Jump to content

Possible Infection?


Recommended Posts

I've got the 14 day free trial and I keep getting a popup from my system tray saying that you blocked a potentially harmful...

Here is the MBAM Log just for today. It's the same IP addresses over and over. I googled them and most come from China and one from Berlin. Please help me know if this is an infection or normal.

My wife plays Farmville and I keep deleting Adware from Gamevance from my MBAM site.

03:41:28 tim MESSAGE Protection started successfully

03:41:41 tim MESSAGE IP Protection started successfully

03:42:37 tim MESSAGE IP Protection stopped

03:43:06 tim MESSAGE Database updated successfully

03:43:16 tim MESSAGE IP Protection started successfully

03:49:47 tim IP-BLOCK 221.192.199.46 (Type: incoming)

04:25:06 tim IP-BLOCK 221.192.199.51 (Type: incoming)

04:56:31 tim IP-BLOCK 221.192.199.51 (Type: incoming)

05:12:11 tim IP-BLOCK 221.192.199.51 (Type: incoming)

05:12:11 tim IP-BLOCK 221.192.199.51 (Type: incoming)

05:13:25 tim IP-BLOCK 221.192.199.46 (Type: incoming)

05:15:22 tim IP-BLOCK 221.192.199.49 (Type: incoming)

05:15:23 tim IP-BLOCK 221.192.199.49 (Type: incoming)

05:15:23 tim IP-BLOCK 221.192.199.49 (Type: incoming)

05:15:23 tim IP-BLOCK 221.192.199.49 (Type: incoming)

05:43:41 tim IP-BLOCK 221.192.199.51 (Type: incoming)

05:43:58 tim IP-BLOCK 221.192.199.46 (Type: incoming)

05:55:36 tim IP-BLOCK 58.218.199.147 (Type: incoming)

05:55:36 tim IP-BLOCK 58.218.199.147 (Type: incoming)

05:55:36 tim IP-BLOCK 58.218.199.147 (Type: incoming)

05:55:37 tim IP-BLOCK 58.218.199.147 (Type: incoming)

05:59:38 tim IP-BLOCK 221.192.199.51 (Type: incoming)

06:31:56 tim IP-BLOCK 221.192.199.46 (Type: incoming)

06:57:24 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:03:19 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

07:15:23 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:19:09 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

07:28:05 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:34:46 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

07:38:38 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:43:50 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:49:04 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hi,

Here is the reports you requested along with yesterdays protection log. Today is beginning the same.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6811

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/8/2011 12:45:00 PM

mbam-log-2011-06-08 (12-45-00).txt

Scan type: Quick scan

Objects scanned: 177985

Time elapsed: 15 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

00:02:06 tim IP-BLOCK 221.192.199.46 (Type: incoming)

00:08:04 tim MESSAGE Protection started successfully

00:08:17 tim MESSAGE IP Protection started successfully

00:15:16 jamie MESSAGE Protection started successfully

00:15:27 jamie MESSAGE IP Protection started successfully

00:23:12 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

00:29:48 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

00:32:34 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

00:33:49 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

00:46:06 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

00:52:42 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

00:52:42 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

00:52:42 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

00:52:42 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

00:52:42 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

01:00:06 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

01:13:02 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

01:18:21 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

01:23:29 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

01:34:31 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

02:06:53 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

02:15:33 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

02:22:49 jamie MESSAGE Protection started successfully

02:23:03 jamie MESSAGE IP Protection started successfully

02:23:24 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

02:26:03 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

02:31:22 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

02:36:39 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

02:39:11 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

02:46:23 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

02:46:57 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

02:52:12 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

02:55:16 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

03:11:04 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

03:12:18 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

03:12:18 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

03:12:18 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

03:54:23 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

04:02:07 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

04:04:46 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

04:07:22 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

04:31:43 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

04:31:43 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

04:31:43 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

04:31:43 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

04:31:43 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

04:36:07 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

04:39:57 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

04:39:57 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

04:39:57 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

04:39:57 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

04:43:59 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

04:47:46 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

05:36:02 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

05:46:29 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

05:51:28 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

05:51:28 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

05:51:28 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

06:02:11 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

06:08:55 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

06:11:15 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

06:11:15 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

06:11:15 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

06:11:15 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

06:11:15 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

06:11:15 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

06:11:15 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

06:11:15 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

06:12:33 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

06:15:09 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

06:28:09 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

06:33:27 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

06:33:27 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

06:33:27 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

06:33:27 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

06:33:27 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

06:35:57 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

06:42:54 jamie IP-BLOCK 122.224.5.249 (Type: incoming)

06:56:45 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:11:28 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

