Jump to content

blue85

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. After most recent scans and reboots my computer seems to be back to normal. I haven't noticed anything odd. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7082 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 11-Jul-11 9:21:34 PM mbam-log-2011-07-11 (21-21-34).txt Scan type: Full scan (C:\|) Objects scanned: 448488 Time elapsed: 2 hour(s), 46 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. Yes it is where i am keeping all logs and files I have downloaded so I can keep track of everything.
  3. Thank you for helping me. What my computer was doing before this scan was: 1. at start up I would recieve a warning that a trojan was found and would be cleaned. I posted the file name in my first post. This would be after every reboot. 2. While using my computer my firewall would block the same program from connecting to the internet. I attempted to use malwarebytes and my virus scanner in safe mode to try to remove this, both programs found and removed threats but the pest returned. After this last scan I did not recieve the virus warning when I restarted and I have not recieved a firewall warning. Here is my combofix log: ComboFix 11-07-11.02 - Josh 11-Jul-11 14:20:51.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1738 [GMT -6:00] Running from: c:\users\Josh\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE} SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{44fa1dc4-8783-40ae-8dbb-170d27b3c7fb} c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{44fa1dc4-8783-40ae-8dbb-170d27b3c7fb}\chrome\xulcache.jar c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{44fa1dc4-8783-40ae-8dbb-170d27b3c7fb}\defaults\preferences\xulcache.js c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{44fa1dc4-8783-40ae-8dbb-170d27b3c7fb}\install.rdf c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{69dc72c9-44f3-487d-a9e2-566df4408645} c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{69dc72c9-44f3-487d-a9e2-566df4408645}\chrome\xulcache.jar c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{69dc72c9-44f3-487d-a9e2-566df4408645}\defaults\preferences\xulcache.js c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{69dc72c9-44f3-487d-a9e2-566df4408645}\install.rdf c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{78e5c6e0-9d8c-453e-9dd2-6bfc10b2edcf} c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{78e5c6e0-9d8c-453e-9dd2-6bfc10b2edcf}\chrome\xulcache.jar c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{78e5c6e0-9d8c-453e-9dd2-6bfc10b2edcf}\defaults\preferences\xulcache.js c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{78e5c6e0-9d8c-453e-9dd2-6bfc10b2edcf}\install.rdf c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{b37edd2f-2823-4551-8ffa-264d1e2e1c9e} c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{b37edd2f-2823-4551-8ffa-264d1e2e1c9e}\chrome.manifest c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{b37edd2f-2823-4551-8ffa-264d1e2e1c9e}\chrome\xulcache.jar c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{b37edd2f-2823-4551-8ffa-264d1e2e1c9e}\defaults\preferences\xulcache.js c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{b37edd2f-2823-4551-8ffa-264d1e2e1c9e}\install.rdf E:\autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 ))))))))))))))))))))))))))))))) . . 2011-07-11 20:37 . 2011-07-11 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-08 15:45 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B2FEFAF-5391-4E59-B52C-B95A7BDB7099}\mpengine.dll 2011-07-06 03:57 . 2011-07-06 04:34 -------- d-----w- c:\users\Josh\AppData\Roaming\.minecraft 2011-07-05 23:57 . 2011-07-09 14:50 -------- d-----w- C:\infection2011 2011-07-01 05:05 . 2011-07-01 05:05 -------- d-----w- c:\users\Josh\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 2011-07-01 05:04 . 2011-07-01 05:04 -------- d-----w- c:\users\Josh\AppData\Roaming\com.adobe.dmp.contentviewer 2011-06-28 22:35 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-28 22:35 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll 2011-06-28 22:35 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll 2011-06-28 22:35 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll 2011-06-28 22:35 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-06-28 22:35 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-06-28 22:35 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-06-28 22:35 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-06-28 22:35 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll 2011-06-28 22:35 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-06-28 00:43 . 2011-06-28 00:43 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-28 00:43 . 2011-06-28 00:43 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-26 02:09 . 2011-06-26 02:09 -------- d-----w- c:\users\Josh\AppData\Roaming\Adobe Mini Bridge CS5.1 2011-06-26 02:09 . 2011-06-26 02:09 -------- d-----w- c:\users\Josh\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2011-06-26 01:55 . 2011-06-26 02:08 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2011-06-25 23:15 . 2011-06-25 23:15 -------- d-----w- c:\programdata\ALM 2011-06-25 22:58 . 2011-06-25 22:58 -------- d-----w- c:\users\Josh\Adobe Flash Builder 4.5 2011-06-25 22:36 . 