Jump to content

Persistent Malicious IP Blocked Message


jwino

Recommended Posts

I'm continually getting a message that Malwarebytes is blocking 94.102.51.139. It happens every few seconds and I cannot stop it. The message has become very annoying and I would appreciate anyone's help stopping it.

The IP address appears to be malicious:

http://hosts-file.net/default.asp?s=94.102.51.139

Please follow these instructions (skipping any steps you are unable to complete) for posting in our Malware Removal - HijackThis Logs forum. If you cannot follow any of those steps, then please create a new topic in that forum explaining what happened when you tried to run each of the tools in the instructions, and the expert who helps you will be able to suggest steps to take to get the tools working.

Alternately, you may contact our helpdesk and someone can work through this issue with you via e-mail.

--------------------

Arthur Wilkinson

Malwarebytes Customer Support

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Here are the results of the scans requested. I followed instructions for downloading GMER and I get the following results:

I saved GMER on desktop and when attempting to install I get the following in a pop up window c:\windows\system32\config\system: The system cannot find the file specified.

I click on OK, the only boxes checked are :

services

registry

files

drive C

ADS

The remaining boxes are grayed out. I click scan and get this message in another popup:

c:\windows\system32\config\system: the process cannot access the file because it is being used by another process.

I click OK and the scanning starts. Upon completion I get this message: GMER hasn't found any system modification and I saved the file as instructed.

DDS (Ver_09-12-01.01) - NTFSX64

Run by Bigdaddy at 6:01:28.23 on Sun 12/27/2009

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8183.6364 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe

C:\Program Files (x86)\Dantz\Retrospect Express HD\retrorun.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Webroot\Washer\WasherSvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\LargeSoftware Password Manager\lspass.exe

C:\Program Files (x86)\LargeSoftware Password Manager\lspass.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Warecentral\PrintKey-Pro\PKey_Pro.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Bigdaddy\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://cnn.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\syswow64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.1.0.19\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.1.0.19\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\mif5ba~1\office12\GR469A~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: TBSB07286 Class: {c23d0d6a-8cba-4b33-9735-47d81f5b2b85} - c:\program files (x86)\ecobar\ecobar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.1.0.19\coIEPlg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Ecobar: {59382727-9048-6123-1523-597264847187} - c:\program files (x86)\ecobar\ecobar.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [PasswordManager] c:\program files (x86)\largesoftware password manager\lspass.exe

uRun: [LargeSoftPasswordManager] c:\program files (x86)\largesoftware password manager\lspass.exe

uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe

mRun: [shwiconXP9106] c:\program files (x86)\multimedia card reader(9106)\ShwiconXP9106.exe

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"

mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MaxtorOneTouch] c:\progra~2\maxtor\onetouch\utils\OneTouch.exe

mRun: [RetroExpress] c:\progra~2\dantz\retros~1\RetroExpress.exe /h

mRun: [Acrobat Assistant 7.0] "c:\program files (x86)\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [NeroFilterCheck] c:\windows\syswow64\NeroCheck.exe

mRun: [EEventManager] c:\program files (x86)\epson\creativity suite\event manager\EEventManager.exe

mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\bigdaddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\users\bigdaddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe

StartupFolder: c:\users\bigdaddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\common files\logishrd\ereg\common\eReg.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files (x86)\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\printk~1.lnk - c:\program files (x86)\warecentral\printkey-pro\PKey_Pro.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files (x86)\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~2\mif5ba~1\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\mif5ba~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\mif5ba~1\office12\GRA32A~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\mif5ba~1\office12\GR469A~1.DLL

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {59382727-9048-6123-1523-597264847187} - No File

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe

mRun-x64: [skytel] c:\program files\realtek\audio\hda\Skytel.exe

mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-12-15 55280]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1101000.013\SymDS64.sys [2009-12-21 433200]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1101000.013\SymEFA64.sys [2009-12-21 219184]

R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20091205.001\BHDrvx64.sys [2009-12-4 668720]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1101000.013\cchpx64.sys [2009-12-21 615040]