07:12:18 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:17:28 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:22:36 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:27:48 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:35:28 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:38:04 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:43:10 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:45:35 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

07:45:47 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

07:50:48 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

07:50:48 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

07:50:48 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

07:50:48 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

07:50:49 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

08:08:59 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

08:19:24 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

08:27:07 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

08:27:07 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

08:27:07 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

08:27:07 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

08:30:44 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

08:32:27 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

08:34:09 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

08:34:09 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

08:58:23 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

09:02:23 jamie IP-BLOCK 222.186.26.115 (Type: incoming)

09:06:10 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

09:06:24 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

09:08:47 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

09:11:21 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

09:26:55 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

09:30:37 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

09:30:37 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

09:50:04 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

10:00:32 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

10:18:46 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

10:19:54 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

10:59:54 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

11:00:24 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

11:05:35 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

11:09:05 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

11:10:11 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

11:16:15 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

11:57:22 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

12:12:43 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

12:18:07 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

12:20:43 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

12:23:20 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

12:25:59 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

12:28:18 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

12:28:18 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

12:33:42 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

12:36:16 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

12:49:03 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

12:49:52 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

12:59:18 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

13:26:44 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

13:33:03 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

13:35:40 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

13:40:53 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

13:43:28 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

13:46:03 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

13:47:17 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

13:51:11 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

13:59:13 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

14:01:27 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

14:05:29 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

14:27:18 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

14:29:46 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

14:31:53 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

14:35:09 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

14:47:58 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

15:01:05 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

15:03:40 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

15:04:05 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

15:06:39 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

15:06:39 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

15:20:12 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

15:20:12 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

15:27:04 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

15:36:27 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

15:37:34 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

15:40:13 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

15:58:00 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

16:01:24 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

16:09:16 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

16:26:19 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

16:40:39 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

16:41:14 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

16:57:40 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

17:01:20 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

17:06:36 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

17:16:54 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

17:22:04 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

17:29:49 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

17:30:25 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

17:32:23 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

17:34:56 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

17:37:33 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

17:45:46 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

17:48:49 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

17:50:49 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

17:53:00 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

17:58:07 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

18:02:53 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

18:05:51 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

18:16:11 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

18:19:23 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

18:26:25 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

18:39:17 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

19:04:59 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

19:12:42 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

19:23:00 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

19:24:37 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

19:29:01 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

19:29:01 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

19:29:01 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

19:29:01 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

19:29:01 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

19:30:46 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

19:33:22 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

19:43:40 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

19:43:51 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

19:43:51 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

19:48:44 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

19:59:00 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

20:09:18 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

20:24:15 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

20:32:25 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

20:50:30 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

21:02:07 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

21:08:50 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

21:09:44 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

21:11:25 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

21:14:04 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

21:24:34 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

21:37:24 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

21:37:44 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

21:42:59 jamie IP-BLOCK 89.149.226.157 (Type: incoming)

21:43:39 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

21:45:33 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

21:48:12 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

21:53:28 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

21:58:39 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

22:01:13 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

22:03:49 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

22:07:01 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

22:08:56 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

22:24:33 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

22:47:46 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

22:49:07 jamie IP-BLOCK 221.192.199.49 (Type: incoming)

22:50:17 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

22:55:24 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

22:55:40 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

23:03:05 jamie IP-BLOCK 58.218.199.227 (Type: incoming)

23:05:37 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

23:15:47 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

23:26:05 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

23:28:03 jamie IP-BLOCK 221.192.199.51 (Type: incoming)

23:31:07 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

23:31:07 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

23:31:07 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

23:31:07 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

23:31:07 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

23:31:07 jamie IP-BLOCK 58.218.199.147 (Type: incoming)

23:36:24 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

23:44:06 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

23:51:53 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

23:54:29 jamie IP-BLOCK 221.192.199.46 (Type: incoming)

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by tim at 12:53:29 on 2011-06-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.87 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\imapi.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.isoregister.com/start/XXX23KJgoV.html

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: H - No File

BHO: Disabled:{02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Disabled:{3049C3E9-B461-4BC5-8870-4C09146192CA} - No File

BHO: Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No File

BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

BHO: Disabled:{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} -

TB: &Free Live Cams: {90fdd209-059a-4342-8b58-b82398766c03} -

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: {AE07101B-6902-0272-AF68-0333EA26E113} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\tim\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [DW6]

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [nwiz] nwiz.exe /install

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\tim\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

uPolicies-explorer: NoRealMode = 0 (0x0)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: &Search

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {102910D3-CF07-4BED-ACDC-D165385B9B66} - {102910D3-CF07-4BED-ACDC-D165385B9B66}

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: swom.com

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/66.25/uploader2.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282268045700

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sundanceglobalmeetings.webex.com/client/T27LB/nbr/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3

