Shared 2009-12-16 02:23:32 0 d-----w- c:\program files (x86)\common files\Sonic Shared 2009-12-16 02:23:32 0 d-----w- c:\program files (x86)\common files\PX Storage Engine 2009-12-16 02:23:23 0 d-----w- c:\programdata\InstallShield 2009-12-16 02:23:22 0 d-----w- c:\program files (x86)\Roxio 2009-12-16 02:22:58 506728 ----a-w- c:\windows\system32\d3dx10_33.dll 2009-12-16 02:22:58 443752 ----a-w- c:\windows\syswow64\d3dx10_33.dll 2009-12-16 02:22:58 1400176 ----a-w- c:\windows\system32\D3DCompiler_33.dll 2009-12-16 02:22:58 1123696 ----a-w- c:\windows\syswow64\D3DCompiler_33.dll 2009-12-16 02:22:57 4494184 ----a-w- c:\windows\system32\d3dx9_33.dll 2009-12-16 02:22:57 3495784 ----a-w- c:\windows\syswow64\d3dx9_33.dll 2009-12-16 02:20:24 0 d-----w- c:\programdata\Adobe 2009-12-16 02:19:53 0 d-----w- c:\program files (x86)\Multimedia Card Reader(9106) 2009-12-16 02:19:37 0 d-----w- C:\Intel 2009-12-16 02:19:32 455680 ----a-w- c:\windows\system32\deploytk.dll 2009-12-16 02:19:30 0 d-----w- c:\program files\Java 2009-12-16 02:19:07 411368 ----a-w- c:\windows\syswow64\deploytk.dll 2009-12-16 02:18:40 0 d-----w- c:\windows\syswow64\Macromed 2009-12-16 02:18:37 0 d-----w- c:\program files\Dell Inc 2009-12-16 02:18:07 0 d-----w- c:\programdata\NVIDIA 2009-12-14 19:15:14 2146304 ----a-w- c:\windows\syswow64\GPhotos.scr 2009-12-04 17:12:08 96768 ----a-w- c:\windows\system32\hpmco094.dll 2009-12-04 17:12:06 508928 ----a-w- c:\windows\system32\SET4503.tmp 2009-12-04 17:11:38 551424 ----a-w- c:\windows\system32\hpmprein.dll ==================== Find3M ==================== 2009-12-16 04:09:02 25394 ----a-w- c:\windows\system32\drivers\1028_Dell_STU_8000.mrk 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 6:01:42.06 =============== 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 05:53:02 Bigdaddy IP-BLOCK 94.102.51.139 Attach.zip ark.zip
  7. I'm continually getting a message that Malwarebytes is blocking 94.102.51.139. It happens every few seconds and I cannot stop it. The message has become very annoying and I would appreciate anyone's help stopping it.
  8. Hello, I have attached the scans you requested and I sincerely appreciate your help. If IE 8 is the problem I will revert back to IE 7 and see if that solves the problem. The first MWB scan found 2 problems but I think they were associated with Microsoft Defender that I had disabled. I allowed MWB to complete and fix the problems found with scan # 1 and then I ran a second scan and have attached it also. My license for Norton will soon expire; do you have any suggestions for anti virus/security suites other than Norton? How log.txt mbam_log_2009_06_19__09_35_54_.txt mbam_log_2009_06_19__22_20_38_.txt log.txt mbam_log_2009_06_19__09_35_54_.txt mbam_log_2009_06_19__22_20_38_.txt
  9. The malware you had me remove has stopped the hacking to ad sites, thanks. I am however still have a problem I did not have prior to aquiring the virus. Many times after a google search, when I click on a search link I receive the "Internet Explorer Cannot Display the Web Page" message. I can copy and paste the link and go directly to the sites so the links are valid. I'm not sure if something in internet settings has changed or I still have some sort of malware. "but since the malware was already loaded and you didn't have malwarebytes running as realtime protection" I'm not sure what you meant by the above statement. I have the paid version and the protection module is enabled. I cannot locate any other reference to "running in realtime protection". Thanks again
  10. Here is the Combofix log. Thanks for your assistance. ComboFix 09-06-16.05 - Administrator 06/17/2009 8:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2547 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Ctxfihlp.exe c:\windows\system32\TDSSmafj.dat D:\resycled E:\resycled c:\documents and settings\Administrator\Application Data\inst.exe c:\documents and settings\Administrator\x.exe C:\hpb9xcls.dll c:\windows\system32\_000005_.tmp.dll c:\windows\system32\drivers\SKYNETjvqgxxed.sys c:\windows\system32\MabryObj.dll c:\windows\system32\SKYNETcfueliek.dat c:\windows\system32\SKYNETiqnvkbbl.dat c:\windows\system32\SKYNETnmfddaqy.dll c:\windows\system32\SKYNETsvfalswp.dll c:\windows\wiaservv.log D:\Autorun.inf d:\resycled\boot.com E:\Desktop.ini e:\resycled\boot.