Jump to content

FiveAces

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by FiveAces

  1. I was able to downlaod GMER from a computer that was not behind the firewall. I ran it with both the admin account and the non-admin one I usually use. On the admin account it didn't find anything - I got the popup no system modifications and the save file is blank. On the non-admin one it saved the following: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-16 13:56:06 Windows 6.1.7600 Running: gmer.exe ---- Files - GMER 1.0.15 ---- File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 524288 bytes ---- EOF - GMER 1.0.15 ----
  2. Hello Gammo, Thanks for helping me out. I'm sorry I took so long to reply - the problem stopped for quite a while, but it started up again yesterday and continued today so I tried to run the scans you asked for. The DDS is below. I could not download the GMER program - when I clicked the link firefox said it couldn't contact the server. It did this also on the GMER page on both the coded link and the random filename button. It also caused MWB to pop up the balloon that it blocked access to the subject website when I did this. I am behind a corporate firewall of some sort - could this be causing the problem? The only other thing is I have been messing about with my video drivers trying to get Optimus to work. I have installed/reinstalled multiple versions and the installation of the current version I have installed seems to correspond to when I get the MWB warning - I reinstalled this version 2 days ago when the warnings started up again. Maybe it's just a coincidence. Anyway here is the log. Please let me know what I need to do next. Thanks again for your help. DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Mike at 20:53:21.92 on Wed 12/15/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3959.2616 [GMT 10:00] AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66} SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Online Armor\OAcat.exe C:\Program Files (x86)\Online Armor\oasrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Windows\SysWOW64\rpcnet.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\PLFSetI.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\Online Armor\oaui.exe C:\Program Files (x86)\Online Armor\OAhlp.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\PLFSetI.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\Online Armor\oaui.exe C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\Program Files (x86)\Online Armor\OAhlp.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Online Armor\OAreg.exe C:\Program Files (x86)\Online Armor\OAreg.exe C:\Windows\system32\wuauclt.exe C:\Users\Mike\Desktop\dds.com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742g&r=273611109755l04f4z185v47j22755 uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742g&r=273611109755l04f4z185v47j22755 mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742g&r=273611109755l04f4z185v47j22755 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742g&r=273611109755l04f4z185v47j22755 uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming mRun-x64: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\OAui.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\rsrb6qnk.default\ FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ============= SERVICES / DRIVERS =============== R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-26 173984] R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2010-11-24 54864] R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2010-11-24 54896] R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2010-11-24 37872] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-25 321104] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-8-23 868896] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-20 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-1 363344] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744] R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2010-11-24 380784] R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2010-11-24 3652696] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-3 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-20 2320920] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-20 243232] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-20 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-20 158976] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-11-6 24152] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-26 40832] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-6-22 131688] R3 OAnet;OnlineArmor Service;C:\Windows\System32\drivers\OAnet.sys [2010-11-24 32728] R3 SjtWinIo;SJT I/O Driver;C:\Windows\System32\drivers\SjtWinIo.sys [2010-12-13 9216] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-26 30969208] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-20 246376] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-20 50688] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-4 1255736] =============== Created Last 30 ================ 2010-12-15 10:41:23 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{AB294AAB-8E7E-4B55-9667-2B76C9910530}\mpengine.dll 2010-12-15 10:06:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2010-12-15 10:06:34 2048 ----a-w- C:\Windows\System32\tzres.dll 2010-12-15 09:53:59 395776 ----a-w- C:\Windows\System32\webio.dll 2010-12-15 09:53:59 314368 ----a-w- C:\Windows\SysWow64\webio.dll 2010-12-15 09:48:24 3124224 ----a-w- C:\Windows\System32\win32k.sys 2010-12-15 09:46:07 112000 ----a-w- C:\Windows\System32\consent.exe 2010-12-15 09:44:32 46080 ----a-w- C:\Windows\System32\atmlib.dll 2010-12-15 09:44:32 367104 ----a-w- C:\Windows\System32\atmfd.dll 2010-12-15 09:44:32 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2010-12-15 09:44:32 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll 2010-12-15 09:41:07 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe 2010-12-15 09:41:07 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe 2010-12-15 09:41:07 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll 2010-12-13 10:54:41 9216 ----a-w- C:\Windows\System32\drivers\SjtWinIo.sys 2010-12-01 09:20:30 709456 ----a-w- C:\Windows\isRS-000.tmp 2010-11-28 04:10:36 -------- d-----w- C:\Program Files\iPod 2010-11-28 04:10:31 -------- d-----w- C:\Program Files\iTunes 2010-11-28 04:10:31 -------- d-----w- C:\Program Files (x86)\iTunes 