TCP: Interfaces\{6DC3A664-53D3-46A6-B9E5-566835320789} : DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\tim\application data\mozilla\firefox\profiles\cna2ukq5.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\tim\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-22 214664]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R1 MpKsl2da3aa39;MpKsl2da3aa39;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7e7bb9f-4333-44ea-a47b-ab4e7f98cec6}\MpKsl2da3aa39.sys [2011-6-8 28752]

R1 MpKsl7f605b98;MpKsl7f605b98;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7e7bb9f-4333-44ea-a47b-ab4e7f98cec6}\MpKsl7f605b98.sys [2011-6-8 28752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-21 366640]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-9-22 359952]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-21 22712]

S1 MpKsl15804233;MpKsl15804233;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d06bb89e-38b8-47ef-a9fd-2385279a80dc}\mpksl15804233.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d06bb89e-38b8-47ef-a9fd-2385279a80dc}\MpKsl15804233.sys [?]

S1 MpKsl22982282;MpKsl22982282;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{79f40447-5ac4-420d-8842-78adc2c69bb5}\mpksl22982282.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{79f40447-5ac4-420d-8842-78adc2c69bb5}\MpKsl22982282.sys [?]

S1 MpKsl27cc663f;MpKsl27cc663f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{31922f7a-a5a2-4b57-926c-2ae5aec7e0c4}\mpksl27cc663f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{31922f7a-a5a2-4b57-926c-2ae5aec7e0c4}\MpKsl27cc663f.sys [?]

S1 MpKsl36403069;MpKsl36403069;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a6d3347a-0844-4e3d-8234-bd69e9e11dd8}\mpksl36403069.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a6d3347a-0844-4e3d-8234-bd69e9e11dd8}\MpKsl36403069.sys [?]

S1 MpKsl458e7509;MpKsl458e7509;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a7f4821-3e28-4d6a-a0cf-8625a2327b09}\mpksl458e7509.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a7f4821-3e28-4d6a-a0cf-8625a2327b09}\MpKsl458e7509.sys [?]

S1 MpKsl4c76f3ae;MpKsl4c76f3ae;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d06bb89e-38b8-47ef-a9fd-2385279a80dc}\mpksl4c76f3ae.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d06bb89e-38b8-47ef-a9fd-2385279a80dc}\MpKsl4c76f3ae.sys [?]

S1 MpKsl4c7f7ed1;MpKsl4c7f7ed1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8bc4c20e-8263-4798-931a-2e664a33722d}\mpksl4c7f7ed1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8bc4c20e-8263-4798-931a-2e664a33722d}\MpKsl4c7f7ed1.sys [?]

S1 MpKsl5318e1db;MpKsl5318e1db;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd6659e2-7596-4307-83ae-dac3dc5b9454}\mpksl5318e1db.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd6659e2-7596-4307-83ae-dac3dc5b9454}\MpKsl5318e1db.sys [?]

S1 MpKsl53413f4b;MpKsl53413f4b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d1d6424-d4d2-4ae7-9a20-9564582b3a1f}\mpksl53413f4b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d1d6424-d4d2-4ae7-9a20-9564582b3a1f}\MpKsl53413f4b.sys [?]

S1 MpKsl65fcb168;MpKsl65fcb168;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5fbd6142-0b1e-40b4-9a87-73c81bfa4c32}\mpksl65fcb168.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5fbd6142-0b1e-40b4-9a87-73c81bfa4c32}\MpKsl65fcb168.sys [?]

S1 MpKsl75c52dba;MpKsl75c52dba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bd2405e2-43d4-426a-9a4a-d2b4ace44db7}\mpksl75c52dba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bd2405e2-43d4-426a-9a4a-d2b4ace44db7}\MpKsl75c52dba.sys [?]

S1 MpKsl8518fc78;MpKsl8518fc78;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7882e589-b45e-42f7-83dc-22b558af6814}\mpksl8518fc78.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7882e589-b45e-42f7-83dc-22b558af6814}\MpKsl8518fc78.sys [?]

S1 MpKsl8bea31be;MpKsl8bea31be;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9de6c46-4741-4ec3-a6ac-8e8b1dfe5dd1}\mpksl8bea31be.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9de6c46-4741-4ec3-a6ac-8e8b1dfe5dd1}\MpKsl8bea31be.sys [?]

S1 MpKsl914726c8;MpKsl914726c8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5bf28916-a364-4073-aa17-ad6c50b6dd17}\mpksl914726c8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5bf28916-a364-4073-aa17-ad6c50b6dd17}\MpKsl914726c8.sys [?]