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SKYNETsilkwedb ((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 ))))))))))))))))))))))))))))))) . 2009-06-17 02:54 . 2009-06-12 23:06 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\NAVENG.SYS 2009-06-17 02:54 . 2009-06-12 23:06 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\NAVEX15.SYS 2009-06-17 02:54 . 2009-06-12 23:06 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\EECTRL.SYS 2009-06-17 02:54 . 2009-06-12 23:06 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\ECMSVR32.DLL 2009-06-17 02:54 . 2009-06-12 23:06 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\CCERASER.DLL 2009-06-17 02:54 . 2009-06-12 23:06 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\NAVENG32.DLL 2009-06-17 02:54 . 2009-06-12 23:06 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\NAVEX32A.DLL 2009-06-17 02:54 . 2009-06-12 23:06 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\ERASER.SYS 2009-06-14 23:31 . 2004-08-10 19:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-06-14 23:31 . 2004-08-10 19:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-06-14 23:31 . 2009-06-15 04:18 -------- d-----w- c:\program files\Remove-it 2009-06-12 11:09 . 2009-06-12 11:09 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-06-12 11:09 . 2009-06-12 11:09 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-06-12 11:09 . 2009-06-12 11:09 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2009-06-12 11:09 . 2009-06-13 12:55 -------- d-----w- c:\windows\system32\drivers\NIS 2009-06-12 11:09 . 2009-06-12 11:09 -------- d-----w- c:\program files\Norton Internet Security 2009-06-12 11:09 . 2009-06-12 11:09 -------- d-----w- c:\program files\Windows Sidebar 2009-06-12 11:07 . 2009-06-12 11:07 -------- d-----w- c:\program files\NortonInstaller 2009-06-12 10:50 . 2009-06-12 10:50 2908976 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\Norton_Removal_Tool_7011\Norton_Removal_Tool.exe 2009-06-12 02:33 . 2009-06-12 02:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-11 13:47 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 13:47 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-08 20:12 . 2009-06-08 20:12 -------- d-----w- c:\documents and settings\Administrator\MyConnection PC 2009-06-08 20:12 . 2009-06-08 20:12 -------- d-----w- c:\program files\MyConnection PC 2009-06-05 02:10 . 2009-06-05 02:10 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2009-06-05 02:09 . 2009-06-05 02:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-05 02:09 . 2009-06-05 02:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-06-05 02:02 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-06-04 01:10 . 2009-06-04 01:10 539520 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\KB20080828105226EN_6997\KB20080828105226EN.exe 2009-06-04 00:58 . 2009-06-04 00:58 -------- d-----w- c:\windows\system32\wbem\Repository 2009-06-03 23:59 . 2009-06-03 23:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-06-03 23:25 . 2009-06-12 02:27 -------- d-----w- c:\windows\ie8updates 2009-06-03 23:23 . 2009-06-05 02:02 -------- dc-h--w- c:\windows\ie8 2009-05-30 14:05 . 2009-05-30 14:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation 2009-05-30 14:05 . 2009-05-30 14:05 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor 2009-05-21 03:37 . 2006-10-06 14:35 90112 ----a-w- c:\windows\system32\lfjbg13n.dll 2009-05-21 03:37 . 2006-10-06 14:35 73728 ----a-w- c:\windows\system32\lffax13n.dll 2009-05-21 03:37 . 2006-10-06 14:35 453120 ----a-w- c:\windows\system32\ltkrn13n.dll 2009-05-21 03:37 . 2006-10-06 14:35 445440 ----a-w- c:\windows\system32\ltimg13n.dll 2009-05-21 03:37 . 2006-10-06 14:35 388608 ----a-w- c:\windows\system32\lfcmp13n.dll 2009-05-21 03:37 . 2006-10-06 14:35 265216 ----a-w- c:\windows\system32\ltdis13n.dll 2009-05-21 03:37 . 2006-10-06 14:35 246272 ----a-w- c:\windows\system32\lfj2k13n.dll 2009-05-21 03:37 . 2006-10-06 14:35 206848 ----a-w- c:\windows\system32\ltefx13n.dll 2009-05-21 03:37 . 2006-10-06 14:35 1693696 ----a-w- c:\windows\system32\ltclr13n.dll 2009-05-21 03:37 . 2006-10-06 14:35 154112 ----a-w- c:\windows\system32\ltfil13n.dll 2009-05-21 03:37 . 2006-10-06 14:35 142848 ----a-w- c:\windows\system32\lftif13n.dll 2009-05-21 03:37 . 