R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20091217.002\IDSviA64.sys [2009-12-21 466992]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1101000.013\Ironx64.sys [2009-12-21 146992]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1101000.013\symtdiv.sys [2009-12-21 450608]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/12/15 20:25:38];c:\program files (x86)\cyberlink\powerdvd dx\000.fcl [2009-12-15 146928]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2009-12-15 92160]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2009-12-22 276816]

R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\17.1.0.19\ccSvcHst.exe [2009-12-21 126392]

R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-12-24 598856]

R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2009-12-24 51120]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-24 132656]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-12-15 317480]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-22 22104]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-12-15 83488]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-6-10 166384]

S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-10 1124848]

S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-6-10 309744]

=============== Created Last 30 ================

2009-12-27 11:58:49 0 ----a-w- c:\users\bigdaddy\defogger_reenable

2009-12-26 21:41:02 1508 ----a-w- c:\users\bigdaddy\.recently-used.xbel

2009-12-26 15:52:24 0 d-----w- c:\users\bigdaddy\.thumbnails

2009-12-26 15:51:24 0 d-----w- c:\users\bigdaddy\.gimp-2.6

2009-12-26 15:51:03 0 d-----w- c:\program files (x86)\GIMP-2.0

2009-12-26 15:25:13 0 d-----w- c:\program files (x86)\ecobar

2009-12-26 15:24:56 0 d-----w- C:\sysmon

2009-12-26 15:14:24 0 d-----w- c:\users\bigdaddy\appdata\roaming\uTorrent

2009-12-26 14:27:01 0 d-----w- c:\program files\WinRAR

2009-12-26 04:41:40 0 d-----w- c:\users\bigdaddy\appdata\roaming\LimeWire

2009-12-26 04:41:04 0 d-----w- c:\program files (x86)\LimeWire

2009-12-25 16:38:25 0 d-----w- c:\programdata\NOS

2009-12-25 04:30:15 0 d-----w- c:\users\bigdaddy\appdata\roaming\Largesoft

2009-12-25 04:27:59 58368 ----a-w- c:\windows\mpfClean.exe

2009-12-25 04:26:48 0 d-----w- c:\programdata\Webroot

2009-12-25 04:26:39 194888 ----a-w- c:\windows\Unwash6.exe

2009-12-25 04:24:53 0 d-----w- c:\users\bigdaddy\appdata\roaming\Webroot

2009-12-25 04:24:53 0 d-----w- c:\program files\Webroot

2009-12-25 04:24:53 0 d-----w- c:\program files (x86)\common files\Webroot Shared

2009-12-25 04:20:49 603 ----a-w- c:\windows\system32\btneighborhood.dll.manifest

2009-12-25 04:20:49 593 ----a-w- c:\windows\system32\btcss.dll.manifest

2009-12-25 04:20:49 586 ----a-w- c:\windows\system32\btcpl.cpl.manifest

2009-12-25 04:20:30 114176 ----a-w- c:\windows\system32\btw_ci.dll

2009-12-25 04:20:29 78640 ----a-w- c:\windows\system32\drivers\btwhid.sys

2009-12-25 04:20:29 54320 ----a-w- c:\windows\system32\drivers\btport.sys

2009-12-25 04:20:29 156456 ----a-w- c:\windows\system32\drivers\btwdndis.sys

2009-12-25 04:20:29 1149096 ----a-w- c:\windows\system32\drivers\btkrnl.sys

2009-12-25 04:20:28 174120 ----a-w- c:\windows\system32\drivers\btaudio.sys

2009-12-25 04:20:18 0 d-----w- c:\program files\WIDCOMM

2009-12-25 04:14:01 0 d-----w- c:\program files (x86)\LargeSoftware Password Manager

2009-12-24 21:36:03 676224 ----a-w- c:\windows\system32\OGACheckControl.DLL

2009-12-24 21:26:57 0 d-----w- c:\program files\Microsoft Office

2009-12-24 21:26:54 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2009-12-24 21:26:23 0 d-----w- c:\programdata\Microsoft Help