S1 MpKsl927f684f;MpKsl927f684f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7882e589-b45e-42f7-83dc-22b558af6814}\mpksl927f684f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7882e589-b45e-42f7-83dc-22b558af6814}\MpKsl927f684f.sys [?]

S1 MpKsl9c664c74;MpKsl9c664c74;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69ba9521-f758-47a6-bffe-7c60f5ccb028}\mpksl9c664c74.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69ba9521-f758-47a6-bffe-7c60f5ccb028}\MpKsl9c664c74.sys [?]

S1 MpKsla3b075f3;MpKsla3b075f3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b03f529-f246-4b1e-90fd-54fb202cb232}\mpksla3b075f3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b03f529-f246-4b1e-90fd-54fb202cb232}\MpKsla3b075f3.sys [?]

S1 MpKsla768e932;MpKsla768e932;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e47c223-9fb8-4c68-9d2b-8f5f7cb9ab01}\mpksla768e932.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e47c223-9fb8-4c68-9d2b-8f5f7cb9ab01}\MpKsla768e932.sys [?]

S1 MpKslaa0d9c94;MpKslaa0d9c94;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8276e0ef-41b2-42b1-90d8-40ef5c90e293}\mpkslaa0d9c94.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8276e0ef-41b2-42b1-90d8-40ef5c90e293}\MpKslaa0d9c94.sys [?]

S1 MpKslad1eff7d;MpKslad1eff7d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dde74fc-ef47-4324-aced-03551cafc8a8}\mpkslad1eff7d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dde74fc-ef47-4324-aced-03551cafc8a8}\MpKslad1eff7d.sys [?]

S1 MpKslaf3c79c9;MpKslaf3c79c9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e7be672-6bfc-491e-9836-30f46e4e1173}\mpkslaf3c79c9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e7be672-6bfc-491e-9836-30f46e4e1173}\MpKslaf3c79c9.sys [?]

S1 MpKslbcc6f225;MpKslbcc6f225;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dde74fc-ef47-4324-aced-03551cafc8a8}\mpkslbcc6f225.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5dde74fc-ef47-4324-aced-03551cafc8a8}\MpKslbcc6f225.sys [?]

S1 MpKslbce6eb86;MpKslbce6eb86;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a10bb46-b8cc-41c9-85dd-89ab391a8a49}\mpkslbce6eb86.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a10bb46-b8cc-41c9-85dd-89ab391a8a49}\MpKslbce6eb86.sys [?]

S1 MpKslbe8cc028;MpKslbe8cc028;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{096e2879-647e-4124-ba4d-45fc12f1fcb7}\mpkslbe8cc028.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{096e2879-647e-4124-ba4d-45fc12f1fcb7}\MpKslbe8cc028.sys [?]

S1 MpKslbff70bf0;MpKslbff70bf0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dcf996a6-2ab1-40a0-bd7d-ff30ee4e1cb5}\mpkslbff70bf0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dcf996a6-2ab1-40a0-bd7d-ff30ee4e1cb5}\MpKslbff70bf0.sys [?]

S1 MpKslcecdbbbe;MpKslcecdbbbe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15ce4e77-a794-4a8f-b8bb-2f73fe5fe2a7}\mpkslcecdbbbe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{15ce4e77-a794-4a8f-b8bb-2f73fe5fe2a7}\MpKslcecdbbbe.sys [?]

S1 MpKslcf4f4592;MpKslcf4f4592;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be5b4c85-2edb-4f81-98c2-83216af3912a}\mpkslcf4f4592.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be5b4c85-2edb-4f81-98c2-83216af3912a}\MpKslcf4f4592.sys [?]

S1 MpKsld1b99e5b;MpKsld1b99e5b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02dbb2a-eaca-459b-ab36-d5ed8d72af9c}\mpksld1b99e5b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02dbb2a-eaca-459b-ab36-d5ed8d72af9c}\MpKsld1b99e5b.sys [?]

S1 MpKsld3da39cd;MpKsld3da39cd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{41773bd5-5bc9-4613-b191-8c0985503c09}\mpksld3da39cd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{41773bd5-5bc9-4613-b191-8c0985503c09}\MpKsld3da39cd.sys [?]

S1 MpKsle03dc152;MpKsle03dc152;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{806194fa-e149-4057-a48f-a0d865a05afc}\mpksle03dc152.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{806194fa-e149-4057-a48f-a0d865a05afc}\MpKsle03dc152.sys [?]

S1 MpKsle6335a73;MpKsle6335a73;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{380322bc-668f-4d9c-b203-0c22ba5215fb}\mpksle6335a73.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{380322bc-668f-4d9c-b203-0c22ba5215fb}\MpKsle6335a73.sys [?]