2011-06-25 22:36 -------- d-----w- c:\program files\My Company Name 2011-06-25 18:23 . 2011-06-25 18:23 -------- d-----w- c:\windows\system32\Adobe 2011-06-24 18:04 . 2011-06-25 23:19 -------- d-----w- C:\AdobeTemp 2011-06-23 03:26 . 2011-06-23 03:26 -------- d-----w- c:\programdata\Nexon 2011-06-21 21:13 . 2011-06-21 21:13 -------- d-----w- C:\Nexon 2011-06-21 03:30 . 2011-06-21 21:18 -------- d-----w- c:\users\Josh\MapleStory 2011-06-21 03:30 . 2011-06-24 19:38 -------- d-----w- c:\users\Josh\AppData\Local\PMB Files 2011-06-21 03:29 . 2011-06-21 21:12 -------- d-----w- c:\programdata\PMB Files 2011-06-21 03:29 . 2011-06-21 03:29 -------- d-----w- c:\program files\Pando Networks 2011-06-19 09:39 . 2011-06-19 09:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-06-17 19:08 . 2011-06-17 19:08 -------- d-----w- c:\users\Josh\AppData\Local\Logitech 2011-06-17 19:05 . 2011-06-17 19:05 -------- d-----w- c:\program files\Common Files\Logitech 2011-06-17 19:04 . 2011-06-17 19:04 -------- d-----w- c:\program files\Logitech 2011-06-16 02:23 . 2011-06-16 02:23 -------- d-----w- c:\users\Josh\AppData\Local\SCE 2011-06-16 02:22 . 2011-06-16 02:22 -------- d-----w- c:\users\Public\Sony Online Entertainment 2011-06-15 02:42 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-15 02:42 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 02:42 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 02:23 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 02:23 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 02:23 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 02:23 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 02:23 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 02:23 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 02:23 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 02:23 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 02:23 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 02:23 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-26 03:08 . 2011-05-30 21:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-06-26 03:07 . 2011-05-30 21:08 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-06-26 03:07 . 2011-05-30 21:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-06-25 18:23 . 2011-05-17 02:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-19 09:40 . 2009-11-12 01:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-06-19 09:39 . 2009-11-12 01:15 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-06-19 09:39 . 2009-11-12 01:15 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-06-15 02:37 . 2011-01-20 02:52 1657216 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2011-06-06 19:55 . 2011-06-06 19:55 47512 ----a-w- c:\windows\system32\AdobePDF.dll 2011-06-06 19:55 . 2011-06-06 19:55 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll 2011-05-30 21:08 . 2009-12-06 01:31 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-05-29 15:11 . 2010-07-14 21:42 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 15:11 . 2010-07-14 21:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-25 01:14 . 2009-11-11 06:31 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-04-27 21:00 . 2011-04-27 21:00 53248 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-04-22 19:14 . 2011-05-25 00:08 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-15 20:42 . 2011-04-15 20:42 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-15 20:42 . 2011-04-15 20:42 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-15 20:42 . 2011-04-15 20:42 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-15 20:42 . 2011-04-15 20:42 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-15 20:42 . 2011-04-15 20:42 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-15 20:42 . 2011-04-15 20:42 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-15 20:42 . 2011-04-15 20:42 367104 ----a-w- c:\windows\system32\html.iec 2011-04-15 20:42 . 2011-04-15 20:42 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-15 20:42 . 2011-04-15 20:42 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-15 20:42 . 2011-04-15 20:42 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-15 20:42 . 2011-04-15 20:42 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-15 20:42 . 2011-04-15 20:42 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-15 20:42 . 2011-04-15 20:42 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-15 20:42 . 2011-04-15 20:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-15 20:42 . 2011-04-15 20:42 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-15 20:42 . 2011-04-15 20:42 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-15 20:42 . 2011-04-15 20:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-15 20:42 . 2011-04-15 20:42 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-15 20:42 . 2011-04-15 20:42 101888 ----a-w- c:\windows\system32\admparse.dll 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-06-28 00:43 . 