2009-12-24 21:04:47 0 d-----w- C:\HP LJ1320 PCL6 Driver

2009-12-24 21:03:10 0 d-----w- c:\program files\Hewlett-Packard

2009-12-24 21:03:08 0 ----a-w- c:\windows\HPMProp.INI

2009-12-24 21:02:47 0 d-----w- c:\programdata\Hewlett-Packard

2009-12-24 21:02:35 64024 ----a-w- c:\windows\syswow64\hppccompio.dll

2009-12-24 21:02:35 61464 ----a-w- c:\windows\system32\hppdcompio.dll

2009-12-24 21:02:35 432128 ----a-w- c:\windows\system32\hpmml094.dll

2009-12-24 21:02:35 410112 ----a-w- c:\windows\system32\hpmpm081.dll

2009-12-24 21:02:35 388096 ----a-w- c:\windows\system32\hpmtp094.dll

2009-12-24 21:02:35 376320 ----a-w- c:\windows\system32\hpmja094.dll

2009-12-24 21:02:35 341504 ----a-w- c:\windows\system32\hpmpw081.dll

2009-12-24 21:02:35 22016 ----a-w- c:\windows\system32\hppmopjl.dll

2009-12-24 21:02:34 671816 ----a-w- c:\windows\syswow64\hpcdmc32.dll

2009-12-24 21:02:34 60440 ----a-w- c:\windows\system32\FxCompChannel_x64.dll

2009-12-24 21:02:34 276480 ----a-w- c:\windows\syswow64\hpcc3094.DLL

2009-12-24 21:02:34 157184 ----a-w- c:\windows\system32\hpcpn094.dll

2009-12-24 20:36:34 53296 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2009-12-24 18:34:41 0 d-----w- c:\program files (x86)\Auction Sentry

2009-12-24 18:15:15 0 d-----w- c:\programdata\Cloudmark

2009-12-24 18:15:10 0 d-----w- c:\users\bigdaddy\appdata\roaming\Cloudmark

2009-12-24 18:14:44 0 d-----w- c:\program files (x86)\common files\Cloudmark

2009-12-24 18:14:44 0 d-----w- c:\program files (x86)\Cloudmark

2009-12-24 18:14:26 0 d-----w- c:\program files\common files\Zero G Software

2009-12-24 17:44:35 0 d-----w- c:\programdata\WinZip

2009-12-24 17:36:11 0 d-sh--w- C:\Diskeeper

2009-12-24 17:32:00 51120 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys

2009-12-24 17:31:56 0 d-----w- c:\programdata\Diskeeper Corporation

2009-12-24 17:31:56 0 d-----w- c:\program files\Diskeeper Corporation

2009-12-24 17:31:56 0 d-----w- c:\program files\common files\Diskeeper Corporation

2009-12-24 17:30:36 0 d-----w- c:\users\bigdaddy\Diskeeper

2009-12-24 17:16:50 0 d-----w- c:\program files (x86)\Diskeeper Corporation

2009-12-24 17:06:25 379 ----a-w- c:\windows\PowerReg.dat

2009-12-24 16:55:46 36 ----a-w- c:\windows\iltwain.ini

2009-12-24 16:55:45 62 ----a-w- c:\windows\Addrfixr.ini

2009-12-24 16:53:40 57344 ----a-w- c:\windows\syswow64\DYMOCFG.DLL

2009-12-24 16:53:37 418304 ----a-w- c:\windows\syswow64\DYMOSmartPaste.dll

2009-12-24 16:53:37 172032 ----a-w- c:\windows\syswow64\Clw.dll

2009-12-24 16:53:36 0 d-----w- c:\program files (x86)\DYMO Label

2009-12-24 16:52:51 155648 ----a-w- c:\windows\syswow64\DYMOINST.DLL

2009-12-24 16:37:53 0 d-----w- c:\program files (x86)\Warecentral

2009-12-24 16:18:32 0 d-----w- C:\EPSONREG

2009-12-24 16:06:01 0 d-----w- c:\program files (x86)\NewSoft

2009-12-24 16:05:59 306688 ----a-w- c:\windows\IsUninst.exe

2009-12-24 16:04:24 0 d-----w- c:\program files (x86)\ABBYY FineReader 6.0 Sprint

