Hi
I'm hoping that someone can give me a bit of direction or reassurance into a potential ongoing virus issue...
I re-installed my OS (Win 7 64 pro) yesterday after picking up some kind of 'virus' the previous evening that I was unable to remove. The issue now is that MBAM keeps blocking a specific IP address (89.28.122.76) each time I load Skype. Here's how the IP block is logged in MBAM:
* 2012/02/04 13:35:59 GMT JONATHANSMITH Jonathan Smith IP-BLOCK 89.28.122.76 (Type: outgoing, Port: 47748, Process: skype.exe)
I'm still able to make and receive calls through Skype however the IP Block is obviously a concern after the issues I had yesterday.
At the moment I run MBAM along with MSE. I've updated the MSE set-up so the two don’t conflict as per the guides on "MBAM's forum.
I've run a number of scans and then gone through the five step Viruses/Spyware/Malware Preliminary Removal instructions from the TechSpot Forum
I'm hoping the issue is down to Skype conflicting with MBAM although I've found nothing online to suggest this...
Thanks in advance for any help and any suggestions.
Jonathan
The three logs are listed below.
-----------------------------
MBAM
-----------------------------
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.04.02
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jonathan Smith :: JONATHANSMITH [administrator]
Protection: Enabled
04/02/2012 15:44:40
mbam-log-2012-02-04 (15-44-40).txt
Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 3
Time elapsed: 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-----------------------------
GMER
-----------------------------
No Log
-----------------------------
GMER
-----------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Jonathan Smith at 15:51:53 on 2012-02-04
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.12279.10627 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.uk/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Jonathan Smith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FD43F12E-C957-4315-B88F-0CCCC1D59027} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mv64xx;mv64xx;C:\Windows\system32\DRIVERS\mv64xx.sys --> C:\Windows\system32\DRIVERS\mv64xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\Razerlow.sys --> C:\Windows\system32\drivers\Razerlow.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-3 652360]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-5-14 4901888]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-04 15:44:13 388096 ----a-r- C:\Users\Jonathan Smith\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-04 15:44:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-04 14:57:20 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\Process Hacker
2012-02-04 13:08:28 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-04 13:08:16 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{36E1FA32-D1AF-4FDB-827A-F69D79C0B6B9}\mpengine.dll
2012-02-04 13:01:21 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-04 10:46:21 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\OpenOffice.org
2012-02-04 10:04:16 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-02-04 09:59:17 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\PACE Anti-Piracy
2012-02-04 09:59:17 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\PACE Anti-Piracy
2012-02-04 09:59:17 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-02-04 09:59:17 -------- d-----w- C:\Program Files\Common Files\PACE Anti-Piracy
2012-02-03 23:07:23 -------- d-----w- C:\Windows\pss
2012-02-03 22:08:32 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\2BrightSparks
2012-02-03 21:53:59 -------- d-----w- C:\Program Files (x86)\SMS2PC
2012-02-03 18:59:00 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\com.sohnar.traffic.Traffic
2012-02-03 18:58:58 -------- d-----w- C:\Program Files (x86)\Traffic
2012-02-03 18:54:20 -------- d-----r- C:\Program Files (x86)\Skype
2012-02-03 18:24:13 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-02-03 18:18:24 -------- d-----w- C:\ProgramData\ALM
2012-02-03 18:10:49 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-02-03 18:10:49 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-02-03 18:10:49 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-02-03 18:10:49 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-02-03 18:10:49 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-02-03 18:10:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-02-03 18:04:08 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Adobe
2012-02-03 18:04:02 -------- d-----w- C:\Windows\Panther
2012-02-03 17:51:34 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Xmarks
2012-02-03 17:51:34 -------- d-----w- C:\Program Files (x86)\Xmarks
2012-02-03 16:23:11 -------- d-----w- C:\Program Files\Windows XP Mode
2012-02-03 16:19:07 -------- d-----r- C:\Users\Jonathan Smith\Virtual Machines
2012-02-03 16:11:32 66304 ----a-w- C:\Windows\System32\drivers\vpcnfltr.sys
2012-02-03 16:04:35 -------- d-sh--w- C:\Diskeeper
2012-02-03 15:49:46 52144 ----a-w- C:\Windows\System32\drivers\DKRtWrt.sys
2012-02-03 15:49:44 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation
2012-02-03 15:49:43 -------- d-----w- C:\ProgramData\Diskeeper Corporation
2012-02-03 15:49:42 -------- d-----w- C:\Program Files\Diskeeper Corporation
2012-02-03 15:43:13 -------- d-----w- C:\Program Files (x86)\GPLGS
2012-02-03 15:42:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2012-02-03 15:42:41 -------- d-----w- C:\Program Files (x86)\Acro Software
2012-02-03 15:38:31 333864 ----a-w- C:\Windows\System32\drivers\mv64xx.sys
