TechSpot

[A] MBAM IP BLOCK after Win7 re-install

By CSJMS
Feb 4, 2012
  1. Hi

    I'm hoping that someone can give me a bit of direction or reassurance into a potential ongoing virus issue...

    I re-installed my OS (Win 7 64 pro) yesterday after picking up some kind of 'virus' the previous evening that I was unable to remove. The issue now is that MBAM keeps blocking a specific IP address (89.28.122.76) each time I load Skype. Here's how the IP block is logged in MBAM:

    * 2012/02/04 13:35:59 GMT JONATHANSMITH Jonathan Smith IP-BLOCK 89.28.122.76 (Type: outgoing, Port: 47748, Process: skype.exe)

    I'm still able to make and receive calls through Skype however the IP Block is obviously a concern after the issues I had yesterday.

    At the moment I run MBAM along with MSE. I've updated the MSE set-up so the two don’t conflict as per the guides on "MBAM's forum.

    I've run a number of scans and then gone through the five step Viruses/Spyware/Malware Preliminary Removal instructions from the TechSpot Forum

    I'm hoping the issue is down to Skype conflicting with MBAM although I've found nothing online to suggest this...

    Thanks in advance for any help and any suggestions.
    Jonathan

    The three logs are listed below.

    -----------------------------
    MBAM
    -----------------------------

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.04.02

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jonathan Smith :: JONATHANSMITH [administrator]

    Protection: Enabled

    04/02/2012 15:44:40
    mbam-log-2012-02-04 (15-44-40).txt

    Scan type: Custom scan
    Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
    Objects scanned: 3
    Time elapsed: 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    -----------------------------
    GMER
    -----------------------------