2009-12-24 15:58:17 5632 ----a-w- c:\windows\system32\escdev.dll

2009-12-24 15:58:17 4608 ----a-w- c:\windows\system32\esxwiaml.dll

2009-12-24 15:58:16 95744 ----a-w- c:\windows\system32\esxwia54.dll

2009-12-24 15:58:16 65793 ----a-w- c:\windows\system32\esfw54.bin

2009-12-24 15:58:16 184832 ----a-w- c:\windows\system32\esxuin54.dll

2009-12-24 15:58:16 172032 ----a-w- c:\windows\syswow64\esint54.dll

2009-12-24 15:57:41 44 ----a-w- c:\windows\PERF4490.ini

2009-12-24 12:39:19 0 d-----w- c:\programdata\Nero

2009-12-24 12:39:05 2388176 ----a-w- c:\windows\syswow64\d3dx9_30.dll

2009-12-24 12:29:54 0 d-----w- c:\program files (x86)\Nero

2009-12-24 03:45:16 0 d-----w- c:\programdata\Adobe Systems

2009-12-24 03:45:11 0 d-----w- c:\program files (x86)\common files\Adobe Systems Shared

2009-12-24 03:14:52 0 d-----w- c:\windows\syswow64\spool

2009-12-24 00:24:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2009-12-24 00:24:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2009-12-24 00:23:45 190992 ----a-w- c:\windows\system32\BtCoreIf.dll

2009-12-24 00:23:31 95760 ----a-w- c:\windows\system32\KemXML.dll

2009-12-24 00:23:31 235536 ----a-w- c:\windows\system32\kemutb.dll

2009-12-24 00:23:31 232976 ----a-w- c:\windows\system32\KemUtil.dll

2009-12-24 00:23:31 158736 ----a-w- c:\windows\system32\KemWnd.dll

2009-12-24 00:23:11 0 d-----w- c:\programdata\Logitech

2009-12-24 00:23:07 0 d-----w- c:\program files\common files\Logishrd

2009-12-24 00:23:00 0 d-----w- c:\program files\Logitech

2009-12-24 00:22:07 0 d-----w- c:\programdata\LogiShrd

2009-12-23 03:38:08 0 d-----w- c:\program files (x86)\common files\Symantec Shared

2009-12-23 01:28:09 0 d-----w- c:\programdata\RetroExp

2009-12-23 01:27:59 0 d-----w- c:\program files (x86)\Dantz

2009-12-23 01:26:27 743126 ----a-w- c:\windows\syswow64\PerfStringBackup.INI

2009-12-23 01:26:06 0 d-----w- c:\windows\syswow64\URTTEMP

2009-12-23 01:25:24 0 d-----w- c:\program files (x86)\Maxtor

2009-12-23 01:24:58 0 d-----w- c:\windows\Downloaded Installations

2009-12-23 00:00:10 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-22 23:59:50 0 d-----w- c:\users\bigdaddy\appdata\roaming\Malwarebytes

2009-12-22 23:59:46 0 d-----w- c:\programdata\Malwarebytes

2009-12-22 23:59:46 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2009-12-22 23:48:44 0 d--h--w- c:\programdata\CanonBJ

2009-12-22 23:37:37 376 ----a-w- c:\windows\ODBC.INI

2009-12-22 23:36:54 0 d-----w- c:\program files (x86)\common files\L&H

2009-12-22 23:36:51 0 d-----w- c:\program files (x86)\Microsoft ActiveSync

2009-12-22 23:10:46 66560 ----a-w- c:\windows\system32\esxcwiab.dll

2009-12-22 23:10:46 0 d-----w- c:\program files (x86)\epson

2009-12-22 23:10:31 0 d-----w- C:\EPSON

2009-12-22 03:39:39 149280 ----a-w- c:\windows\syswow64\javaws.exe

2009-12-22 03:39:38 145184 ----a-w- c:\windows\syswow64\javaw.exe

2009-12-22 03:39:38 145184 ----a-w- c:\windows\syswow64\java.exe

2009-12-22 03:33:07 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF

2009-12-22 03:33:07 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT

2009-12-22 03:33:07 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2009-12-22 03:33:03 0 d-----w- c:\program files\Symantec