2012-02-03 15:38:31 18944 ----a-w- C:\Windows\System32\mvcoinst.dll
2012-02-03 15:24:40 -------- d-----w- C:\Program Files\DivX
2012-02-03 15:24:38 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-02-03 15:24:14 -------- d-----w- C:\Program Files (x86)\DivX
2012-02-03 15:23:19 -------- d-----w- C:\ProgramData\DivX
2012-02-03 15:20:38 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
2012-02-03 15:20:38 497664 ----a-w- C:\Windows\SysWow64\ac3filter.acm
2012-02-03 15:20:37 -------- d-----w- C:\Program Files (x86)\AC3Filter
2012-02-03 15:19:32 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-02-03 15:13:30 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2012-02-03 15:13:30 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-02-03 15:13:30 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2012-02-03 15:13:30 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-02-03 15:13:30 173568 ----a-w- C:\Windows\System32\xvid.ax
2012-02-03 15:13:30 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-02-03 15:13:26 -------- d-----w- C:\Program Files (x86)\Xvid
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-03 15:11:35 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Apple
2012-02-03 15:04:53 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Spotify
2012-02-03 15:04:29 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\Spotify
2012-02-03 15:00:33 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-02-03 15:00:08 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-03 13:10:17 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Thunderbird
2012-02-03 11:55:13 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\PasswordSafe
2012-02-03 11:49:53 -------- d-----w- C:\Program Files\CCleaner
2012-02-03 11:46:54 -------- d-----w- C:\Windows\SysWow64\Wat
2012-02-03 11:46:54 -------- d-----w- C:\Windows\System32\Wat
2012-02-03 11:36:54 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-02-03 11:36:54 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-02-03 11:29:34 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-02-03 11:29:34 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-02-03 11:23:34 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2012-02-03 11:22:25 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-02-03 11:22:25 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-02-03 11:22:25 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-02-03 11:22:25 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-02-03 11:22:25 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-02-03 11:22:25 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-02-03 11:22:25 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-02-03 11:22:25 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-02-03 11:22:25 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-02-03 11:22:25 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-02-03 11:22:06 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-02-03 11:11:06 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-02-03 11:11:06 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-02-03 11:09:57 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-02-03 11:08:59 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2012-02-03 11:05:18 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-02-03 11:05:17 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-02-03 11:05:17 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-02-03 11:05:17 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-02-03 11:04:27 3141632 ----a-w- C:\Windows\System32\win32k.sys
2012-02-03 11:03:43 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-02-03 11:03:43 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-02-03 11:03:43 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-02-03 11:03:39 112000 ----a-w- C:\Windows\System32\consent.exe
2012-02-03 11:01:39 77312 ----a-w- C:\Windows\System32\packager.dll
2012-02-03 11:01:39 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-03 10:51:26 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DF9E14C-6F51-4408-B5C6-6E0518883839}\gapaengine.dll
2012-02-03 10:48:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-03 10:48:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-03 10:48:01 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-02-03 10:40:54 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{79989280-CD39-4C20-B37B-73289CF27240}\mpengine.dll
2012-02-03 10:40:53 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-03 10:29:29 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\Malwarebytes
2012-02-03 10:29:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-03 10:29:25 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-03 10:29:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-03 10:20:51 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Google
2012-02-03 10:20:40 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Deployment
2012-02-03 10:20:40 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Apps
2012-02-03 10:20:37 -------- d-sh--w- C:\Windows\Installer
2012-02-03 10:20:36 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-02-03 10:20:36 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-02-03 10:20:33 539168 ----a-w- C:\Windows\System32\nvuninst.exe
2012-02-03 10:19:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-03 10:19:31 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-03 10:19:30 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-02-03 10:19:30 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
.