S1 MpKsle72b9d66;MpKsle72b9d66;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb951208-0d62-44eb-abbc-f93387a82c81}\mpksle72b9d66.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb951208-0d62-44eb-abbc-f93387a82c81}\MpKsle72b9d66.sys [?]

S1 MpKslef257eaf;MpKslef257eaf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9de6c46-4741-4ec3-a6ac-8e8b1dfe5dd1}\mpkslef257eaf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9de6c46-4741-4ec3-a6ac-8e8b1dfe5dd1}\MpKslef257eaf.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-20 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-20 136176]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-22 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys --> c:\windows\system32\drivers\mfebopk.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-9-22 34248]

S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

.

=============== Created Last 30 ================

.

2011-06-08 06:15:28 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7e7bb9f-4333-44ea-a47b-ab4e7f98cec6}\MpKsl2da3aa39.sys

2011-06-08 05:10:29 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7e7bb9f-4333-44ea-a47b-ab4e7f98cec6}\MpKsl7f605b98.sys

2011-06-08 05:07:01 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7e7bb9f-4333-44ea-a47b-ab4e7f98cec6}\mpengine.dll

2011-06-08 04:57:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-06 21:41:03 -------- d-----w- c:\program files\common files\xing shared

2011-06-04 07:50:54 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-04 07:50:54 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-04 07:50:18 -------- d-----w- C:\5405b6b5ca2b74febb595be463

2011-06-03 18:38:17 -------- d-----w- c:\documents and settings\all users\application data\ErrorEND

2011-06-03 07:31:04 -------- d-----w- C:\de684c80b5190b590d63c528aaf7bc

2011-06-03 07:30:54 -------- d-----w- C:\bb00dc6a573b669f10fb01bb

2011-06-01 16:57:19 -------- d-----w- c:\documents and settings\tim\local settings\application data\ODUI

2011-06-01 16:56:06 -------- d-----w- c:\documents and settings\tim\local settings\application data\Stardock

2011-06-01 16:56:01 -------- d-----w- c:\documents and settings\tim\application data\Stardock

2011-06-01 16:55:52 -------- dc-h--w- c:\documents and settings\all users\application data\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}

2011-06-01 16:55:35 -------- d-----w- c:\program files\Stardock

2011-06-01 16:55:00 -------- d-----w- c:\documents and settings\tim\local settings\application data\PackageAware

2011-06-01 15:58:47 -------- d-----w- c:\windows\system32\XPSViewer

2011-05-27 12:29:28 258352 ----a-w- c:\windows\system32\unicows.dll

2011-05-26 08:24:28 499712 ----a-w- c:\windows\iwexec.exe

2011-05-26 08:24:21 -------- d-----w- c:\program files\TC Web Conferencing

2011-05-12 07:46:31 -------- d-sh--w- c:\windows\system32\AI_RecycleBin

2011-05-12 07:46:27 -------- d-----w- c:\program files\W3i

.

==================== Find3M ====================

.

2011-06-06 21:39:26 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-06-06 21:39:26 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-25 00:42:20 9331400 ----a-w- c:\program files\common files\lpuninstall.exe

.

============= FINISH: 12:54:56.65 ===============

Thanks so much for your help!

Link to post
Share on other sites

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Hi,

Here are the ComboFix.txt and new DDS files that you requested:

ComboFix:

ComboFix 11-06-10.09 - tim 06/11/2011 4:26.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.247 [GMT -4:00]

Running from: c:\documents and settings\tim\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))

.

.

2011-06-11 08:13 . 2011-06-11 08:13 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{588462B1-F6FF-44D1-B315-C727A481AB1E}\MpKsl3611b8d9.sys

2011-06-11 08:11 . 2011-05-09 17:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{588462B1-F6FF-44D1-B315-C727A481AB1E}\mpengine.dll

2011-06-09 10:23 . 2011-06-09 10:23 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-09 10:22 . 2011-06-09 10:22 -------- d-----w- C:\5405b6b5ca2b74febb595be463

2011-06-08 04:57 . 2011-06-08 04:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-04 07:50 . 2011-06-04 07:50 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-03 18:38 . 2011-06-03 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND

2011-06-03 07:31 . 2011-06-03 07:31 -------- d-----w- C:\de684c80b5190b590d63c528aaf7bc

2011-06-03 07:30 . 2011-06-03 08:01 -------- d-----w- C:\bb00dc6a573b669f10fb01bb

2011-06-01 16:57 . 2011-06-01 16:57 -------- d-----w- c:\documents and settings\tim\Local Settings\Application Data\ODUI

2011-06-01 16:56 . 2011-06-01 16:56 -------- d-----w- c:\documents and settings\tim\Local Settings\Application Data\Stardock

