Jump to content

Search the Community

Showing results for tags 'spam'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 23 results

  1. I'm working on a spamtrap project. I want to collect malspam and analyze malicious attachments. I have set up my analyzer but I have a big problem... how can I disseminate my honeypot e-mail addresses in an efficent way? I used to spread my e-mail accounts on fake data breaches on pastebin and post on forums but without results. Can you help me? Do you know better methods for spread quickly my email through malicious channels? Thanks.
  2. Im not exactly sure where to post this but any information would be extremely helpful. Im currently in a PSC hearing with my ISP over speeds, security, spam calls & personal information theft. My ISP says their product can protect and help stop spam calls, identity and personal information theft and much more. They basically stated that any issues we have with both internet and phone security could have been stopped by their software. They have also tried to force it upon us multiple times as well as suggested heavily in a hearing that their software is superior to Malwarebytes. All I know is when I had their software years ago, all 3 of the house computers got ransomware and had to be reset or new hard drives. A total loss of all data and all 3 people had personal attacks on their banking, identity and abuse of their personal information of various sorts. Since we switched we have had 0 issues over the past years. The company even had 2 techs tell me that there is no way their service is better than Malwarebytes, they use it themselves "but of course we have to push our own product" The company is Frontier Communications. Ive reached out in many ways to Malwarebytes for a general response, statement or any information on a comparison or how to go about doing this myself. Such has does their statement about stopping all forms of scam, spam and theft even possible? How could one gauge which product offers the best protection? If anyone could help shed some light on the issues it would be Greatly appreciated! Im not looking to drag MB into this but a general statement or information I could obtain and use on my own would be helpful. TIA.
  3. So I've been getting connections from strange IP's for a long time and Malwarebytes has always notified me of it and classified the attempts as malware. These attempts would usually happen around 4-5 times a week for the past 5 months or so and Malwarebytes Premium would show no additional information on the attempts apart from IP & Port. Recently though these attempts have been much more frequent (3-9 times a day) and coming from different IP's and sometimes even showing domains which also are different from each other. Instead of saying it was an attempt to infect my PM with malware it now says it was a Trojan instead. I've scanned my PC with Malwarebytes Premium, Adwcleaner and Avast with no results each time. Just recently I've been looking into the IP's with different online tools: https://exchange.xforce.ibmcloud.com/ https://www.virustotal.com/#/home/url These would show that most of the IP's that Malwarebytes would inform me as Trojan infect attempts are trying to infect me with the Zero-day malware. One of the recent IP's I had checked was this and it seems to be a spam bot (from a botnet most likely) trying to infect PC's with the Zero-day malware. https://exchange.xforce.ibmcloud.com/ip/81.18.134.18 Most frightening is the fact that after after using a VPN or even double proxies they still manage to connect to me. I'm using NordVPN and even then I am getting spammed. Majority of the attempts only show the type of the malware and the IP. Not domain or the file it was coming from (assuming I have something on my PC that lets them connect to me through changing my IP address. So is my PC, information and files in danger with how things are now, or am I safe? Sorry the text on the image is in Finnish. Also not sure if the topic is in a wrong category, move it if it is.
  4. Hi I like to report an suspicious email from yesterday, heres what it said.: Hello. Dont consider on my grammar, I am from China.We loaded our virus on your OS.Now I thiefted all personal data from your device. In addition I have some more evidence.The most amusing compromising which I have- its a videotape with your masturbation.I put malware on a porn web site and after you downloaded it. When you picked the video and clicked on a play, my deleterious soft instantly downloaded on your Operating System. After adjusting, your web camera shoot the videotape with you self-abusing, furthermore I captured the video you chose. In next few days my deleterious soft collected all your social and work contacts. Its obviously a scam because one thing I use Linux to surf the web and really don't touch free porn sites. And this person finishes by saying: If you desire to erase all the evidence- pay me 640 usd in BTC(cryptocurrency). I provide you my Btc address - 19U6ZoDKgaxHcnvNYXTeucpUWrMMav7PQE and hers there email address: order@santaclarashuttle.com
  5. Hi, So my problem is that I downloaded a cracked game... (I know, I know, its full of malware) but this time I messed up and I got .exe that I think installed a malware, now it's opening a random spam tab in chrome every 40 mins or so. So first things that I did was deleting the .exe, after that, I went to Task Manager and saw that a unnamed Program was using 50% of my CPU... I went to File location and it was svhost... I then run a MalwareBytes scan with free premium trial and deleted everything that I didn't know what it was. So now what I do is I task kill the unnamed thing, but that doesnt block it from opening chrome pages... P.S: sorry for my bad English I'm from Portugal.