2011-03-29 00:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-11 39408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-30 323392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-11 122880] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672] "Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-25 2145000] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448] . c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MLB.TV NexDef Plug-in.lnk - c:\users\Josh\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488] Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-10-2 795936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 135664] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-12-02 29472] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 135664] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x] R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x] R3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [2006-01-07 7548] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1343400] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-08 691696] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-25 114984] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-25 133512] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-25 810120] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-03-25 41312] S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424] . . Contents of the 'Scheduled Tasks' folder . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 21:59] . 2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 21:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?ie=UTF-8&hl=en&source=iglk uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyServer = 137.195.151.15:80 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search . - - - - ORPHANS REMOVED - - - - . BHO-{0669BE94-D3D9-4577-8AFD-F8126D9CF576} - (no file) HKCU-Run-AdobeBridge - (no file) HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:c2,43,17,f9,75,b2,f6,01,8b,ec,d3,fa,9e,e7,4f,15,ef,d4,53,00,9c, 95,1f,9d,81,05,88,41,22,c3,6f,1b,4b,92,d0,20,cb,49,5d,58,f8,00,17,6c,82,2c,\ . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:c2,43,17,f9,75,b2,f6,01,8b,ec,d3,fa,9e,e7,4f,15,ef,d4,53,00,9c, 95,1f,9d,81,05,88,41,22,c3,6f,1b,4b,92,d0,20,cb,49,5d,58,f8,00,17,6c,82,2c,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-07-11 14:56:12 ComboFix-quarantined-files.txt 2011-07-11 20:56 . Pre-Run: 84,751,486,976 bytes free Post-Run: 90,446,200,832 bytes free . - - End Of File - - 73895E86CDD45BB707A761B5ACB3A30B
  4. I have run multiple virus scans and malwarebytes scans. Every time they find the same set of viruses and when I reboot they return and my firewall blocks the virus's connection to the internet. Also this virus is interfering with google, it redirects my search results to random pages. I use eset security suite on my computer and my opperating system is up to date. Here are my logs Thank you. This is what my virus scanner is finding and what my firewall is blocking. C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\xrp9a9uo.default\extensions\{b37edd2f-2823-4551-8ffa-264d1e2e1c9e}\chrome.manifest - Win32/TrojanDownloader.Tracur.F trojan - cleaned by deleting - quarantined [1] _____________________________________________________________________ Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7013 Windows 6.1.7601 Service Pack 1 (Safe Mode) Internet Explorer 9.0.8112.16421 05-Jul-11 7:00:22 PM mbam-log-2011-07-05 (19-00-22).txt Scan type: Full scan (C:\|) Objects scanned: 451365 Time elapsed: 1 hour(s), 15 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) _____________________________________________________________________ . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23 Run by Josh at 10:38:51 on 2011-07-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1715 [GMT -6:00] . AV: ESET Smart Security 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET Smart Security 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\fxssvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Toshiba\TECO\TEco.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\Josh\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Josh\AppData\Local\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.com/ig?ie=UTF-8&hl=en&source=iglk uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyServer = 137.195.151.15:80 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {0669be94-d3d9-4577-8afd-f8126d9cf576} - c:\windows\system32\amstream32.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5.1\plugins\ieplugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5.1\plugins\ieplugin\contributeieplugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [AdobeBridge] mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [NapsterShell] c:\program files\napster\napster.exe /systray mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\mlbtvn~1.lnk - c:\users\josh\appdata\local\autobahn\mlb-nexdef-autobahn.exe StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{78DC718F-3B60-423E-A080-00AB18EC65FC} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{78DC718F-3B60-423E-A080-00AB18EC65FC}\D4F44554C463 : DhcpNameServer = 192.168.254.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\xrp9a9uo.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\xrp9a9uo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\xrp9a9uo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\users\josh\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\xrp9a9uo.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll FF - plugin: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\xrp9a9uo.