2009-12-22 03:33:03 0 d-----w- c:\program files\common files\Symantec Shared

2009-12-22 03:32:26 0 d-----w- c:\windows\system32\drivers\NISx64

2009-12-22 03:32:13 0 d-----w- c:\program files (x86)\Norton Internet Security

2009-12-22 03:28:32 0 d-----w- c:\programdata\Norton

2009-12-22 03:24:06 0 d-----w- c:\programdata\NortonInstaller

2009-12-22 03:24:06 0 d-----w- c:\program files (x86)\NortonInstaller

2009-12-22 03:18:58 0 d-----w- c:\users\bigdaddy\appdata\roaming\Dell

2009-12-16 04:14:47 88064 ----a-w- c:\windows\system32\CmdRtr64.DLL

2009-12-16 04:14:47 72704 ----a-w- c:\windows\syswow64\CmdRtr.DLL

2009-12-16 04:14:47 188416 ----a-w- c:\windows\system32\APOMgr64.DLL

2009-12-16 04:14:47 159 ---ha-r- c:\windows\ctfile.rfc

2009-12-16 04:14:47 146432 ----a-w- c:\windows\syswow64\APOMngr.DLL

2009-12-16 04:14:33 0 d-----w- c:\windows\syswow64\RTCOM

2009-12-16 04:14:33 0 d-----w- c:\program files\Realtek

2009-12-16 04:13:54 0 d-sh--w- c:\windows\Installer

2009-12-16 04:13:49 539168 ----a-w- c:\windows\system32\nvuninst.exe

2009-12-16 04:13:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2009-12-16 04:11:04 25394 ---ha-r- C:\dell.sdr

2009-12-16 04:08:16 0 d-----w- c:\windows\system32\oem

2009-12-16 04:08:14 0 d-----w- c:\windows\Panther

2009-12-16 04:08:14 0 d-----w- C:\Drivers

2009-12-16 04:02:03 0 d-----w- C:\dell

2009-12-16 02:38:21 782444 -c--a-w- c:\windows\system32\chklogo6.wtl

2009-12-16 02:35:58 0 d-----w- c:\program files (x86)\Dell

2009-12-16 02:34:51 0 d-----w- c:\programdata\McAfee

2009-12-16 02:31:53 0 d-----w- c:\program files\Dell

2009-12-16 02:30:23 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-12-16 02:30:23 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll

2009-12-16 02:30:04 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2009-12-16 02:28:48 0 d-----w- c:\program files (x86)\Microsoft

2009-12-16 02:28:24 0 d-----w- c:\program files (x86)\Windows Live SkyDrive

2009-12-16 02:27:52 0 d-----w- c:\windows\PCHEALTH

2009-12-16 02:25:47 0 d-----w- c:\program files (x86)\common files\Windows Live

2009-12-16 02:25:35 0 d-----w- c:\programdata\Dell

2009-12-16 02:25:35 0 d-----w- c:\programdata\CyberLink

2009-12-16 02:25:18 0 d-----w- c:\programdata\Uninstall

2009-12-16 02:25:14 0 d-----w- c:\program files\Roxio

2009-12-16 02:24:38 0 d-----w- c:\programdata\Sonic

2009-12-16 02:24:24 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys

2009-12-16 02:24:24 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys

2009-12-16 02:24:24 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2009-12-16 02:24:04 0 d-----w- c:\programdata\Roxio

2009-12-16 02:23:45 0 d-----w- c:\program files (x86)\common files\SureThing Shared

2009-12-16 02:23:32 0 d-----w- c:\program files (x86)\common files\Sonic Shared

2009-12-16 02:23:32 0 d-----w- c:\program files (x86)\common files\PX Storage Engine