2010-11-28 04:10:08 -------- d-----w- C:\Users\Mike\AppData\Local\Apple Computer 2010-11-25 04:40:42 2037864 ----a-w- C:\Windows\System32\nvapi64.dll 2010-11-24 10:56:14 -------- d-----w- C:\Users\Mike\AppData\Roaming\OnlineArmor 2010-11-23 23:17:19 -------- d-----w- C:\PROGRA~3\OnlineArmor 2010-11-23 23:15:33 54896 ----a-w- C:\Windows\SysWow64\drivers\oahlp64.sys 2010-11-23 23:15:32 54864 ----a-w- C:\Windows\SysWow64\drivers\OADriver.sys 2010-11-23 23:15:32 37872 ----a-w- C:\Windows\SysWow64\drivers\OAmon.sys 2010-11-23 23:15:32 32728 ----a-w- C:\Windows\System32\drivers\OAnet.sys 2010-11-23 23:15:14 -------- d-----w- C:\Program Files (x86)\Online Armor 2010-11-23 20:41:15 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2010-11-23 20:41:15 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll ==================== Find3M ==================== 2010-12-15 10:37:48 17920 ----a-w- C:\Windows\System32\rpcnetp.exe 2010-12-15 10:37:46 57752 ----a-w- C:\Windows\SysWow64\rpcnet.dll 2010-12-15 10:37:46 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll 2010-12-15 10:36:52 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe 2010-11-29 07:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-11-19 09:03:36 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll 2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec 2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec 2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-11-04 04:23:40 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe 2010-11-04 04:23:33 57752 ------w- C:\Windows\SysWow64\rpcnet.exe 2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll 2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll 2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll 2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe 2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe 2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll 2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll 2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe 2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe 2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe 2010-10-16 18:55:00 1500264 ----a-w- C:\Windows\System32\nvdispco642050.dll 2010-10-16 18:55:00 1308776 ----a-w- C:\Windows\System32\nvgenco642030.dll 2010-10-16 03:13:24 61032 ----a-w- C:\Windows\System32\nvshext.dll 2010-09-23 05:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2010-09-23 05:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR 2010-09-21 19:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL 2010-09-21 19:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL ============= FINISH: 20:55:30.40 ===============
  3. Hello, MWB keeps blocking 174.129.221.183. Neither MWB or MSE finds anything and I don't think I'm infected - I'm using a relatively new computer and I haven't visited any dodgy sites that I'm aware of, installed any strange programs, etc. I googled the IP address and it appears to belong to amazon. One forum describes it as being a "black hole" where conficker etc. traffic directed which put me a little on edge but I would have thought the anti-malware programs would have detected anything doing that? Is this something I should run the scans and post logs to have checked or is it a harmless thing I don't need to worry about?
  4. Ok I've followed all the instructions and run the scans. Here are the two logs you requested. ESET didn't find anything. ESET Log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=8a2aeb4230e84341a689845d7e7153c9 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-06-06 08:20:34 # local_time=2010-06-06 11:20:34 (+0300, Arab Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 1902028 1902028 0 0 # compatibility_mode=768 16777191 100 0 3138703 3138703 0 0 # compatibility_mode=6401 16777213 66 100 2642 3288509 0 0 # compatibility_mode=8192 67108863 100 0 547 547 0 0 # scanned=73373 # found=0 # cleaned=0 # scan_time=4195 HJT Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:20:00 PM, on 6/7/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Mike\My Documents\Setup Files\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1272657403473 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1272703201359 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 7896 bytes
  5. Thanks! I'll get right on this. Question though - I've previously disabled AutoRun (I think) by following the instructions on the MS website. I changed a registry value to do this. Should I still disable it using the TweakUI or skip that step?
  6. I found a lot of malware on my system a month ago, so I reformatted and reloaded. I think I did everything properly, but there are a couple of HJT items now I don't recognize, and I'm concerned I may have been reinfected by a USB drive, or possibly through the internet again. Can you tell me if my logs are clean? I am having problems running GMER - it keeps crashing before it finishes even if I've disabled all the anti-spyware/virus programs. I haven't been able to successfully manually stop it and save the log either. Thanks! *** MBAM Log *** Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4156 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/30/2010 6:59:34 PM mbam-log-2010-05-30 (18-59-34).txt Scan type: Quick scan Objects scanned: 115896 Time elapsed: 15 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) *** DDS Log *** DDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 21:19:29.34 on Sun 05/30/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.57 [GMT 3:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe C:\Documents and Settings\Mike\Desktop\dds.scr C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Download Guard for Internet Explorer: {20c1a7f0-528e-444f-bac5-5804a61cca7f} - c:\program files\lavasoft\download guard for internet explorer\DownloadGuardBHO.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Google Update] "c:\documents and settings\mike\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe" mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming StartupFolder: c:\docume~1\mike\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe uPolicies-explorer: EditLevel = 0 (0x0) uPolicies-explorer: NoCommonGroups = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: google.com\www DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272657403473 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272703201359 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\xd4jwdcx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.chron.com/news/ FF - plugin: c:\documents and settings\mike\application data\mozilla\firefox\profiles\xd4jwdcx.