2011-06-01 16:56 . 2011-06-01 16:56 -------- d-----w- c:\documents and settings\tim\Application Data\Stardock

2011-06-01 16:55 . 2011-06-01 16:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}

2011-06-01 16:55 . 2011-06-01 16:55 -------- d-----w- c:\program files\Stardock

2011-06-01 16:55 . 2011-06-01 16:55 -------- d-----w- c:\documents and settings\tim\Local Settings\Application Data\PackageAware

2011-06-01 16:05 . 2011-06-01 16:05 -------- d-----w- c:\program files\MSBuild

2011-06-01 15:58 . 2011-06-03 07:47 -------- d-----w- c:\windows\system32\XPSViewer

2011-06-01 15:57 . 2011-06-01 15:57 -------- d-----w- c:\program files\Reference Assemblies

2011-05-27 12:29 . 2010-07-26 02:23 258352 ----a-w- c:\windows\system32\unicows.dll

2011-05-26 08:24 . 2011-05-26 08:24 499712 ----a-w- c:\windows\iwexec.exe

2011-05-26 08:24 . 2011-05-26 08:26 -------- d-----w- c:\program files\TC Web Conferencing

2011-05-25 01:04 . 2011-05-25 01:04 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\LastPass

2011-05-25 01:04 . 2011-05-25 01:04 -------- d-----w- c:\documents and settings\Dell\Application Data\LastPass

2011-05-13 05:27 . 2011-05-13 05:27 -------- d-----w- c:\documents and settings\jamie\Local Settings\Application Data\Mozilla

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-06 21:39 . 2010-12-23 06:33 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-06-06 21:39 . 2010-12-23 06:33 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-05-29 13:11 . 2010-09-21 13:45 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2010-09-21 13:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-25 00:42 . 2011-05-08 17:03 9331400 ----a-w- c:\program files\Common Files\lpuninstall.exe

2011-05-09 17:46 . 2010-11-13 19:58 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-04-14 16:26 . 2011-05-12 08:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-04-30 107000]

"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-05-10 1205760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"nwiz"="nwiz.exe" [2010-10-11 323584]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-11 4841472]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-06 273544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoThumbnailCache"= 1 (0x1)

"NoRealMode"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iSchedule-it.lnk]

backup=c:\windows\pss\iSchedule-it.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Documents and Settings\\tim\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

.

R1 MpKsl1a1bdcfa;MpKsl1a1bdcfa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F46A86AA-0102-4B67-BCB1-481A3FFF16F0}\MpKsl1a1bdcfa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F46A86AA-0102-4B67-BCB1-481A3FFF16F0}\MpKsl1a1bdcfa.sys [?]

R1 MpKsl3611b8d9;MpKsl3611b8d9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{588462B1-F6FF-44D1-B315-C727A481AB1E}\MpKsl3611b8d9.sys [6/11/2011 4:13 AM 28752]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/21/2010 9:45 AM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/21/2010 9:45 AM 22712]

S1 MpKsl15804233;MpKsl15804233;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D06BB89E-38B8-47EF-A9FD-2385279A80DC}\MpKsl15804233.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D06BB89E-38B8-47EF-A9FD-2385279A80DC}\MpKsl15804233.sys [?]

S1 MpKsl22982282;MpKsl22982282;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79F40447-5AC4-420D-8842-78ADC2C69BB5}\MpKsl22982282.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79F40447-5AC4-420D-8842-78ADC2C69BB5}\MpKsl22982282.sys [?]

S1 MpKsl27cc663f;MpKsl27cc663f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31922F7A-A5A2-4B57-926C-2AE5AEC7E0C4}\MpKsl27cc663f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31922F7A-A5A2-4B57-926C-2AE5AEC7E0C4}\MpKsl27cc663f.sys [?]

S1 MpKsl36403069;MpKsl36403069;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6D3347A-0844-4E3D-8234-BD69E9E11DD8}\MpKsl36403069.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6D3347A-0844-4E3D-8234-BD69E9E11DD8}\MpKsl36403069.sys [?]

S1 MpKsl458e7509;MpKsl458e7509;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A7F4821-3E28-4D6A-A0CF-8625A2327B09}\MpKsl458e7509.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A7F4821-3E28-4D6A-A0CF-8625A2327B09}\MpKsl458e7509.sys [?]

S1 MpKsl4c76f3ae;MpKsl4c76f3ae;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D06BB89E-38B8-47EF-A9FD-2385279A80DC}\MpKsl4c76f3ae.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D06BB89E-38B8-47EF-A9FD-2385279A80DC}\MpKsl4c76f3ae.sys [?]