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-3-24 133512] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-24 810120] R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-3-24 41312] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920] R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-1-21 17232] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2006-11-19 7168] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600] R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-16 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-24 29472] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-21 25832] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-25 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-16 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-14 39984] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2010-3-24 7548] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-4 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-4 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2011-07-06 03:57:17 -------- d-----w- c:\users\josh\appdata\roaming\.minecraft 2011-07-05 23:57:29 -------- d-----w- C:\infection2011 2011-07-05 07:38:25 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{76b869b1-e9ce-4529-b843-1f4518978dea}\mpengine.dll 2011-07-02 05:17:47 342528 ----a-w- c:\windows\system32\amstream32.dll 2011-07-01 05:05:26 -------- d-----w- c:\users\josh\appdata\roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 2011-07-01 05:04:09 -------- d-----w- c:\users\josh\appdata\roaming\com.adobe.dmp.contentviewer 2011-06-28 22:35:57 293376 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-28 22:35:53 1549312 ----a-w- c:\windows\system32\tquery.dll 2011-06-28 22:35:53 1401344 ----a-w- c:\windows\system32\mssrch.dll 2011-06-28 22:35:52 427520 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-06-28 22:35:52 337408 ----a-w- c:\windows\system32\mssph.dll 2011-06-28 22:35:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-06-28 22:35:51 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-06-28 22:35:51 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-06-28 22:35:51 59392 ----a-w- c:\windows\system32\msscntrs.dll 2011-06-28 22:35:51 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-06-28 00:43:17 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-06-28 00:43:17 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-06-26 02:09:26 -------- d-----w- c:\users\josh\appdata\roaming\Adobe Mini Bridge CS5.1 2011-06-26 02:09:25 -------- d-----w- c:\users\josh\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2011-06-26 01:55:14 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2011-06-25 23:15:12 -------- d-----w- c:\programdata\ALM 2011-06-25 22:58:33 -------- d-----w- c:\users\josh\Adobe Flash Builder 4.5 2011-06-25 22:36:03 -------- d-----w- c:\program files\My Company Name 2011-06-25 18:23:54 -------- d-----w- c:\windows\system32\Adobe 2011-06-24 18:04:02 -------- d-----w- C:\AdobeTemp 2011-06-23 03:26:39 -------- d-----w- c:\programdata\Nexon 2011-06-21 21:13:11 -------- d-----w- C:\Nexon 2011-06-21 21:13:10 -------- d-----w- c:\programdata\NexonUS 2011-06-21 03:30:54 -------- d-----w- c:\users\josh\MapleStory 2011-06-21 03:30:00 -------- d-----w- c:\users\josh\appdata\local\PMB Files 2011-06-21 03:29:58 -------- d-----w- c:\programdata\PMB Files 2011-06-21 03:29:48 -------- d-----w- c:\program files\Pando Networks 2011-06-19 09:39:39 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll 2011-06-17 19:08:42 -------- d-----w- c:\users\josh\appdata\local\Logitech 2011-06-17 19:05:09 -------- d-----w- c:\program files\common files\Logitech 2011-06-16 02:23:26 -------- d-----w- c:\users\josh\appdata\local\SCE 2011-06-15 02:42:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 02:42:26 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll 2011-06-15 02:42:24 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 02:23:45 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 02:23:45 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 02:23:42 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 02:23:42 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 02:23:42 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 02:23:23 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 02:23:17 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 02:23:07 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 02:23:07 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 02:23:07 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-11 05:55:25 -------- d-----w- c:\program files\iPod 2011-06-11 05:55:24 -------- d-----w- c:\program files\iTunes 2011-06-06 19:55:34 47512 ----a-w- c:\windows\system32\AdobePDF.dll 2011-06-06 19:55:32 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll 2011-06-06 18:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2011-06-06 18:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2011-06-25 18:23:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 15:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 15:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-25 01:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe . ============= FINISH: 10:41:35.00 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.