2009-05-21 03:37 -------- d-----w- c:\program files\MFInstall 2009-05-20 23:42 . 2009-05-20 23:42 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-17 03:40 . 2008-10-25 14:53 -------- d-----w- c:\program files\LargeSoftware Password Manager 2009-06-17 03:40 . 2006-12-26 15:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache 2009-06-16 01:20 . 2006-12-26 19:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-16 01:18 . 2007-06-02 00:51 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys 2009-06-16 01:18 . 2007-06-02 00:51 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys 2009-06-16 01:18 . 2007-06-02 00:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso 2009-06-16 01:17 . 2009-04-19 02:30 -------- d-----w- c:\program files\Common Files\ArcSoft 2009-06-16 01:17 . 2007-03-03 15:46 -------- d-----w- c:\program files\ArcSoft 2009-06-16 01:17 . 2006-12-24 20:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-16 01:17 . 2009-04-19 02:31 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll 2009-06-16 00:29 . 2009-02-23 03:14 -------- d-----w- c:\program files\Trend Micro 2009-06-15 03:12 . 2008-11-27 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-13 04:01 . 2009-06-12 11:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-06-13 04:01 . 2009-06-12 11:09 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-06-13 04:01 . 2009-06-12 11:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-06-13 04:01 . 2009-06-12 11:09 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-06-13 04:01 . 2009-06-12 11:09 -------- d-----w- c:\program files\Symantec 2009-06-12 21:54 . 2009-06-12 21:54 -------- d-----w- c:\program files\Norton Support 2009-06-12 11:52 . 2006-12-24 20:43 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-12 11:09 . 2008-10-12 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-06-12 02:26 . 2008-11-27 23:59 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-12 01:04 . 2007-12-02 22:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-05 11:35 . 2006-12-24 20:38 138184 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-05 01:16 . 2008-11-27 23:21 -------- d-----w- c:\program files\Microsoft Works 2009-05-31 04:50 . 2006-12-26 21:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire 2009-05-26 21:59 . 2008-10-19 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-26 21:00 . 2008-10-23 21:00 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-26 18:20 . 2008-10-19 00:12 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 18:19 . 2008-10-19 00:12 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-25 05:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll 2009-05-20 23:42 . 2006-12-26 19:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM 2009-05-20 23:41 . 2006-12-26 19:06 -------- d-----w- c:\program files\Internet Download Manager 2009-05-20 23:41 . 2008-12-14 23:54 2925416 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe 2009-05-17 00:09 . 2006-12-26 22:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2009-05-13 05:15 . 2004-05-26 19:30 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 20:12 . 2006-12-24 21:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-05-12 02:07 . 2009-05-12 02:07 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation 2009-05-12 02:07 . 2009-05-12 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation 2009-05-12 02:07 . 2006-12-25 19:24 -------- d-----w- c:\program files\Diskeeper Corporation 2009-05-07 15:32 . 2004-05-26 19:29 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-02 03:35 . 2007-09-21 01:48 -------- d-----w- c:\program files\Folder Lock 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-24 03:02 . 2009-04-24 03:02 -------- d-----w- c:\program files\Pure Networks 2009-04-24 03:01 . 2009-04-24 03:01 -------- d-----w- c:\program files\Common Files\Pure Networks Shared 2009-04-20 00:03 . 2009-04-20 00:03 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-04-20 00:03 . 2006-12-24 20:29 -------- d-----w- c:\program files\Java 2009-04-20 00:02 . 2009-04-20 00:02 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-19 04:05 . 2009-04-19 04:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\KodakCredentialStore 2009-04-19 04:02 . 2009-04-19 04:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skinux 2009-04-19 02:32 . 