Jump to content

MalwareBytes Pro notification "Blocked Access Malicious Stie"


Recommended Posts

Running latest version MB Pro. Keep getting pop-up notifications "Successfully Blocked access to a potentially malicious website IP 194.54.80.150.Type outgoing. Process: uTorrents About every two seconds. It is driving me CRAZY! I have tried closing uTorrents, but still happening. Only when the browser is open.

Attached DDS File. I also have attach.txt and will wait 'til/if you request it

If there is not a simple fix, can I turn off the Notification?

Google Chrome

Win 7, Professional 32bit

Quad core Intel

4gb DDR

Hello. Anyone have an idea???

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Bill Marsh at 11:27:31 on 2011-11-10

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1748 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Mamutu\a2service.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\CISVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synology Data Replicator 3\SynoDrService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Chameleon Manager\monitor.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe

C:\Program Files\Process Lasso\processlasso.exe

C:\Program Files\Process Lasso\processgovernor.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Mamutu\mamutu.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Aston2\Aston2.exe

C:\Users\Bill Marsh\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files\AnVir Task Manager\AnVir.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Bill Marsh\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\taskhost.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2207613

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Softonic English FF Toolbar: {ffa0793e-3980-4be4-8234-048fa665f700} - c:\program files\softonic_english_ff\prxtbSoft.dll

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll

mURLSearchHooks: myBabylon EnglishBB Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\prxtbmyB0.dll

mURLSearchHooks: Softonic English FF Toolbar: {ffa0793e-3980-4be4-8234-048fa665f700} - c:\program files\softonic_english_ff\prxtbSoft.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll

BHO: Disabled:{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Softonic English FF Toolbar: {ffa0793e-3980-4be4-8234-048fa665f700} - c:\program files\softonic_english_ff\prxtbSoft.dll

TB: myBabylon EnglishBB Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\prxtbmyB0.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

TB: CaptureSaver: {5148ab7d-8868-4490-b6da-f98368488582} - c:\program files\capturesaver\CaptureSaverIE.dll

TB: Softonic English FF Toolbar: {ffa0793e-3980-4be4-8234-048fa665f700} - c:\program files\softonic_english_ff\prxtbSoft.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [GrooveMonitor] c:\program files\microsoft office\office14\GROOVEMN.EXE

uRun: [Google Update] "c:\users\bill marsh\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Aston2] "c:\program files\aston2\Aston2.exe"

uRun: [AnVir Task Manager] "c:\program files\anvir task manager\AnVir.exe" Minimized

uRun: [1BBD3F16F126965EF1DD45662C6C31343DB3F257._service_run] "c:\users\bill marsh\appdata\local\google\chrome\application\chrome.exe" --type=service

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Mamutu Guard] "c:\program files\mamutu\mamutu.exe" /silent

mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [Everything] "c:\program files\everything\Everything.exe" -startup

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

StartupFolder: c:\users\billma~1\appdata\roaming\micros~1\windows\startm~1\programs\utilit~1\startup\dropbox.lnk - c:\users\bill marsh\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to CaptureSaver - c:\program files\capturesaver\\AddFromIE.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm

IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - {5148AB7D-8868-4490-B6DA-F98368488582} - c:\program files\capturesaver\CaptureSaverIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{EDFA2DBF-5A46-4AF2-A7AA-2D9937111EE8} : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

AppInit_DLLs: c:\progra~1\google\gobca7~1\GO36F4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\bill marsh\appdata\roaming\mozilla\firefox\profiles\z41h6tx5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2207613&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Softonic English FF Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2207613&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92541620347806409&search=

FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\users\bill marsh\appdata\roaming\mozilla\firefox\profiles\z41h6tx5.default\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\bill marsh\appdata\roaming\mozilla\firefox\profiles\z41h6tx5.default\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}\components\RadioWMPCoreGecko5.dll

FF - component: c:\users\bill marsh\appdata\roaming\mozilla\firefox\profiles\z41h6tx5.default\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}\components\RadioWMPCoreGecko6.dll