S1 MpKsl4c7f7ed1;MpKsl4c7f7ed1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BC4C20E-8263-4798-931A-2E664A33722D}\MpKsl4c7f7ed1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BC4C20E-8263-4798-931A-2E664A33722D}\MpKsl4c7f7ed1.sys [?]

S1 MpKsl5318e1db;MpKsl5318e1db;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD6659E2-7596-4307-83AE-DAC3DC5B9454}\MpKsl5318e1db.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD6659E2-7596-4307-83AE-DAC3DC5B9454}\MpKsl5318e1db.sys [?]

S1 MpKsl53413f4b;MpKsl53413f4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D1D6424-D4D2-4AE7-9A20-9564582B3A1F}\MpKsl53413f4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D1D6424-D4D2-4AE7-9A20-9564582B3A1F}\MpKsl53413f4b.sys [?]

S1 MpKsl65fcb168;MpKsl65fcb168;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5FBD6142-0B1E-40B4-9A87-73C81BFA4C32}\MpKsl65fcb168.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5FBD6142-0B1E-40B4-9A87-73C81BFA4C32}\MpKsl65fcb168.sys [?]

S1 MpKsl75c52dba;MpKsl75c52dba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BD2405E2-43D4-426A-9A4A-D2B4ACE44DB7}\MpKsl75c52dba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BD2405E2-43D4-426A-9A4A-D2B4ACE44DB7}\MpKsl75c52dba.sys [?]

S1 MpKsl8518fc78;MpKsl8518fc78;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7882E589-B45E-42F7-83DC-22B558AF6814}\MpKsl8518fc78.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7882E589-B45E-42F7-83DC-22B558AF6814}\MpKsl8518fc78.sys [?]

S1 MpKsl8bea31be;MpKsl8bea31be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9DE6C46-4741-4EC3-A6AC-8E8B1DFE5DD1}\MpKsl8bea31be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9DE6C46-4741-4EC3-A6AC-8E8B1DFE5DD1}\MpKsl8bea31be.sys [?]

S1 MpKsl914726c8;MpKsl914726c8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BF28916-A364-4073-AA17-AD6C50B6DD17}\MpKsl914726c8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BF28916-A364-4073-AA17-AD6C50B6DD17}\MpKsl914726c8.sys [?]

S1 MpKsl927f684f;MpKsl927f684f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7882E589-B45E-42F7-83DC-22B558AF6814}\MpKsl927f684f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7882E589-B45E-42F7-83DC-22B558AF6814}\MpKsl927f684f.sys [?]

S1 MpKsl9c664c74;MpKsl9c664c74;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69BA9521-F758-47A6-BFFE-7C60F5CCB028}\MpKsl9c664c74.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69BA9521-F758-47A6-BFFE-7C60F5CCB028}\MpKsl9c664c74.sys [?]

S1 MpKsla3b075f3;MpKsla3b075f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B03F529-F246-4B1E-90FD-54FB202CB232}\MpKsla3b075f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B03F529-F246-4B1E-90FD-54FB202CB232}\MpKsla3b075f3.sys [?]

S1 MpKsla768e932;MpKsla768e932;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E47C223-9FB8-4C68-9D2B-8F5F7CB9AB01}\MpKsla768e932.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E47C223-9FB8-4C68-9D2B-8F5F7CB9AB01}\MpKsla768e932.sys [?]

S1 MpKsla8b4b6fb;MpKsla8b4b6fb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ECDEEE36-767F-44F2-A07C-3B09526031A4}\MpKsla8b4b6fb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ECDEEE36-767F-44F2-A07C-3B09526031A4}\MpKsla8b4b6fb.sys [?]

S1 MpKslaa0d9c94;MpKslaa0d9c94;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8276E0EF-41B2-42B1-90D8-40EF5C90E293}\MpKslaa0d9c94.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8276E0EF-41B2-42B1-90D8-40EF5C90E293}\MpKslaa0d9c94.sys [?]

S1 MpKslad1eff7d;MpKslad1eff7d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DDE74FC-EF47-4324-ACED-03551CAFC8A8}\MpKslad1eff7d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DDE74FC-EF47-4324-ACED-03551CAFC8A8}\MpKslad1eff7d.sys [?]

S1 MpKslaf3c79c9;MpKslaf3c79c9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E7BE672-6BFC-491E-9836-30F46E4E1173}\MpKslaf3c79c9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E7BE672-6BFC-491E-9836-30F46E4E1173}\MpKslaf3c79c9.sys [?]

S1 MpKslbcc6f225;MpKslbcc6f225;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DDE74FC-EF47-4324-ACED-03551CAFC8A8}\MpKslbcc6f225.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DDE74FC-EF47-4324-ACED-03551CAFC8A8}\MpKslbcc6f225.sys [?]