  6. I run a computer repair shop here in Central Florida and we are also an affiliate with CleverBridge to push Malwarebytes to our customers on a regular basis, because it is an excellent product and we stand by it 100%. The only thing that's a bugger are the non-stop notifications that pop up for those that use the free version. With previous editions of Malwarebytes it was never, ever this bad. I understand you want people to purchase your product, but please take my advice on this one — these "UPGRADE NOW" notifications just annoy people and make them want to uninstall it. This practice isn't anything new, especially with anti-malware software, I get that. Even if you could just reduce the notifications to purchase the premium version to just once within the 14 days would be an improvement, not every single time they turn on their computer. We explain to every customer that after the 14 days they'll need to manually run scans periodically to ensure they're free from malware — and majority are ok with that — the pop-ups are what they can't deal with. Just some friendly advice, and I hope you take it into serious consideration. Cheers!
  7. Hello, Firstly I want to say for the most part I am satisfied with the service. With that being said I have recently encounter some things that have been gnawing away at my patience. 1) Exclusions: Folder Exclusions, and for the most part exclusions in general don't appear to work as intended - at the very least, how I intend it. Whilst it is most common when I use trainers from the likes of Cheat Happens, and other similar services, it has also happened for game patches and even website exclusions. I have to go in and add each individual file I want excluded in the folder, even though I set up the folder as an exclusion. Am I wrong to assume that is how the Folder Exclusion is meant to work? If anyone has a solution to this so that the things I place in that folder will be excluded, I would definitely appreciate it. 2) Offline issues: Recently we had a really bad windstorm, upwards of 131km/h. This of course caused issues with the power grid and, since I'm out in the country - my internet. With the tower that provides us internet being knocked over, we had to wait for them to rebuild the tower and realign their radios to once again provide us internet. So we had no internet for about 2-3 days. Over the course of those few days, Malwarebytes saw fit to remind me every 10-30ish minutes that I was in fact offline. It gave me an error saying it could not connect to the license server, and that my updates were not current. This alone probably wouldn't be an issue, but it demanded my attention. Minimizing full screen games, and popping up over every open window which interrupted my writing. When I finally got frustrated, I decided to just leave the error up and perhaps it wouldn't minimize my game (sometimes causing the game to crash). It worked, but it caused another issue: endless amounts of errors. I had to sit and hold enter for upwards of 2 minutes for all the errors to be dismissed. I'd close it down, and another would pop up, close it down and another would pop up, and so on and so forth. Our internet goes down often enough that I had noticed this to a smaller degree, but it was never for more than a few hours at most. So this was incredibly frustrating for me. I'm not sure why this is necessary, though I suspect anti-piracy has something to do with it. I don't know what you can do about it because piracy is a rampant thing with software, but I was frustrated enough that I felt like posting it here.
  8. Has anyone got an idea what this is? Popping up in the bottom right corner of the desktop on several machines cannot seem to find what is causing it
  9. I ran a shady .exe and ads started poping up left and right, new icons on desktop, new apps, multiple unknown process, etc. I installed Malwarebytes and it quanrantied many issues. However some still remain (see attachment). I stays at 0 of 122. I can't the stuff that is quarantied, clicking on the button doesn't do anything. I can't uninstall some of the new apps (see attachment). I don't know if this is important, but when stiky notes tries to start, i get this message: " This app can't open, Sticky Notes can't be opened using the Built-in Administrator account. Sign in with a different account and try again." I ran FRST64 and I put the two .txt it created in attachment. Thanks for the help Bob Addition.txt FRST.txt
  10. Hello, I recently turned on my computer and noticed that when I opened google chrome it popped up on a blank page called, navigation.iwatchavi.com. I checked to see if my browser setup was wrong and it wasn't. I tried a quick clean up of my browser setting on chrome. It fixed it for a few times but after a reboot it was back. I uninstalled and reinstalled chrome, no help. I've searched for it in registry editor, NOTHING!! The only help Google has is to download SpyHunter4 and I am positive that is not going to work because I've dealt with that fiasco in the past. The is no application installed for it either. I've run both Malware bytes premium and Anvisoft and neither pick it up as malware. Either I'm screwed or this is just extremely complicated. Another thing, for every google search I do on this virus, the posts online were created literally 3-6 days ago. And if they weren't they all offer the exact same fix which doesn't fix anything. Please help.