FF - component: c:\users\bill marsh\appdata\roaming\mozilla\firefox\profiles\z41h6tx5.default\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}\components\RadioWMPCoreGecko7.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\bill marsh\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\bill marsh\appdata\roaming\facebook\npfbplugin_1_0_0.dll

FF - plugin: c:\users\bill marsh\appdata\roaming\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\users\bill marsh\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\bill marsh\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\bill marsh\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}

FF - Ext: NetVideoHunter: netvideohunter@netvideohunter.com - %profile%\extensions\netvideohunter@netvideohunter.com

FF - Ext: SimilarWeb: FirefoxAddon@similarWeb.com - %profile%\extensions\FirefoxAddon@similarWeb.com

FF - Ext: BabelFish: {ca0849e8-2c76-42ae-9abe-34e14d337acf} - %profile%\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: Softonic English FF Community Toolbar: {ffa0793e-3980-4be4-8234-048fa665f700} - %profile%\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn

FF - Ext: CaptureSaver: CaptureSaver@goldgingko.com - c:\program files\capturesaver\Firefox

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 802e6f29-9b82-4a96-a402-1881d0c58d51

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-5-5 31112]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-5 37256]

R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-5-5 21896]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-2-3 56208]

R1 a2injectiondriver;a2injectiondriver;c:\program files\mamutu\a2dix86.sys [2011-7-14 34768]

R1 a2util;a-squared Malware-IDS utility driver;c:\program files\mamutu\a2util32.sys [2011-7-14 11776]

R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2011-7-21 121560]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-5-5 15240]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R3 a2acc;a2acc;c:\program files\mamutu\a2accx86.sys [2011-7-14 51632]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-10-12 8598528]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-10-12 257024]

R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2011-7-14 16640]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-11-8 211984]

R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-5-5 188808]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-4-30 42648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-4-30 12184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-2 22216]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2011-3-14 31848]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-2-2 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-2-2 8456]

S3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [2011-7-20 20824]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-12-3 20352]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]

S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2005-4-24 13225]

S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2011-3-14 31848]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-5 52224]

.

=============== Created Last 30 ================

.

2011-11-10 14:27:05 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5b13d659-4bbe-46a7-aeb5-717f3b1302e6}\MpKsl39392429.sys

2011-11-10 14:27:02 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5b13d659-4bbe-46a7-aeb5-717f3b1302e6}\offreg.dll

2011-11-10 14:08:25 -------- d-----w- c:\program files\uTorrentBar

2011-11-10 14:08:05 -------- d-----w- c:\program files\uTorrent

2011-11-10 14:07:21 -------- d-----w- c:\users\bill marsh\appdata\local\uTorrent

2011-11-10 03:26:07 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5b13d659-4bbe-46a7-aeb5-717f3b1302e6}\mpengine.dll

2011-11-09 23:45:08 -------- d-----w- c:\programdata\Mirolit

2011-11-09 23:45:05 -------- d-----w- c:\program files\Mirolit

2011-11-09 03:18:42 0 ----a-w- c:\windows\ativpsrm.bin

2011-11-09 01:39:03 -------- d-----w- c:\program files\AMD APP

2011-11-09 01:34:29 -------- dc----w- C:\ATI

2011-11-09 01:24:20 -------- d-----w- c:\users\bill marsh\appdata\local\ATI

2011-11-09 01:18:49 -------- d-----w- c:\program files\common files\ATI Technologies

2011-11-09 01:18:39 211984 ----a-w- c:\windows\system32\drivers\AtihdW73.sys

2011-11-09 01:18:09 52736 ----a-w- c:\windows\system32\coinst.dll

2011-11-08 22:14:48 -------- d-----w- c:\windows\B4F3A360E1E2479DADE79BE3B07F4539.TMP

