Jump to content

MWB keeps blocking


Recommended Posts


MWB keeps blocking Neither MWB or MSE finds anything and I don't think I'm infected - I'm using a relatively new computer and I haven't visited any dodgy sites that I'm aware of, installed any strange programs, etc.

I googled the IP address and it appears to belong to amazon. One forum describes it as being a "black hole" where conficker etc. traffic directed which put me a little on edge but I would have thought the anti-malware programs would have detected anything doing that?

Is this something I should run the scans and post logs to have checked or is it a harmless thing I don't need to worry about?

Link to post
Share on other sites


Please download DDS and save it to your desktop.

  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Click the image to enlarge it

    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt"

    [*]Save the log where you can easily find it, such as your desktop.


Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

Link to post
Share on other sites

  • 3 weeks later...

Hello Gammo,

Thanks for helping me out. I'm sorry I took so long to reply - the problem stopped for quite a while, but it started up again yesterday and continued today so I tried to run the scans you asked for. The DDS is below. I could not download the GMER program - when I clicked the link firefox said it couldn't contact the server. It did this also on the GMER page on both the coded link and the random filename button. It also caused MWB to pop up the balloon that it blocked access to the subject website when I did this. I am behind a corporate firewall of some sort - could this be causing the problem? The only other thing is I have been messing about with my video drivers trying to get Optimus to work. I have installed/reinstalled multiple versions and the installation of the current version I have installed seems to correspond to when I get the MWB warning - I reinstalled this version 2 days ago when the warnings started up again. Maybe it's just a coincidence. Anyway here is the log. Please let me know what I need to do next. Thanks again for your help.

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Mike at 20:53:21.92 on Wed 12/15/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3959.2616 [GMT 10:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}

============== Running Processes ===============



C:\Windows\system32\svchost.exe -k DcomLaunch


C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Online Armor\OAcat.exe

C:\Program Files (x86)\Online Armor\oasrv.exe


C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe


C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted




C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Online Armor\oaui.exe

C:\Program Files (x86)\Online Armor\OAhlp.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE



C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe


C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe




C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Online Armor\oaui.exe

C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files (x86)\Online Armor\OAhlp.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE


C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Online Armor\OAreg.exe

C:\Program Files (x86)\Online Armor\OAreg.exe





============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742g&r=273611109755l04f4z185v47j22755

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742g&r=273611109755l04f4z185v47j22755

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742g&r=273611109755l04f4z185v47j22755

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5742g&r=273611109755l04f4z185v47j22755

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe

mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

mRun-x64: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\OAui.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\rsrb6qnk.default\

FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-26 173984]

R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2010-11-24 54864]

R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2010-11-24 54896]

R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2010-11-24 37872]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-25 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-8-23 868896]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-20 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-1 363344]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]

R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2010-11-24 380784]

R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2010-11-24 3652696]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-3 13784]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-20 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-20 243232]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-20 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-20 158976]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-11-6 24152]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-26 40832]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-6-22 131688]

R3 OAnet;OnlineArmor Service;C:\Windows\System32\drivers\OAnet.sys [2010-11-24 32728]

R3 SjtWinIo;SJT I/O Driver;C:\Windows\System32\drivers\SjtWinIo.sys [2010-12-13 9216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-26 30969208]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-20 246376]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-20 50688]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-4 1255736]

=============== Created Last 30 ================

2010-12-15 10:41:23 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{AB294AAB-8E7E-4B55-9667-2B76C9910530}\mpengine.dll

2010-12-15 10:06:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-12-15 10:06:34 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-12-15 09:53:59 395776 ----a-w- C:\Windows\System32\webio.dll

2010-12-15 09:53:59 314368 ----a-w- C:\Windows\SysWow64\webio.dll

2010-12-15 09:48:24 3124224 ----a-w- C:\Windows\System32\win32k.sys

2010-12-15 09:46:07 112000 ----a-w- C:\Windows\System32\consent.exe

2010-12-15 09:44:32 46080 ----a-w- C:\Windows\System32\atmlib.dll

2010-12-15 09:44:32 367104 ----a-w- C:\Windows\System32\atmfd.dll

2010-12-15 09:44:32 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2010-12-15 09:44:32 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2010-12-15 09:41:07 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe

2010-12-15 09:41:07 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe

2010-12-15 09:41:07 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll

2010-12-13 10:54:41 9216 ----a-w- C:\Windows\System32\drivers\SjtWinIo.sys

2010-12-01 09:20:30 709456 ----a-w- C:\Windows\isRS-000.tmp

2010-11-28 04:10:36 -------- d-----w- C:\Program Files\iPod

2010-11-28 04:10:31 -------- d-----w- C:\Program Files\iTunes

2010-11-28 04:10:31 -------- d-----w- C:\Program Files (x86)\iTunes

2010-11-28 04:10:08 -------- d-----w- C:\Users\Mike\AppData\Local\Apple Computer

2010-11-25 04:40:42 2037864 ----a-w- C:\Windows\System32\nvapi64.dll

2010-11-24 10:56:14 -------- d-----w- C:\Users\Mike\AppData\Roaming\OnlineArmor

2010-11-23 23:17:19 -------- d-----w- C:\PROGRA~3\OnlineArmor

2010-11-23 23:15:33 54896 ----a-w- C:\Windows\SysWow64\drivers\oahlp64.sys

2010-11-23 23:15:32 54864 ----a-w- C:\Windows\SysWow64\drivers\OADriver.sys

2010-11-23 23:15:32 37872 ----a-w- C:\Windows\SysWow64\drivers\OAmon.sys

2010-11-23 23:15:32 32728 ----a-w- C:\Windows\System32\drivers\OAnet.sys

2010-11-23 23:15:14 -------- d-----w- C:\Program Files (x86)\Online Armor

2010-11-23 20:41:15 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-11-23 20:41:15 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-12-15 10:37:48 17920 ----a-w- C:\Windows\System32\rpcnetp.exe

2010-12-15 10:37:46 57752 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2010-12-15 10:37:46 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll

2010-12-15 10:36:52 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe

2010-11-29 07:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-19 09:03:36 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll

2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec

2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-04 04:23:40 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe

2010-11-04 04:23:33 57752 ------w- C:\Windows\SysWow64\rpcnet.exe

2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe

2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-10-16 18:55:00 1500264 ----a-w- C:\Windows\System32\nvdispco642050.dll

2010-10-16 18:55:00 1308776 ----a-w- C:\Windows\System32\nvgenco642030.dll

2010-10-16 03:13:24 61032 ----a-w- C:\Windows\System32\nvshext.dll

2010-09-23 05:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-09-23 05:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-09-21 19:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

2010-09-21 19:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

============= FINISH: 20:55:30.40 ===============

Link to post
Share on other sites

I was able to downlaod GMER from a computer that was not behind the firewall. I ran it with both the admin account and the non-admin one I usually use. On the admin account it didn't find anything - I got the popup no system modifications and the save file is blank. On the non-admin one it saved the following:

GMER - http://www.gmer.net

Rootkit scan 2010-12-16 13:56:06

Windows 6.1.7600

Running: gmer.exe

---- Files - GMER 1.0.15 ----

File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 524288 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites


Your logs appear to be clean now. You can put the IP on MBAM's ignore list if you want. Wait until the IP block appears. Then right-click on the Malwarebytes system-tray icon after the block notification appears, and choose "Add to Ignore List".

There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :rolleyes:

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.


Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.


Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.


Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.


Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.


Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.


Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.


I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!


Gammo :lol:

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.