Ok the MBAM log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6804 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/7/2011 5:08:47 PM mbam-log-2011-06-07 (17-08-47).txt Scan type: Quick scan Objects scanned: 173030 Time elapsed: 8 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The ComboFix log: ComboFix 11-06-06.07 - Jeff 06/07/2011 17:29:28.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1204 [GMT -5:00] Running from: g:\virus protection\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Jeff\Application Data\inst.exe c:\documents and settings\Jeff\Start Menu\Programs\Windows XP Recovery c:\documents and settings\Jeff\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk c:\documents and settings\Jeff\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk c:\documents and settings\Jeff\WINDOWS c:\program files\rnamfler c:\program files\rnamfler\naomf.exe c:\program files\rnamfler\radprlib.dll c:\program files\rnamfler\stream.rep . c:\windows\system32\grpconv.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe . . ((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 ))))))))))))))))))))))))))))))) . . 2011-06-07 22:35 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2011-06-07 22:35 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2011-06-07 19:05 . 2011-06-07 19:05 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93759F96-96A3-4820-9466-936184C13225}\MpKsl5993ca76.sys 2011-06-07 19:04 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93759F96-96A3-4820-9466-936184C13225}\mpengine.dll 2011-06-02 18:10 . 2011-06-02 18:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 18:08 . 2011-06-02 18:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2011-06-02 18:08 . 2011-06-02 18:08 -------- d-----w- c:\program files\Common Files\Skype 2011-06-02 18:08 . 2011-06-02 18:08 -------- d-----r- c:\program files\Skype 2011-06-02 17:48 . 2011-06-02 17:48 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\Secunia PSI 2011-06-02 17:47 . 2011-06-02 17:47 -------- d-----w- c:\program files\Secunia 2011-06-02 17:46 . 2011-06-02 17:46 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-29 00:03 . 2011-06-02 17:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-28 23:37 . 2011-05-28 23:37 0 ----a-w- c:\windows\system32\REN1A.tmp 2011-05-28 23:37 . 2011-05-28 23:37 0 ----a-w- c:\windows\system32\REN19.tmp 2011-05-28 23:37 . 2011-05-28 23:37 0 ----a-w- c:\windows\system32\REN18.tmp 2011-05-28 23:20 . 2011-05-28 23:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-05-28 23:06 . 2011-05-28 23:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-05-28 23:01 . 2011-05-28 23:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-05-28 00:53 . 2011-05-28 00:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-05-28 00:52 . 2011-05-28 00:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-05-26 21:21 . 2011-05-26 21:23 967 ----a-w- c:\windows\ScUnin.pif 2011-05-26 21:21 . 2011-05-26 21:23 94208 ----a-w- c:\windows\ScUnin.exe 2011-05-26 21:20 . 2011-05-26 21:30 -------- d-----w- c:\program files\Starcraft 2011-05-20 17:13 . 2011-05-20 17:13 -------- d-----w- c:\program files\iPod 2011-05-20 17:13 . 2011-05-20 17:34 -------- d-----w- c:\program files\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 14:11 . 2009-01-10 15:40 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 14:11 . 2009-01-10 15:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-09 20:46 . 2010-11-23 20:42 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-04-30 15:17 . 2011-03-28 12:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "gStart"="c:\garmin\gStart.exe" [2006-09-06 1891416] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-28 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-27 15147400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120] "nwiz"="nwiz.exe" [2006-03-21 1519616] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-04-01 155648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653] Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-6-28 2056266] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-5-7 24576] Monitor.lnk - c:\program files\Philips Webcam\Monitor.exe [2007-10-16 249856] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896] WinZip Quick Pick.lnk - c:\winzip\WZQKPICK.EXE [2007-10-7 118784] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "c:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port "427:TCP"= 427:TCP:Advanced TCP/IP SLP Port "161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port . R1 MpKsl5993ca76;MpKsl5993ca76;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93759F96-96A3-4820-9466-936184C13225}\MpKsl5993ca76.sys [6/7/2011 2:05 PM 28752] R1 MpKsl658f1f4b;MpKsl658f1f4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933E3E99-F46B-4B62-B229-D0152BE3E8AD}\MpKsl658f1f4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933E3E99-F46B-4B62-B229-D0152BE3E8AD}\MpKsl658f1f4b.sys [?] R1 MpKsle3d8f251;MpKsle3d8f251;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CECED2B-BA8B-45A9-929F-8E24CDBD8BF8}\MpKsle3d8f251.