2011-11-08 21:23:28 -------- d-----w- c:\program files\ATI Technologies

2011-11-08 21:23:27 -------- d-----w- c:\program files\ATI

2011-11-02 23:40:30 -------- d-----w- c:\users\bill marsh\appdata\roaming\Malwarebytes

2011-11-02 23:40:16 -------- d-----w- c:\programdata\Malwarebytes

2011-11-02 23:40:09 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-02 23:40:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-30 16:27:56 -------- dc----w- C:\- 0 Since Gracie and Gunther

2011-10-28 11:52:24 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-10-19 14:08:48 -------- d-----w- c:\program files\Belarc

2011-10-19 01:56:40 -------- dc----w- C:\Torrent Downloads

2011-10-17 09:14:25 -------- d-----w- c:\program files\McAfee Security Scan

2011-10-12 21:53:30 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 21:53:30 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 21:53:29 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 21:53:29 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-12 21:53:23 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 21:16:30 56832 ----a-w- c:\windows\system32\OpenVideo.dll

2011-10-12 21:15:40 13753856 ----a-w- c:\windows\system32\amdocl.dll

2011-10-12 21:14:50 43520 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-12 20:55:06 8598528 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-10-12 20:14:36 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-10-12 20:14:26 736768 ----a-w- c:\windows\system32\aticfx32.dll

2011-10-12 20:10:28 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-10-12 20:10:00 397312 ----a-w- c:\windows\system32\atieclxx.exe

2011-10-12 20:09:32 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-10-12 20:08:24 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-10-12 20:08:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-10-12 20:07:58 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-10-12 20:07:52 20992 ----a-w- c:\windows\system32\atimuixx.dll

2011-10-12 20:07:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-10-12 20:04:42 4231680 ----a-w- c:\windows\system32\atidxx32.dll

2011-10-12 20:04:14 18630656 ----a-w- c:\windows\system32\atioglxx.dll

2011-10-12 19:46:18 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-10-12 19:46:08 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-10-12 19:44:28 4289024 ----a-w- c:\windows\system32\atiumdag.dll

2011-10-12 19:44:20 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-10-12 19:42:56 8391680 ----a-w- c:\windows\system32\aticaldd.dll

2011-10-12 19:33:10 4174848 ----a-w- c:\windows\system32\atiumdva.dll

2011-10-12 19:31:20 335872 ----a-w- c:\windows\system32\atiadlxx.dll

2011-10-12 19:31:02 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-10-12 19:30:50 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-10-12 19:30:18 257024 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-10-12 19:29:42 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-10-12 19:29:26 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-10-12 19:28:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-10-12 19:16:42 53760 ----a-w- c:\windows\system32\atimpc32.dll

2011-10-12 19:16:42 53760 ----a-w- c:\windows\system32\amdpcom32.dll

.

==================== Find3M ====================

.

2011-10-09 09:19:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-01 12:41:05 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-09-22 01:09:03 152576 ----a-w- c:\windows\system32\msclmd.dll

2009-10-08 21:36:12 37074432 ------w- c:\program files\P2V_VManager_Pers_ea_x32.msi

2009-08-11 20:30:20 125136896 ------w- c:\program files\Paragon-PM95-PRE_WinInstallSNx32_9.0.99.10022_001.msi

2008-08-11 23:08:34 262144 ------w- c:\program files\Uninstall Spy Blocker.dll

2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll

.

============= FINISH: 11:30:15.38 ===============

DDS.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thanks, MBAM Sentinel

Updated and here is log for Quickscan

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8175

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

11/16/2011 7:59:44 AM

mbam-log-2011-11-16 (07-59-44).txt

Scan type: Quick scan

Objects scanned: 192116

Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Will now rub combofix and DDS.scr

Link to post
Share on other sites

Disabled popup notifications in Malwarebytes, but still concerned in that uTorrents is still trying to upload to possibly malicious sites.