  11. So every 15 minutes of the entire day I get an extremely abrasive Malwarebytes random popup on the lower-right corner, it'll either say Skype is a virus or it'll just randomly open up the Malwarebytes program and leave it at that. I tried disabling every form of notification but it still pops up every 15 minutes, how do I prevent this from spamming me relentlessly? Or do we need to switch to another program.
  12. Hello everyone. I just signed in a few moments ago. The Anti-Malware program worked great in the last days since installation, but now this is becoming a more serious problem. I know what rules says about uTorrent and I believe it is the cause of the adware spam. Like a week ago I was searching for a soundtrack to download and found a torrent for it. At the time I didn't have the application so I downloaded it. After that, sometimes when I accesed web pages that were not Facebook, Youtube, or any derived page of Google, I would get some advertising (was it sending me to a new page or including in the actual page. At the time it was not so invasive but still identified it was an adware. Made a scan with AntiMalware, found some things and deleted them. Only last like one or two days when ads start poping again. I have made several scans and even if AntiMalware finds something the browser stays same. Worst part is that now I can't browse peacefully cause almost every page redirects me to any ad or if they load en the page they completely destroy the design and even don't show anything (just a blank space with the label of "by SOMEPAGE") and an eternal page loading. uTorrent is now unistalled but guess it just doesn't care now. I'm worried about this cause maybe it is taking a priority on my internet connection and even another applications that use it may be affected. Here are the logs of AntiMalware and FRST. Malwarebytes Anti-Malware (if there is any issues cause of the language, let me know) FRST.txt Addition.txt was a bit large so it is attached. Addition.txt Anyone who read this post, thanks for the attention and sorry if there are some grammar/spelling errors (I'm not a native english speaker).
  13. Hello I am wondering if anyone can help me. Recently I have been recieving a pop up from MBAM saying that it is blocking an outboud malicous website. It seems to happen everytime I delete spam from my Yahoo e-mail (weird). I've run scans several times but it says no malware. It says its blocking defense47.com and it is going throuh firefox.exe. Should I be worried? Please help.
  14. This topic is focusing more on Yahoo's spam, but Bing is not innocent with this kind of behavior either. Let me start by saying I have many years experience fixing computers, software and hardware. I would consider myself almost an expert at clearing up viruses and spyware, using Malwarebytes as a helper of course, but I'm starting to see an annoying pattern that I feel is either an invasion of privacy or possibly even Yahoo and Bing using viruses to spread their own inferior software. Obviously there are times when Yahoo and Bing toolbars are installed legitimately, annoyingly, but legitimately as companionware when you install other programs, these are not (not all) viruses. However, I've noticed a pattern that whenever a computer has viruses, one or more of the viruses has either: changed default web page to Bing or Yahoo, or installed their crap toolbars or other useless addons from Yahoo and Bing. The same thing happens when I notice a new virus on a computer, to find out Yahoo or Bing crap was installed immediately after, with NO approval, no prompting, just installed without any notice. To me, this is very suspicious, why would someone writing a virus inject Yahoo or Bing software into a computer? What benefit does the software writer get from this, unless they are working for either of the companies? This sounds like conspiracy yes, but to me it is very logical but unethical thing they are doing, and it makes very little sense to me that a software writer for a virus would make such an obvious change like adding toolbars and changing the webpage without any motive. Let me repeat, I am NOT talking about when toolbars and homepages are changed legitimately (although annoying and often very hidden) when you install another program. What I am talking about is 2 cases: 1) You install a program, check to make sure nothing is additional is installed, yet Yahoo or Bing took over your browser somehow by adding toolbars and change homepages. 2) You realize a computer has a virus now, before the virus it has no addons and Google as its home page, now after the virus appeared, your home page is Yahoo/Bing and you get all their addons installed unknowingly. Frankly, this type of crap pisses me off more than viruses.
  15. Hey everyone, Recently I've been having some real trouble with my email and social media and am looking for your guys input. I noticed my email sending out messages to people in my contact book without my knowing on 2 of my 4 email accounts. I changed both the passwords, but the sending has continued. And also, tonight for the first time, my Twitter was tweeting links to websites that I did not authorize. Ive done multiple virus scans to no prevail. Do you all have any suggestions of what to do besides continuely changing passwords? Is their a keylogger somewhere on my computer. Please help!