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CECED2B-BA8B-45A9-929F-8E24CDBD8BF8}\MpKsle3d8f251.sys [?] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [10/29/2010 3:30 PM 99896] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/10/2009 10:40 AM 366640] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2007 10:14 AM 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/10/2009 10:40 AM 22712] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S1 MpKsl00946ab2;MpKsl00946ab2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40632111-6A4E-46CE-B774-5DA125023B5E}\MpKsl00946ab2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40632111-6A4E-46CE-B774-5DA125023B5E}\MpKsl00946ab2.sys [?] S1 MpKsle4b92584;MpKsle4b92584;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D30D229F-B2A4-48FA-802E-CAE91728B2E7}\MpKsle4b92584.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D30D229F-B2A4-48FA-802E-CAE91728B2E7}\MpKsle4b92584.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2011 6:01 PM 135664] S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2/19/2008 11:48 AM 2333568] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL5993CA76 . Contents of the 'Scheduled Tasks' folder . 2011-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 23:00] . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 23:00] . 2011-06-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.att.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: myspace.com\www TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\m5w5augp.default\ . - - - - ORPHANS REMOVED - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe AddRemove-Atari800Win PLus - c:\program files\Atari800WinPLus\Uninstall.exe AddRemove-Audacity 1.3 Beta (Unicode)_is1 - e:\program files\Audacity 1.3 Beta (Unicode)\unins000.exe AddRemove-AviSynth - e:\program files\AviSynth 2.5\Uninstall.exe AddRemove-AVStoDVD - e:\program files\AVStoDVD\uninst.exe AddRemove-DarkBASIC - c:\program files\Dark Basic Software\Dark Basic\Uninstal.exe AddRemove-HaaliMkx - e:\program files\Haali\MatroskaSplitter\uninstall.exe AddRemove-{40C03514-89C3-41BA-0090-3B440256DB87} - e:\ea games\The Sims 2\EAUninstall.exe AddRemove-{4817189D-1785-4627-A33C-39FD90919300} - e:\ea games\The Sims 2 Pets\EAUninstall.exe AddRemove-{7B3577F5-1D82-4C9B-008B-69D026FD8BCA} - e:\ea games\The Sims 2 Open For Business\EAUninstall.exe AddRemove-{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2} - e:\ea games\The Sims 2 University\EAUninstall.exe AddRemove-{962E05CF-3394-496D-0091-850CF1762F6B} - e:\program files\EA GAMES\The Battle for Middle-earth\EAUninstall.exe AddRemove-{B6F5B704-06D3-4687-90F3-6195304AD755} - e:\ea games\The Sims 2 Apartment Life\EAUninstall.exe AddRemove-{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06} - e:\ea games\The Sims 2 Seasons\EAUninstall.exe AddRemove-{F248ADFA-64E0-4b03-8A83-059078BED6A0} - e:\ea games\The Sims 2 Bon Voyage\EAUninstall.exe AddRemove-{F7529650-B9DB-481B-0089-A2AC3C2821C1} - e:\ea games\The Sims 2 Nightlife\EAUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-07 17:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3330895311-695767755-1025199814-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c1,43,da,0e,c4,6a,a4,e4,50,6d,a4,b8,56,88,0a,4a,e0,26,e4,73,b4,a0,e1, 9b,fd,b1,83,99,fa,e0,00,c3,cf,2d,d9,a6,7d,ad,70,fd,0d,0d,2c,2b,5e,51,bc,1a,\ "??"=hex:40,c1,e5,32,14,41,af,33,2c,e2,50,05,d4,d1,0e,68 . [HKEY_USERS\S-1-5-21-3330895311-695767755-1025199814-1006\Software\SecuROM\License information*] "datasecu"=hex:0f,d7,e8,fc,98,5d,c2,06,f1,64,8a,6d,be,74,38,d8,b9,be,83,90,47, 28,8b,aa,05,35,0b,5f,ec,d3,d0,04,26,af,5b,68,5a,f9,e1,2e,19,a8,df,d6,aa,49,\ "rkeysecu"=hex:fe,91,be,78,bd,01,a6,56,9c,3b,b6,2e,38,38,92,64 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(504) c:\windows\System32\BCMLogon.dll . Completion time: 2011-06-07 17:39:15 ComboFix-quarantined-files.txt 2011-06-07 22:39 . Pre-Run: 66,323,107,840 bytes free Post-Run: 66,593,001,472 bytes free . - - End Of File - - 9300CE03136393F3342D9EEC7A140572 The DDS log (and I've attached the attach.txt): . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25 Run by Jeff at 17:42:33 on 2011-06-07 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1250 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\HPSIsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Garmin\gStart.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.att.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [gStart] c:\garmin\gStart.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [statusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\philips webcam\Monitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\winzip\WZQKPICK.EXE IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL Trusted Zone: myspace.com\www DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184345771921 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{E8EAE12D-1544-43BD-B886-07593DA25934} : DhcpNameServer = 192.168.1.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\m5w5augp.default\ FF - plugin: c:\documents and settings\jeff\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264] R1 MpKsl5993ca76;MpKsl5993ca76;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93759f96-96a3-4820-9466-936184c13225}\MpKsl5993ca76.sys [2011-6-7 28752] R1 MpKsl658f1f4b;MpKsl658f1f4b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933e3e99-f46b-4b62-b229-d0152be3e8ad}\mpksl658f1f4b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933e3e99-f46b-4b62-b229-d0152be3e8ad}\MpKsl658f1f4b.sys [?] R1 MpKsle3d8f251;MpKsle3d8f251;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ceced2b-ba8b-45a9-929f-8e24cdbd8bf8}\mpksle3d8f251.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ceced2b-ba8b-45a9-929f-8e24cdbd8bf8}\MpKsle3d8f251.sys [?] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-10-29 99896] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-10 366640] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-26 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-10 22712] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S1 MpKsl00946ab2;MpKsl00946ab2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40632111-6a4e-46ce-b774-5da125023b5e}\mpksl00946ab2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40632111-6a4e-46ce-b774-5da125023b5e}\MpKsl00946ab2.sys [?] S1 MpKsle4b92584;MpKsle4b92584;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d30d229f-b2a4-48fa-802e-cae91728b2e7}\mpksle4b92584.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d30d229f-b2a4-48fa-802e-cae91728b2e7}\MpKsle4b92584.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 135664] S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2008-2-19 2333568] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] . =============== Created Last 30 ================ . 2011-06-07 22:35:14 39424 ----a-w- c:\windows\system32\grpconv.exe 2011-06-07 22:35:14 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2011-06-07 22:26:23 98816 ----a-w- c:\windows\sed.exe 2011-06-07 22:26:23 518144 ----a-w- c:\windows\SWREG.exe 2011-06-07 22:26:23 256512 ----a-w- c:\windows\PEV.exe 2011-06-07 22:26:23 208896 ----a-w- c:\windows\MBR.exe 2011-06-07 19:05:38 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93759f96-96a3-4820-9466-936184c13225}\MpKsl5993ca76.sys 2011-06-07 19:04:51 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93759f96-96a3-4820-9466-936184c13225}\mpengine.dll 2011-06-02 18:10:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 18:08:06 -------- d-----r- c:\program files\Skype 2011-06-02 17:48:14 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Secunia PSI 2011-06-02 17:47:59 -------- d-----w- c:\program files\Secunia 2011-06-02 17:46:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-29 00:03:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN1A.tmp 2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN19.tmp 2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN18.tmp 2011-05-26 21:21:09 967 ----a-w- c:\windows\ScUnin.pif 2011-05-26 21:21:09 94208 ----a-w- c:\windows\ScUnin.exe 2011-05-26 21:20:30 -------- d-----w- c:\program files\Starcraft 2011-05-20 17:13:51 -------- d-----w- c:\program files\iPod 2011-05-20 17:13:47 -------- d-----w- c:\program files\iTunes . ==================== Find3M ==================== . 2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 17:43:11.54 =============== AttachLog 6-7-2011.txt