Can not make the combofix.exe work. Followed instructions. Disabled anti-virus (MSE) and Windows firewall. Ran combofix from desktop. A DOS window flashed for about 1/2 second and showed a folder (numbers and letters) at my root C: drive. Nothing else. When I went to that folder, it was empty. Taskmanager does not show combofix running. What did I do wrong?

Here is dds log.PLEASE NOTE PROTECTION LOG FROM MBAM at end of this log.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Bill Marsh at 9:38:09 on 2011-11-16

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.891 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Mamutu\a2service.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\CISVC.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synology Data Replicator 3\SynoDrService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Chameleon Manager\monitor.exe

C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe

C:\Program Files\Process Lasso\processlasso.exe

C:\Windows\Explorer.EXE

C:\Program Files\Process Lasso\processgovernor.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Mamutu\mamutu.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

C:\Program Files\Aston2\Aston2.exe

C:\Users\Bill Marsh\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files\AnVir Task Manager\AnVir.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Bill Marsh\Local Settings\Apps\F.lux\flux.exe

C:\Users\Bill Marsh\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Windows\system32\rundll32.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\explorer.exe

C:\Users\Bill Marsh\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2207613

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: Disabled:{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

TB: CaptureSaver: {5148ab7d-8868-4490-b6da-f98368488582} - c:\program files\capturesaver\CaptureSaverIE.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [GrooveMonitor] c:\program files\microsoft office\office14\GROOVEMN.EXE

uRun: [Google Update] "c:\users\bill marsh\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Aston2] "c:\program files\aston2\Aston2.exe"

uRun: [AnVir Task Manager] "c:\program files\anvir task manager\AnVir.exe" Minimized

uRun: [1BBD3F16F126965EF1DD45662C6C31343DB3F257._service_run] "c:\users\bill marsh\appdata\local\google\chrome\application\chrome.exe" --type=service

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [F.lux] "c:\users\bill marsh\local settings\apps\f.lux\flux.exe" /noshow

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Mamutu Guard] "c:\program files\mamutu\mamutu.exe" /silent

mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [Everything] "c:\program files\everything\Everything.exe" -startup

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

StartupFolder: c:\users\billma~1\appdata\roaming\micros~1\windows\startm~1\programs\utilit~1\startup\dropbox.lnk - c:\users\bill marsh\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\billma~1\appdata\roaming\micros~1\windows\startm~1\programs\utilit~1\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to CaptureSaver - c:\program files\capturesaver\\AddFromIE.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Open Client to monitor &1

IE: Open Client to monitor &2

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - {5148AB7D-8868-4490-B6DA-F98368488582} - c:\program files\capturesaver\CaptureSaverIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{EDFA2DBF-5A46-4AF2-A7AA-2D9937111EE8} : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

AppInit_DLLs: c:\progra~1\google\gobca7~1\GO36F4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\bill marsh\appdata\roaming\mozilla\firefox\profiles\z41h6tx5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2207613&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Softonic English FF Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2207613&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92541620347806409&search=

FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\users\bill marsh\appdata\roaming\mozilla\firefox\profiles\z41h6tx5.default\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\bill marsh\appdata\roaming\mozilla\firefox\profiles\z41h6tx5.default\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}\components\RadioWMPCoreGecko5.dll

FF - component: c:\users\bill marsh\appdata\roaming\mozilla\firefox\profiles\z41h6tx5.default\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}\components\RadioWMPCoreGecko6.dll

FF - component: c:\users\bill marsh\appdata\roaming\mozilla\firefox\profiles\z41h6tx5.default\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}\components\RadioWMPCoreGecko7.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\bill marsh\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\bill marsh\appdata\roaming\facebook\npfbplugin_1_0_0.dll

FF - plugin: c:\users\bill marsh\appdata\roaming\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\users\bill marsh\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\bill marsh\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\bill marsh\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3.6 beta 1\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}

FF - Ext: NetVideoHunter: netvideohunter@netvideohunter.com - %profile%\extensions\netvideohunter@netvideohunter.com

FF - Ext: SimilarWeb: FirefoxAddon@similarWeb.com - %profile%\extensions\FirefoxAddon@similarWeb.com