  16. Hello. I have a client that has several emails set up in her Thunderbird email client. The email accounts that were set up to this computer were sending a lot of spam. I cleaned the computer with Malwarebytes and Nod32, the computer seemed clean but when I changed all the passwords and put them in the Thunderbird accounts again, it started to send out a lot of spam again. Any idea how to remove this trojan if Nod32 nor malwarebytes can't find it? Thanks!
  17. Hello Has any one noticed a huge rise recently in spam Emails being sent from hacked accounts with links to malicious sites? Nutloaf
  18. I keep getting this "Succefully blocked access to a potentially malicious website: ##,##,###,##". It pops up every couple of seconds and its really annoying. I think im getting spammed by some hackers.. Does anyone know how i can block their access completely??? Malware Pro keeps blocking access to mutiple Potentially Malicious Websites... Every Couple of Seconds
  19. Good day, Please see the print screen, do you have any advice on what to do about the hyperlink spam shown, random words will be turned into an hyperlink and when hovering above the link with my mouse will show the pop-up. Really looking forward to your answer and hopefully solution. I have tried several scanning/cleaning products. Regards attach.txt dds.txt
  20. Good day, Please see the print screen, do you have any advice on what to do about the hyperlink spam shown, random words will be turned into an hyperlink and when hovering above the link with my mouse will show the pop-up. Really looking forward to your answer and hopefully solution. I have tried several scanning/cleaning products. Regards Derk
  21. FIrst and foremost, thank you for the help. Recently when I click links in Google, I am redirected to Spam websites. This happens regardless of which browser I use. I've included my HiJackThis log below and I've attached the results of the DDS scan. Again, thank you for the help - I genuinely appreciate it. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:05:22 AM, on 9/22/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Bobby\AppData\Roaming\KB00397977.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [Apple Computer] rundll32.exe "C:\Users\Bobby\AppData\Local\Evernote\Apple Computer\bycwwerm.dll",AllocInstanceDataW O4 - HKCU\..\Run: [KB00397977.exe] "C:\Users\Bobby\AppData\Roaming\KB00397977.exe" O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing) O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing) O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14759 bytes Attach.txt DDS.txt
  22. Hello, I just activated the Malwarebytes Windows Protection and i got since the first seconds a notification spam coming with this report : IP-BLOCK 83.133.124.95 (Type: outgoing, Port: 60809, Process: svchost.exe) with various IP adresses. I use Windows 7 64 bits and i have every 10 seconds this blue circle next to my mouse arrow (meaning something is working) followed by a Malwarebytes Ip block. I spend a long time on forums looking for a solution but i didnt find any. I just downloaded the DDS file and just wait for any answer to post my DDS and Attach files. Sorry for my bad english skills. Thank you Here are my DDS and Attach Files for the previous post : . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Oddworld at 1:55:42 on 2012-06-04 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.8174.5860 [GMT 2:00] . AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Mouse Driver\Tilt.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.fr/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF uInternet Settings,ProxyServer = socks=127.0.0.1:39042 mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [inno Tilt] "C:\Program Files (x86)\Mouse Driver\Tilt.exe" /hide mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.co...72743-17534-1/4 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{23542118-D7AB-4C32-84F3-BF8DB261EC02} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} {9030D464-4C02-4ABF-8ECC-5164760863C6} {AA58ED58-01DD-4d91-8333-CF10577473F7} {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} {DBC80044-A445-435b-BC74-9C25C1C588A9} {E33CF602-D945-461A-83F0-819F76A199F8} {2318C2B1-4965-11d4-9B18-009027A5CD4F} mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [inno Tilt] "C:\Program Files (x86)\Mouse Driver\Tilt.exe" /hide mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.co...72743-17534-1/4 IE-X64: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.co...72743-17534-1/4 . ============= SERVICES / DRIVERS =============== . R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-23 13592] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-30 654408] R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-9-28 25824] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-4 2348352] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-23 2656280] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-30 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856] S3 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296] S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-30 136176] S3 mv91xx;mv91xx;C:\Windows\system32\drivers\mv91xx.sys --> C:\Windows\system32\drivers\mv91xx.sys [?] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 wsvd;wsvd;C:\Windows\system32\DRIVERS\wsvd.sys --> C:\Windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-06-03 21:48:57 -------- d-----w- C:\Windows\CheckSur 2012-06-01 09:55:52 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6687E6CC-AEC3-43FC-8EC9-EA7544717CD9}\mpengine.dll 2012-05-31 14:50:20 -------- d-----w- C:\Users\Oddworld\AppData\Local\Diagnostics 2012-05-31 14:42:41 -------- d-----w- C:\Users\Oddworld\AppData\Roaming\Mauk 2012-05-31 14:42:41 -------- d-----w- C:\Users\Oddworld\AppData\Roaming\Inumt 2012-05-24 09:14:02 -------- d-----w- C:\Users\Oddworld\AppData\Roaming\LolClient2 2012-05-21 20:59:25 -------- d-----w- C:\Users\Oddworld\AppData\Local\Chromium 2012-05-15 16:50:16 -------- d-----w- C:\Users\Oddworld\AppData\Local\ElevatedDiagnostics 2012-05-11 20:04:11 -------- d-----w- C:\Users\Oddworld\AppData\Roaming\TS3Client 2012-05-11 20:02:50 -------- d-----w- C:\Users\Oddworld\AppData\Local\TeamSpeak 3 Client 2012-05-07 16:28:06 -------- d-----w- C:\ProgramData\TERA 2012-05-07 15:48:50 -------- d-----w- C:\Program Files (x86)\TERA 2012-05-05 13:18:58 -------- d-----w- C:\ProgramData\boost_interprocess 2012-05-05 13:18:21 -------- d-----r- C:\Program Files (x86)\Skype . ==================== Find3M ==================== . 2012-06-01 14:10:42 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-06-01 14:10:42 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-06-01 14:10:27 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-05-04 20:21:34 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys . ============= FINISH: 1:56:04,68 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Édition Familiale Premium Boot Device: \Device\HarddiskVolume1 Install Date: 30/04/2012 12:38:03 System Uptime: 03/06/2012 22:34:31 (3 hours ago) . Motherboard: MEDION | | MS-7667 Processor: Intel® Core™ i7-2700K CPU @ 3.50GHz | CPU 1 | 3501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 1346 GiB total, 1203,033 GiB free. D: is FIXED (NTFS) - 50 GiB total, 0,007 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP19: 31/05/2012 17:06:14 - OpÉration de restauration RP20: 31/05/2012 17:37:26 - InstallÉ Realtek Ethernet Controller Driver RP21: 01/06/2012 11:55:32 - Windows Update RP22: 03/06/2012 19:00:17 - Sauvegarde Windows RP23: 03/06/2012 23:48:42 - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Reader X (10.1.3) MUI Adobe Shockwave Player 11.6 Battlefield 3™ Battlelog Web Plugins Call of Duty: Black Ops - Multiplayer Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Controlo ActiveX do Windows Live Mesh para Ligações Remotas CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDVD Copy CyberLink PowerRecover CyberLink WaveEditor D3DX10 Erazer Control Center ESN Sonar Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych Fotogalerija Windows Live Galeria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galería fotográfica de Windows Live Google Chrome Google Toolbar for Internet Explorer Google Update Helper Half-Life 2 Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java™ 7 Update 1 JMicron JMB36X Driver Junk Mail filter update Kaspersky Internet Security 2012 Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave League of Legends Malwarebytes Anti-Malware version 1.61.0.1400 Medion Home Cinema Memeo Instant Backup Mesh Runtime Microsoft Office 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mouse driver MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB973688) NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Origin Pando Media Booster Poczta uslugi Windows Live Podstawowe programy Windows Live Pošta Windows Live PunkBuster Services Raccolta foto di Windows Live Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver S?????? f?t???af??? t?? Windows Live Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Skype Click to Call Skype™ 5.9 Spelling Dictionaries Support For Adobe Reader X St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? Steam swMSM TeamSpeak 3 Client TERA Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi VLC media player 2.0.1 Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Fotogalerie Windows Live Fotograf Galerisi Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX-vezÉrlo távoli kapcsolatokhoz Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== End Of File ===========================
  23. I don't know what this is, but nothing seems to get rid of it. I have posted the Malwarebytes Log details. Can anyone help? much regards, Denise. Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.29.04 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Nick & Denise :: DRAGONFLYECLIPS [administrator] Protection: Enabled 3/1/2012 8:28:55 AM mbam-log-2012-03-01 (08-28-55).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File System | P2P Objects scanned: 156065 Time elapsed: 1 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully. HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.