2009-12-16 02:23:23 0 d-----w- c:\programdata\InstallShield

2009-12-16 02:23:22 0 d-----w- c:\program files (x86)\Roxio

2009-12-16 02:22:58 506728 ----a-w- c:\windows\system32\d3dx10_33.dll

2009-12-16 02:22:58 443752 ----a-w- c:\windows\syswow64\d3dx10_33.dll

2009-12-16 02:22:58 1400176 ----a-w- c:\windows\system32\D3DCompiler_33.dll

2009-12-16 02:22:58 1123696 ----a-w- c:\windows\syswow64\D3DCompiler_33.dll

2009-12-16 02:22:57 4494184 ----a-w- c:\windows\system32\d3dx9_33.dll

2009-12-16 02:22:57 3495784 ----a-w- c:\windows\syswow64\d3dx9_33.dll

2009-12-16 02:20:24 0 d-----w- c:\programdata\Adobe

2009-12-16 02:19:53 0 d-----w- c:\program files (x86)\Multimedia Card Reader(9106)

2009-12-16 02:19:37 0 d-----w- C:\Intel

2009-12-16 02:19:32 455680 ----a-w- c:\windows\system32\deploytk.dll

2009-12-16 02:19:30 0 d-----w- c:\program files\Java

2009-12-16 02:19:07 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2009-12-16 02:18:40 0 d-----w- c:\windows\syswow64\Macromed

2009-12-16 02:18:37 0 d-----w- c:\program files\Dell Inc

2009-12-16 02:18:07 0 d-----w- c:\programdata\NVIDIA

2009-12-14 19:15:14 2146304 ----a-w- c:\windows\syswow64\GPhotos.scr

2009-12-04 17:12:08 96768 ----a-w- c:\windows\system32\hpmco094.dll

2009-12-04 17:12:06 508928 ----a-w- c:\windows\system32\SET4503.tmp

2009-12-04 17:11:38 551424 ----a-w- c:\windows\system32\hpmprein.dll

==================== Find3M ====================

2009-12-16 04:09:02 25394 ----a-w- c:\windows\system32\drivers\1028_Dell_STU_8000.mrk

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 6:01:42.06 ===============

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

05:53:02 Bigdaddy IP-BLOCK 94.102.51.139

Attach.zip

ark.zip

Link to post
Share on other sites

:)

Can you please post the gmer log again. Thanks

I again ran gmer and had the same result as before.

I saved GMER on desktop and when attempting to install I get the following in a pop up window c:\windows\system32\config\system: The system cannot find the file specified.

I click on OK, the only boxes checked are :

services

registry

files

drive C

ADS

The remaining boxes are grayed out. I click scan and get this message in another popup:

c:\windows\system32\config\system: the process cannot access the file because it is being used by another process.

I click OK and the scanning starts. Upon completion I get this message: GMER hasn't found any system modification and I saved the file as instructed.

After the last message "GMER hasn't found any system modification" there is no file to save or send.

Thanks for your help.

Link to post
Share on other sites

okay i missed that your running a 64bit version of windows 7. Gmer will not work. Can you please update Malwarebytes to version 1.43 and see if that fixed the notification.

When does the blocked ip popup appear? When browsing or not? Thanks

Malwarebytes updated to 1.43 and it had no effect on the blocked ip popup. The popup apears mostly while surfing from on site to another but will just appear randomly as well.

Thanks,

Link to post
Share on other sites

You have adware that isn't currently detected, but please allow about 10 minutes for the database to update. After ten minutes please update your def's and it shall remove the adware eco toolbar.

Updated, scanned and removed 18 infected objects found. The popup ip block is gone. Thank you, thank you. It was an annoying little pest.

Thanks again,

Jim

Link to post
Share on other sites

Your Welcome!!!! Have a wonderful 2010

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:

1. Go to Start > Programs > Accessories > System Tools and click "System Restore".

2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Link to post
Share on other sites

Your Welcome!!!! Have a wonderful 2010

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:

1. Go to Start > Programs > Accessories > System Tools and click "System Restore".

2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

I do not have an option to create a restore point from where you directed me. The only option I have is to restore from a previous day. I do not see a radio button for create a restore point.

Thanks

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.