FF - Ext: BabelFish: {ca0849e8-2c76-42ae-9abe-34e14d337acf} - %profile%\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: Softonic English FF Community Toolbar: {ffa0793e-3980-4be4-8234-048fa665f700} - %profile%\extensions\{ffa0793e-3980-4be4-8234-048fa665f700}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn

FF - Ext: CaptureSaver: CaptureSaver@goldgingko.com - c:\program files\capturesaver\Firefox

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 802e6f29-9b82-4a96-a402-1881d0c58d51

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-5-5 31112]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-5 37256]

R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-5-5 21896]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-2-3 56208]

R1 a2injectiondriver;a2injectiondriver;c:\program files\mamutu\a2dix86.sys [2011-7-14 34768]

R1 a2util;a-squared Malware-IDS utility driver;c:\program files\mamutu\a2util32.sys [2011-7-14 11776]

R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2011-7-21 121560]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-5-5 15240]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl6eb836c9;MpKsl6eb836c9;c:\programdata\microsoft\microsoft antimalware\definition updates\{3826bf66-f3ab-4461-8c06-408bbf45d708}\MpKsl6eb836c9.sys [2011-11-15 28752]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 176128]

R2 Mamutu;Mamutu Service;c:\program files\mamutu\a2service.exe [2011-7-14 2978720]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-2 366152]

R2 SITomcat;SI Tomcat;c:\program files\gm spo\esi\apache group\tomcat 4.1\bin\tomcat.exe [2003-10-27 65536]

R2 SynoDrService;SynoDrService;c:\program files\synology data replicator 3\SynoDrService.exe [2010-4-29 245760]

R3 a2acc;a2acc;c:\program files\mamutu\a2accx86.sys [2011-7-14 51632]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-10-12 8598528]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-10-12 257024]

R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2011-7-14 16640]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-11-8 211984]

R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-5-5 188808]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-4-30 42648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-4-30 12184]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-2 22216]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2011-3-14 31848]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-5-6 133104]

S2 SITransbase;SI Transbase;c:\program files\gm spo\esi\transbase\tbmux32.exe [2001-11-20 165376]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-2-2 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-2-2 8456]

S3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [2011-7-20 20824]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-5-24 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-6 133104]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-12-3 20352]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2005-4-24 13225]

S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2011-3-14 31848]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-5 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]

S4 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-5-5 56200]

S4 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-1-27 226624]

S4 Paragon System Backup Service;Paragon System Backup Service;c:\program files\paragon software\system backup 9.5\program\dbhservice.exe [2010-5-6 150096]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-11-15 20:38:18 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3826bf66-f3ab-4461-8c06-408bbf45d708}\MpKsl6eb836c9.sys

2011-11-15 20:38:15 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3826bf66-f3ab-4461-8c06-408bbf45d708}\offreg.dll

2011-11-15 13:34:30 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3826bf66-f3ab-4461-8c06-408bbf45d708}\mpengine.dll

2011-11-13 02:36:21 -------- d-----w- c:\programdata\Aviosoft

2011-11-13 02:36:21 -------- d-----w- c:\program files\Aviosoft

2011-11-11 08:06:41 -------- d-----w- c:\programdata\Cisco Systems

2011-11-10 14:08:05 -------- d-----w- c:\program files\uTorrent

2011-11-10 14:07:21 -------- d-----w- c:\users\bill marsh\appdata\local\uTorrent

2011-11-09 23:45:08 -------- d-----w- c:\programdata\Mirolit

2011-11-09 23:45:05 -------- d-----w- c:\program files\Mirolit

2011-11-09 05:51:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 05:51:02 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-09 05:51:01 2341888 ----a-w- c:\windows\system32\win32k.sys