2007-03-04 23:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft 2009-04-19 02:32 . 2009-04-19 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak 2009-04-19 02:31 . 2009-04-19 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft 2009-04-19 02:30 . 2009-04-19 02:25 -------- d-----w- c:\program files\Kodak 2009-04-19 02:28 . 2009-04-19 02:27 -------- d-----w- c:\program files\Common Files\Kodak 2009-04-19 02:24 . 2009-04-19 02:24 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe 2009-04-19 02:24 . 2009-04-19 02:24 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe 2009-04-19 02:24 . 2009-04-19 02:24 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe 2009-04-19 02:24 . 2009-04-19 02:24 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe 2009-04-19 02:24 . 2009-04-19 02:24 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe 2009-04-19 02:23 . 2009-04-19 02:23 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_90e0b9d\EasyShrx.Dll 2009-04-19 02:23 . 2009-04-19 02:23 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.30.1.dll 2009-04-17 12:26 . 2004-05-26 19:30 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-05-26 19:30 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-03-26 15:35 . 2004-02-19 15:42 210352 ----a-w- c:\windows\system32\idmmbc.dll 2008-10-18 22:44 . 2008-10-18 22:44 15462 ----a-w- c:\program files\Common Files\ohic._sy 2008-10-18 22:44 . 2008-10-18 22:44 14287 ----a-w- c:\program files\Common Files\suri.sys 2008-10-18 22:44 . 2008-10-18 22:44 14286 ----a-w- c:\program files\Common Files\ryhesivuje.dl . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@BackupScheduler"="c:\program files\Online Backup\OnlineBackup.exe" [2008-02-06 611768] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-19 2811312] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-29 36864] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "PasswordManager"="c:\program files\LargeSoftware Password Manager\lspass.exe" [2008-10-17 1544704] "LargeSoftPasswordManager"="c:\program files\LargeSoftware Password Manager\lspass.exe" [2008-10-17 1544704] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-03-08 638816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RamDrive"="c:\program files\Farstone\VirtualHardDrive\RdTask.exe" [2007-03-02 135168] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-25 185896] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-05-26 414480] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMidi"="MIDIDEF.EXE" - c:\windows\system32\MIDIDEF.EXE [2007-04-09 28672] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ CNNAlerter.lnk - c:\program files\CNN.com Desktop Alerter\CNNAlerter.exe [2007-9-13 655360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-12-25 25214] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-25 113664] APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2006-12-25 221247] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-7-29 196608] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "67:UDP"= 67:UDP:DHCP Discovery Service R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [6/12/2009 11:01 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [6/12/2009 11:01 PM 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [6/12/2009 11:01 PM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.sys [6/12/2009 6:11 AM 276344] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2008 7:12 PM 194832] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [6/12/2009 11:01 PM 115560] R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [12/26/2006 11:14 AM 114944] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 5:38 AM 92008] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [12/24/2007 5:44 PM 598856] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/11/2009 3:00 AM 101936] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2008 7:12 PM 19096] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?] S3 EraserUtilDrv10710;EraserUtilDrv10710;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys [?] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-12 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 11:51] 2009-06-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrator.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-19 18:20] 2009-06-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Administrator.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-19 18:20] . - - - - ORPHANS REMOVED - - - - SafeBoot-TDSSxdeb.sys MSConfigStartUp-CTFMON - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://cnn.com/ uInternet Settings,ProxyOverride = <local> IE: &eBay Search IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Convert link target to Adobe PDF IE: Convert link target to existing PDF IE: Convert selected links to Adobe PDF IE: Convert selected links to existing PDF IE: Convert selection to Adobe PDF IE: Convert selection to existing PDF IE: Convert to Adobe PDF IE: Convert to existing PDF IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List IE: Easy-WebPrint High Speed Print IE: Easy-WebPrint Preview IE: Easy-WebPrint Print IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\windows\system32\idmmbc.dll Trusted Zone: turbotax.com Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-17 08:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2261653455-2056594075-340905747-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,29,77,bd,f1,55,0c,43,bf,6f,2b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,29,77,bd,f1,55,0c,43,bf,6f,2b,\ [HKEY_USERS\S-1-5-21-2261653455-2056594075-340905747-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):84,df,25,16,ce,63,cf,79,19,80,5c,6f,12,fb,c4,ca,6f,c0,6f,b0,bc, d2,8b,ed,8e,f2,f3,45,f2,e0,15,33,b4,93,78,4e,19,a3,aa,9c,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e97eaf42-4f07-45ac-bdcd-64e1dcf5d02b}] @Denied: (Full) (Everyone) "Model"=dword:00000080 "Therad"=dword:00000015 "MData"=hex(0):50,1f,7d,ae,58,bc,ca,e7,19,5e,1d,d2,ae,89,67,ba,ea,5e,07,d5,aa, 92,68,80,3b,8a,0a,32,11,89,01,b5,44,1c,19,52,bd,06,dc,55,7d,dd,a0,f4,6a,86,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(600) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(664) c:\windows\system32\idmmbc.dll . Completion time: 2009-06-17 8:44 ComboFix-quarantined-files.txt 2009-06-17 13:44 Pre-Run: 95,720,566,784 bytes free Post-Run: 95,758,872,576 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 340 --- E O F --- 2009-06-15 03:12
  11. Malwarebytes' Anti-Malware 1.37 Database version: 2290 Windows 5.1.2600 Service Pack 3 6/16/2009 5:33:28 PM mbam-log-2009-06-16 (17-33-28).txt Scan type: Full Scan (C:\|) Objects scanned: 220088 Time elapsed: 37 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  12. I just completed running Malwarebytes for the 10th time in the last 3 days. Until tonight it found nothing to report but tonight it found and removed Search.hijack. I still either get redirected or internet explorer unable to open the web page. If I copy and paste the link sometimes it works but about 50% of the time I get spunoff to an ad site. Here is a log file from after removing search.hijack. Thanks in advance for your help. Jim Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:34:20 PM, on 6/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\ssoftsrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Farstone\VirtualHardDrive\RdTask.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Online Backup\OnlineBackup.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LargeSoftware Password Manager\lspass.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\CNN.com Desktop Alerter\CNNAlerter.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O4 - HKLM\..\Run: [RamDrive] C:\Program Files\Farstone\VirtualHardDrive\RdTask.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PasswordManager] C:\Program Files\LargeSoftware Password Manager\lspass.exe O4 - HKCU\..\Run: [LargeSoftPasswordManager] C:\Program Files\LargeSoftware Password Manager\lspass.exe O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000096.000001d8 O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user') O4 - Startup: CNNAlerter.lnk = C:\Program Files\CNN.com Desktop Alerter\CNNAlerter.exe O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166995429421 O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkmagic.com/nmscan/downlo...-ship-WD.V1.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - O18 - Protocol: bw+0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: offline-8876480 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 25767 bytes