mbighouse

I'm sorry! I know it says not to reply to your own message, but I see I forgot to click 'attach this file' so my attach.zip was not included. I am adding that here. -MH Attach.zip

Thank you! I posted here: http://forums.malwarebytes.org/index.php?showtopic=97214 -MH

My original post is here: http://forums.malwarebytes.org/index.php?showtopic=97207 . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by God at 16:51:42 on 2011-10-07 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.3677 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe C:\Windows\SysWOW64\XSrvSetup.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\M-AudioTaskBarIcon.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Unified Remote\RemoteServer.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.33\deploy\LoLLauncher.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.87\deploy\LolClient.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\God\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\God\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\God\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\God\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\God\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\God\Desktop\mbam\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uWindow Title = Internet Explorer, optimized for Bing and MSN mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL uRun: [Google Update] "C:\Users\God\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [unifiedRemoteServer] C:\Program Files (x86)\Relmtech\Unified Remote\UnifiedRemoteServer.exe uRun: [unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe uRun: [NCsoft] mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Check Point Endpoint Connect] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{AACB9946-0A1A-45C8-B6D2-969CBA80573B} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{E1556519-C646-4F86-BF95-73B8E0928AF7} : DhcpNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Check Point Endpoint Connect] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys --> C:\Windows\system32\DRIVERS\diginet.sys [?] R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-12-4 72304] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-6 366152] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-1 2253120] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-10 381248] R2 TracSrvWrapper;Check Point Endpoint Connect;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2011-2-7 3487256] R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\DB3G.sys --> C:\Windows\system32\drivers\DB3G.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\system32\DRIVERS\vnaap.sys --> C:\Windows\system32\DRIVERS\vnaap.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-30 136176] S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-12-25 401920] S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-7 128928] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-30 136176] S3 iLokDrvr;Usb Driver;C:\Windows\system32\DRIVERS\iLokDrvr.sys --> C:\Windows\system32\DRIVERS\iLokDrvr.sys [?] S3 MAUSBFASTTRACKULTRA8R;Service for M-Audio Fast Track Ultra 8R;C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackUltra8R.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-10-07 21:47:44 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-10-07 20:17:16 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B372AA14-D40F-48EA-93C8-FC322ED262A0}\offreg.dll 2011-10-07 04:16:02 -------- d-----w- C:\Users\God\AppData\Roaming\Malwarebytes 2011-10-07 04:15:57 -------- d-----w- C:\ProgramData\Malwarebytes 2011-10-07 04:15:54 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-10-07 04:15:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-10-07 01:14:49 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B372AA14-D40F-48EA-93C8-FC322ED262A0}\mpengine.dll 2011-10-01 22:32:38 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll 2011-10-01 22:32:01 1426536 ----a-w- C:\Windows\System32\nvhdagenco642040.dll 2011-10-01 22:31:55 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll 2011-10-01 22:31:55 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll 2011-10-01 21:43:22 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab 2011-10-01 21:42:26 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-10-01 21:41:43 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins 2011-10-01 21:40:25 -------- d-----w- C:\ProgramData\EA Core 2011-10-01 21:28:39 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller 2011-10-01 20:34:34 -------- d-----w- C:\Users\God\AppData\Roaming\Origin 2011-10-01 20:34:14 -------- d-----w- C:\Users\God\AppData\Local\Origin 2011-10-01 20:34:06 -------- d-----w- C:\ProgramData\Origin 2011-10-01 20:34:06 -------- d-----w- C:\ProgramData\Electronic Arts 2011-10-01 20:34:06 -------- d-----w- C:\Program Files (x86)\Origin Games 2011-10-01 20:33:56 -------- d-----w- C:\Program Files (x86)\Origin 2011-10-01 19:56:07 -------- d-----w- C:\Program Files (x86)\TeamFortress Arcade 2011-09-28 02:55:20 -------- d-----w- C:\Users\God\AppData\Local\NCSoft 2011-09-28 02:46:01 -------- d-----w- C:\Users\God\AppData\Local\assembly 2011-09-28 02:45:32 -------- d-----w- C:\Program Files (x86)\NCSoft 2011-09-28 02:44:16 -------- d-----w- C:\Users\God\AppData\Roaming\GetRightToGo 2011-09-15 04:12:11 -------- d-----w- C:\Program Files (x86)\Super Smash Land 2011-09-12 03:40:53 -------- d-----w- C:\Users\God\AppData\Roaming\com.amazon.music.uploader 2011-09-12 03:40:08 -------- d-----w- C:\Users\God\AppData\Local\Adobe 2011-09-10 09:47:40 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2011-09-08 23:49:11 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3051BF52-D03F-4A87-AF0D-22D2BB4E152B}\gapaengine.dll . ==================== Find3M ==================== . 2011-10-02 18:17:32 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-01 23:20:13 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-10-01 23:01:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-10-01 21:28:08 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll 2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 16:52:12.09 =============== Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7891 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 10/7/2011 12:58:26 AM mbam-log-2011-10-07 (00-58-26).txt Scan type: Full scan (C:\|) Objects scanned: 617907 Time elapsed: 1 hour(s), 40 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) a sample from the IP protection log (bc post too long otherwise, i deleted about 500 or so lines of the same IP block from winamp): 15:17:37 God MESSAGE Protection started successfully 15:17:41 God MESSAGE IP Protection started successfully 15:18:39 God MESSAGE Scheduled update executed successfully 15:19:04 God MESSAGE IP Protection stopped 15:19:05 God MESSAGE Database updated successfully 15:19:05 God MESSAGE IP Protection started successfully 15:49:39 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 15:49:39 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:01:43 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:01:51 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:00 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:08 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:16 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:24 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:32 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:40 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:02:48 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50183, Process: chrome.exe) 16:02:48 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50184, Process: chrome.exe) 16:02:48 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50185, Process: chrome.exe) 16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:46 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50294, Process: chrome.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50295, Process: chrome.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 50296, Process: chrome.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:05:54 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:02 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8) 16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8) 16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8) 16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8) 16:06:10 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:25:01 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:25:01 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:25:01 God IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) 16:54:02 God IP-BLOCK 62.45.129.84 (Type: outgoing, Port: 51001, Process: pmb.exe) 17:11:47 God IP-BLOCK 62.45.129.84 (Type: outgoing, Port: 56277, Process: pmb.exe) 17:40:11 God IP-BLOCK 62.45.199.8 (Type: outgoing, Port: 62957, Process: pmb.exe) Thanks! -MH

Useful information? nslookup 80.82.79.70 Server: homeportal Address: 192.168.1.254 Name: hosted-by.seedhost.net Address: 80.82.79.70

Hello, I've used Malwarebytes for some time, just started using the IP protection. I am consistently getting a message that the following IP is being blocked, and its attempting to be accessed via winamp.exe: 15:49:39 --- IP-BLOCK 80.82.79.70 (Type: outgoing, Port: 8086, Process: winamp.exe) Not sure what that IP is or if it should be blocked. Anyone have any idea about this? Thanks! -H