    No Log

    -----------------------------
    GMER
    -----------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
    Internet Explorer: 9.0.8112.16421
    Run by Jonathan Smith at 15:51:53 on 2012-02-04
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.12279.10627 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.co.uk/
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Jonathan Smith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{FD43F12E-C957-4315-B88F-0CCCC1D59027} : DhcpNameServer = 192.168.0.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv64xx;mv64xx;C:\Windows\system32\DRIVERS\mv64xx.sys --> C:\Windows\system32\DRIVERS\mv64xx.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\Razerlow.sys --> C:\Windows\system32\drivers\Razerlow.sys [?]
    S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-3 652360]
    S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-5-14 4901888]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
    S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
    S3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-02-04 15:44:13 388096 ----a-r- C:\Users\Jonathan Smith\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-04 15:44:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-02-04 14:57:20 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\Process Hacker
    2012-02-04 13:08:28 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-04 13:08:16 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{36E1FA32-D1AF-4FDB-827A-F69D79C0B6B9}\mpengine.dll
    2012-02-04 13:01:21 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-02-04 10:46:21 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\OpenOffice.org
    2012-02-04 10:04:16 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-02-04 09:59:17 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\PACE Anti-Piracy
    2012-02-04 09:59:17 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\PACE Anti-Piracy
    2012-02-04 09:59:17 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
    2012-02-04 09:59:17 -------- d-----w- C:\Program Files\Common Files\PACE Anti-Piracy
    2012-02-03 23:07:23 -------- d-----w- C:\Windows\pss
    2012-02-03 22:08:32 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\2BrightSparks
    2012-02-03 21:53:59 -------- d-----w- C:\Program Files (x86)\SMS2PC
    2012-02-03 18:59:00 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\com.sohnar.traffic.Traffic
    2012-02-03 18:58:58 -------- d-----w- C:\Program Files (x86)\Traffic
    2012-02-03 18:54:20 -------- d-----r- C:\Program Files (x86)\Skype
    2012-02-03 18:24:13 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
    2012-02-03 18:18:24 -------- d-----w- C:\ProgramData\ALM
    2012-02-03 18:10:49 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
    2012-02-03 18:10:49 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
    2012-02-03 18:10:49 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
    2012-02-03 18:10:49 -------- d-----w- C:\Program Files (x86)\My Company Name
    2012-02-03 18:10:49 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
    2012-02-03 18:10:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2012-02-03 18:04:08 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Adobe
    2012-02-03 18:04:02 -------- d-----w- C:\Windows\Panther
    2012-02-03 17:51:34 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Xmarks
    2012-02-03 17:51:34 -------- d-----w- C:\Program Files (x86)\Xmarks
    2012-02-03 16:23:11 -------- d-----w- C:\Program Files\Windows XP Mode
    2012-02-03 16:19:07 -------- d-----r- C:\Users\Jonathan Smith\Virtual Machines
    2012-02-03 16:11:32 66304 ----a-w- C:\Windows\System32\drivers\vpcnfltr.sys
    2012-02-03 16:04:35 -------- d-sh--w- C:\Diskeeper
    2012-02-03 15:49:46 52144 ----a-w- C:\Windows\System32\drivers\DKRtWrt.sys
    2012-02-03 15:49:44 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation
    2012-02-03 15:49:43 -------- d-----w- C:\ProgramData\Diskeeper Corporation
    2012-02-03 15:49:42 -------- d-----w- C:\Program Files\Diskeeper Corporation
    2012-02-03 15:43:13 -------- d-----w- C:\Program Files (x86)\GPLGS
    2012-02-03 15:42:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
    2012-02-03 15:42:41 -------- d-----w- C:\Program Files (x86)\Acro Software
    2012-02-03 15:38:31 333864 ----a-w- C:\Windows\System32\drivers\mv64xx.sys
    2012-02-03 15:38:31 18944 ----a-w- C:\Windows\System32\mvcoinst.dll
    2012-02-03 15:24:40 -------- d-----w- C:\Program Files\DivX
    2012-02-03 15:24:38 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2012-02-03 15:24:14 -------- d-----w- C:\Program Files (x86)\DivX
    2012-02-03 15:23:19 -------- d-----w- C:\ProgramData\DivX
    2012-02-03 15:20:38 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
    2012-02-03 15:20:38 497664 ----a-w- C:\Windows\SysWow64\ac3filter.acm
    2012-02-03 15:20:37 -------- d-----w- C:\Program Files (x86)\AC3Filter
    2012-02-03 15:19:32 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2012-02-03 15:13:30 696832 ----a-w- C:\Windows\System32\xvidcore.dll
    2012-02-03 15:13:30 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2012-02-03 15:13:30 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
    2012-02-03 15:13:30 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2012-02-03 15:13:30 173568 ----a-w- C:\Windows\System32\xvid.ax
    2012-02-03 15:13:30 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
    2012-02-03 15:13:26 -------- d-----w- C:\Program Files (x86)\Xvid
    2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-02-03 15:11:35 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Apple
    2012-02-03 15:04:53 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Spotify
    2012-02-03 15:04:29 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\Spotify
    2012-02-03 15:00:33 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
    2012-02-03 15:00:08 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-02-03 13:10:17 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Thunderbird
    2012-02-03 11:55:13 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\PasswordSafe
    2012-02-03 11:49:53 -------- d-----w- C:\Program Files\CCleaner
    2012-02-03 11:46:54 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-02-03 11:46:54 -------- d-----w- C:\Windows\System32\Wat
    2012-02-03 11:36:54 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2012-02-03 11:36:54 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2012-02-03 11:29:34 311808 ----a-w- C:\Windows\System32\msv1_0.dll
    2012-02-03 11:29:34 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2012-02-03 11:23:34 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
    2012-02-03 11:22:25 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-02-03 11:22:25 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2012-02-03 11:22:25 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2012-02-03 11:22:25 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2012-02-03 11:22:25 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2012-02-03 11:22:25 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2012-02-03 11:22:25 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2012-02-03 11:22:25 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2012-02-03 11:22:25 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2012-02-03 11:22:25 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2012-02-03 11:22:06 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2012-02-03 11:11:06 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2012-02-03 11:11:06 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2012-02-03 11:09:57 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2012-02-03 11:08:59 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
    2012-02-03 11:05:18 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2012-02-03 11:05:17 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2012-02-03 11:05:17 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2012-02-03 11:05:17 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2012-02-03 11:04:27 3141632 ----a-w- C:\Windows\System32\win32k.sys
    2012-02-03 11:03:43 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2012-02-03 11:03:43 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2012-02-03 11:03:43 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2012-02-03 11:03:39 112000 ----a-w- C:\Windows\System32\consent.exe
    2012-02-03 11:01:39 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-02-03 11:01:39 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-02-03 10:51:26 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DF9E14C-6F51-4408-B5C6-6E0518883839}\gapaengine.dll
    2012-02-03 10:48:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-02-03 10:48:08 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-02-03 10:48:01 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-02-03 10:40:54 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{79989280-CD39-4C20-B37B-73289CF27240}\mpengine.dll
    2012-02-03 10:40:53 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-03 10:29:29 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\Malwarebytes
    2012-02-03 10:29:26 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-02-03 10:29:25 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-03 10:29:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-03 10:20:51 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Google
    2012-02-03 10:20:40 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Deployment
    2012-02-03 10:20:40 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Apps
    2012-02-03 10:20:37 -------- d-sh--w- C:\Windows\Installer
    2012-02-03 10:20:36 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2012-02-03 10:20:36 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2012-02-03 10:20:33 539168 ----a-w- C:\Windows\System32\nvuninst.exe
    2012-02-03 10:19:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-02-03 10:19:31 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-02-03 10:19:30 139264 ----a-w- C:\Windows\System32\cabview.dll
    2012-02-03 10:19:30 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    .
    ==================== Find3M ====================
    .
    2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
    2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
    2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
    2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
    2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
    2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
    2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
    2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
    2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
    2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 15:52:26.50 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Please re-run DDS in normal mode and post BOTH logs (DDS.txt and Attach.txt).
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...