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\mike\application data\mozilla\firefox\profiles\xd4jwdcx.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: c:\documents and settings\mike\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\mike\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-1 64288] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-1 164048] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-5-1 228216] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-5-1 24440] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-5-1 29560] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-1 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-1 40384] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1314704] R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-5-1 1284600] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-1 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-1 40384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-1 135664] S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-5-1 3364856] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2010-5-2 17149] =============== Created Last 30 ================ 2010-05-30 17:53:53 0 ----a-w- c:\documents and settings\mike\defogger_reenable 2010-05-15 18:50:09 0 d-----w- c:\program files\Trend Micro 2010-05-13 20:46:13 0 d-----w- c:\program files\PokerStars 2010-05-13 20:09:03 0 d-----w- c:\program files\PokerStars.NET 2010-05-05 14:51:39 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2010-05-05 14:51:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-05-05 14:51:32 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-05-04 18:57:25 0 d-----w- c:\docume~1\mike\applic~1\Logishrd 2010-05-04 16:45:27 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-05-03 17:55:31 0 d-----w- c:\program files\Firaxis Games 2010-05-02 15:25:30 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-05-02 15:25:07 94208 ----a-w- c:\windows\system32\DNIN50.dll 2010-05-02 15:25:07 651264 ----a-w- c:\windows\system32\libeay32.dll 2010-05-02 15:25:07 17149 ----a-w- c:\windows\system32\DNINDIS5.sys 2010-05-02 15:25:07 147456 ----a-w- c:\windows\system32\ssleay32.dll 2010-05-02 15:25:04 362944 ----a-w- c:\windows\system32\drivers\WG11TND5.sys 2010-05-02 15:25:04 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin 2010-05-02 15:25:04 0 d-----w- c:\program files\NETGEAR 2010-05-01 18:18:01 0 d-----w- c:\docume~1\mike\applic~1\InterVoip 2010-05-01 18:09:05 0 d-----w- c:\program files\InterVoip.com 2010-05-01 18:08:05 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2010-05-01 18:08:05 21504 ----a-w- c:\windows\system32\hidserv.dll 2010-05-01 18:07:40 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2010-05-01 18:07:40 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2010-05-01 17:55:14 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2010-05-01 17:55:13 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-05-01 13:15:52 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-05-01 13:15:52 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-05-01 13:15:02 0 d-----w- c:\program files\iPod 2010-05-01 13:14:52 0 d-----w- c:\program files\iTunes 2010-05-01 13:14:52 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-05-01 13:13:11 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-05-01 13:13:11 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-05-01 13:12:04 0 d-----w- c:\program files\Bonjour 2010-05-01 11:18:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-05-01 10:55:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-05-01 10:55:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-01 10:44:11 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CCE9E666-4D7C-4946-A98B-CFDE0A0C1706} 2010-05-01 10:43:56 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-01 10:43:35 0 d-----w- c:\program files\Lavasoft 2010-05-01 10:38:19 0 d-----w- c:\program files\SpywareBlaster 2010-05-01 10:30:59 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-05-01 10:30:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-05-01 10:23:07 0 d-----w- c:\docume~1\mike\applic~1\Malwarebytes 2010-05-01 10:22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-01 10:22:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-01 10:22:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-01 10:22:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-01 10:11:05 0 d-----w- c:\docume~1\mike\applic~1\OnlineArmor 2010-05-01 10:11:05 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor 2010-05-01 10:10:40 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-05-01 10:10:40 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-05-01 10:10:40 228216 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-05-01 10:10:39 0 d-----w- c:\program files\Tall Emu 2010-05-01 09:09:05 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-05-01 09:09:05 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-01 07:38:01 30568 ----a-w- c:\windows\system32\mdimon.dll 2010-05-01 07:33:18 0 d-----w- c:\windows\SHELLNEW 2010-04-30 23:14:50 0 d-sh--w- c:\documents and settings\mike\IECompatCache 2010-04-30 22:23:10 0 d-----w- c:\program files\Windows Media Connect 2 2010-04-30 22:08:00 0 d-----w- c:\program files\common files\ODBC 2010-04-30 22:07:57 0 d-----w- c:\program files\common files\SpeechEngines 2010-04-30 22:07:30 0 d-----r- c:\documents and settings\all users\Documents 2010-04-30 19:25:36 0 d-sh--w- c:\documents and settings\all users\DRM 2010-04-30 19:24:16 0 d-----w- c:\program files\common files\MSSoap 2010-04-30 19:23:02 0 d--h--w- c:\program files\WindowsUpdate 2010-04-30 19:23:02 0 d-----w- c:\program files\Online Services 2010-04-30 19:22:56 0 d-----w- c:\program files\Messenger 2010-04-30 19:22:52 0 d-----w- c:\program files\MSN Gaming Zone 2010-04-30 19:22:19 0 d-----w- c:\program files\Windows NT ==================== Find3M ==================== 2010-04-30 19:23:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-04-08 10:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 10:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll ============= FINISH: 21:22:15.29 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.