2011-11-09 03:18:42 0 ----a-w- c:\windows\ativpsrm.bin

2011-11-09 01:39:03 -------- d-----w- c:\program files\AMD APP

2011-11-09 01:34:29 -------- dc----w- C:\ATI

2011-11-09 01:24:20 -------- d-----w- c:\users\bill marsh\appdata\local\ATI

2011-11-09 01:18:49 -------- d-----w- c:\program files\common files\ATI Technologies

2011-11-09 01:18:39 211984 ----a-w- c:\windows\system32\drivers\AtihdW73.sys

2011-11-09 01:18:09 52736 ----a-w- c:\windows\system32\coinst.dll

2011-11-08 22:14:48 -------- d-----w- c:\windows\B4F3A360E1E2479DADE79BE3B07F4539.TMP

2011-11-08 21:23:28 -------- d-----w- c:\program files\ATI Technologies

2011-11-08 21:23:27 -------- d-----w- c:\program files\ATI

2011-11-02 23:40:30 -------- d-----w- c:\users\bill marsh\appdata\roaming\Malwarebytes

2011-11-02 23:40:16 -------- d-----w- c:\programdata\Malwarebytes

2011-11-02 23:40:09 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-02 23:40:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-30 16:27:56 -------- dc----w- C:\- 0 Since Gracie and Gunther

2011-10-28 11:52:24 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-10-19 14:08:48 -------- d-----w- c:\program files\Belarc

2011-10-19 01:56:40 -------- dc----w- C:\Torrent Downloads

.

==================== Find3M ====================

.

2011-10-12 21:16:30 56832 ----a-w- c:\windows\system32\OpenVideo.dll

2011-10-12 21:15:40 13753856 ----a-w- c:\windows\system32\amdocl.dll

2011-10-12 20:55:06 8598528 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-10-12 20:14:36 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-10-12 20:14:26 736768 ----a-w- c:\windows\system32\aticfx32.dll

2011-10-12 20:10:28 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-10-12 20:10:00 397312 ----a-w- c:\windows\system32\atieclxx.exe

2011-10-12 20:09:32 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-10-12 20:08:24 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-10-12 20:08:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-10-12 20:07:52 20992 ----a-w- c:\windows\system32\atimuixx.dll

2011-10-12 20:07:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-10-12 20:04:42 4231680 ----a-w- c:\windows\system32\atidxx32.dll

2011-10-12 20:04:14 18630656 ----a-w- c:\windows\system32\atioglxx.dll

2011-10-12 19:46:18 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-10-12 19:46:08 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-10-12 19:44:28 4289024 ----a-w- c:\windows\system32\atiumdag.dll

2011-10-12 19:44:20 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-10-12 19:42:56 8391680 ----a-w- c:\windows\system32\aticaldd.dll

2011-10-12 19:33:10 4174848 ----a-w- c:\windows\system32\atiumdva.dll

2011-10-12 19:31:20 335872 ----a-w- c:\windows\system32\atiadlxx.dll

2011-10-12 19:31:02 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-10-12 19:30:50 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-10-12 19:30:18 257024 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-10-12 19:29:42 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-10-12 19:29:26 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-10-12 19:28:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-10-12 19:16:42 53760 ----a-w- c:\windows\system32\atimpc32.dll

2011-10-12 19:16:42 53760 ----a-w- c:\windows\system32\amdpcom32.dll

2011-10-09 09:19:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-01 12:41:05 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-09-22 01:09:03 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll

2009-10-08 21:36:12 37074432 ------w- c:\program files\P2V_VManager_Pers_ea_x32.msi

2009-08-11 20:30:20 125136896 ------w- c:\program files\Paragon-PM95-PRE_WinInstallSNx32_9.0.99.10022_001.msi

2008-08-11 23:08:34 262144 ------w- c:\program files\Uninstall Spy Blocker.dll

2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll

.

============= FINISH: 9:39:37.14 ===============

MBAM PROTECTION LOG 11-16-2011 Please note that I replaced my name with MYUSERNAME in this log, but noticed it is still in my earlier logs, so I guess it doesn't really matter

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.