S1 MpKslbce6eb86;MpKslbce6eb86;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A10BB46-B8CC-41C9-85DD-89AB391A8A49}\MpKslbce6eb86.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A10BB46-B8CC-41C9-85DD-89AB391A8A49}\MpKslbce6eb86.sys [?]

S1 MpKslbe8cc028;MpKslbe8cc028;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{096E2879-647E-4124-BA4D-45FC12F1FCB7}\MpKslbe8cc028.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{096E2879-647E-4124-BA4D-45FC12F1FCB7}\MpKslbe8cc028.sys [?]

S1 MpKslbff70bf0;MpKslbff70bf0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DCF996A6-2AB1-40A0-BD7D-FF30EE4E1CB5}\MpKslbff70bf0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DCF996A6-2AB1-40A0-BD7D-FF30EE4E1CB5}\MpKslbff70bf0.sys [?]

S1 MpKslcecdbbbe;MpKslcecdbbbe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15CE4E77-A794-4A8F-B8BB-2F73FE5FE2A7}\MpKslcecdbbbe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15CE4E77-A794-4A8F-B8BB-2F73FE5FE2A7}\MpKslcecdbbbe.sys [?]

S1 MpKslcf4f4592;MpKslcf4f4592;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE5B4C85-2EDB-4F81-98C2-83216AF3912A}\MpKslcf4f4592.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE5B4C85-2EDB-4F81-98C2-83216AF3912A}\MpKslcf4f4592.sys [?]

S1 MpKsld1b99e5b;MpKsld1b99e5b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D02DBB2A-EACA-459B-AB36-D5ED8D72AF9C}\MpKsld1b99e5b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D02DBB2A-EACA-459B-AB36-D5ED8D72AF9C}\MpKsld1b99e5b.sys [?]

S1 MpKsld3da39cd;MpKsld3da39cd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41773BD5-5BC9-4613-B191-8C0985503C09}\MpKsld3da39cd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41773BD5-5BC9-4613-B191-8C0985503C09}\MpKsld3da39cd.sys [?]

S1 MpKsle03dc152;MpKsle03dc152;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{806194FA-E149-4057-A48F-A0D865A05AFC}\MpKsle03dc152.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{806194FA-E149-4057-A48F-A0D865A05AFC}\MpKsle03dc152.sys [?]

S1 MpKsle6335a73;MpKsle6335a73;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{380322BC-668F-4D9C-B203-0C22BA5215FB}\MpKsle6335a73.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{380322BC-668F-4D9C-B203-0C22BA5215FB}\MpKsle6335a73.sys [?]

S1 MpKsle72b9d66;MpKsle72b9d66;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB951208-0D62-44EB-ABBC-F93387A82C81}\MpKsle72b9d66.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB951208-0D62-44EB-ABBC-F93387A82C81}\MpKsle72b9d66.sys [?]

S1 MpKslef257eaf;MpKslef257eaf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9DE6C46-4741-4EC3-A6AC-8E8B1DFE5DD1}\MpKslef257eaf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9DE6C46-4741-4EC3-A6AC-8E8B1DFE5DD1}\MpKslef257eaf.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2010 5:56 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2010 5:56 PM 136176]

S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL3611B8D9

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 21:56]

.

2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-261903793-725345543-1006Core.job

- c:\documents and settings\jamie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-24 04:19]

.

2011-06-11 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]

.

2011-04-17 c:\windows\Tasks\One-Click Tweak.job

- c:\program files\Advanced PC Tweaker\OneClick.exe [2010-10-04 16:51]

.

2011-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-261903793-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-261903793-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-261903793-725345543-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1801674531-261903793-725345543-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-06-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-261903793-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-06-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1801674531-261903793-725345543-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-04-17 c:\windows\Tasks\WinASORegistryOptimizerForjamie.job

- c:\program files\WinASO\Registry Optimizer\RegOpt.exe [2011-01-24 21:44]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.isoregister.com/start/XXX23KJgoV.html

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {{102910D3-CF07-4BED-ACDC-D165385B9B66} - {102910D3-CF07-4BED-ACDC-D165385B9B66} -

Trusted Zone: swom.com

TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3

FF - ProfilePath - c:\documents and settings\tim\Application Data\Mozilla\Firefox\Profiles\cna2ukq5.default\

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-11 04:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3396)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2011-06-11 04:41:15

ComboFix-quarantined-files.txt 2011-06-11 08:41

ComboFix2.txt 2011-06-10 07:46

.

Pre-Run: 23,999,074,304 bytes free

Post-Run: 24,088,141,824 bytes free

.

- - End Of File - - 8FB8040D74EF8B18214484C49CD212CF

DDS: See attached filesdds61111.txtddsattach61111.txt

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.