==================== Find3M ====================
.
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:52:26.50 ===============
I'm hoping that someone can give me a bit of direction or reassurance into a potential ongoing virus issue...
I re-installed my OS (Win 7 64 pro) yesterday after picking up some kind of 'virus' the previous evening that I was unable to remove. The issue now is that MBAM keeps blocking a specific IP address (89.28.122.76) each time I load Skype. Here's how the IP block is logged in MBAM:
* 2012/02/04 13:35:59 GMT JONATHANSMITH Jonathan Smith IP-BLOCK 89.28.122.76 (Type: outgoing, Port: 47748, Process: skype.exe)
I'm still able to make and receive calls through Skype however the IP Block is obviously a concern after the issues I had yesterday.
At the moment I run MBAM along with MSE. I've updated the MSE set-up so the two don’t conflict as per the guides on "MBAM's forum.
I've run a number of scans and then gone through the five step Viruses/Spyware/Malware Preliminary Removal instructions from the TechSpot Forum
I'm hoping the issue is down to Skype conflicting with MBAM although I've found nothing online to suggest this...
Thanks in advance for any help and any suggestions.
Jonathan
The three logs are listed below.
-----------------------------
MBAM
-----------------------------
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.04.02
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jonathan Smith :: JONATHANSMITH [administrator]
Protection: Enabled
04/02/2012 15:44:40
mbam-log-2012-02-04 (15-44-40).txt
Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 3
Time elapsed: 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-----------------------------
GMER
-----------------------------
No Log
-----------------------------
GMER
-----------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Jonathan Smith at 15:51:53 on 2012-02-04
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.12279.10627 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.uk/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Jonathan Smith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FD43F12E-C957-4315-B88F-0CCCC1D59027} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mv64xx;mv64xx;C:\Windows\system32\DRIVERS\mv64xx.sys --> C:\Windows\system32\DRIVERS\mv64xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\Razerlow.sys --> C:\Windows\system32\drivers\Razerlow.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-3 652360]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-5-14 4901888]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-04 15:44:13 388096 ----a-r- C:\Users\Jonathan Smith\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-04 15:44:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-04 14:57:20 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\Process Hacker
2012-02-04 13:08:28 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-04 13:08:16 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{36E1FA32-D1AF-4FDB-827A-F69D79C0B6B9}\mpengine.dll
2012-02-04 13:01:21 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-04 10:46:21 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\OpenOffice.org
2012-02-04 10:04:16 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-02-04 09:59:17 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\PACE Anti-Piracy
2012-02-04 09:59:17 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\PACE Anti-Piracy
2012-02-04 09:59:17 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-02-04 09:59:17 -------- d-----w- C:\Program Files\Common Files\PACE Anti-Piracy
2012-02-03 23:07:23 -------- d-----w- C:\Windows\pss
2012-02-03 22:08:32 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\2BrightSparks
2012-02-03 21:53:59 -------- d-----w- C:\Program Files (x86)\SMS2PC
2012-02-03 18:59:00 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\com.sohnar.traffic.Traffic
2012-02-03 18:58:58 -------- d-----w- C:\Program Files (x86)\Traffic
2012-02-03 18:54:20 -------- d-----r- C:\Program Files (x86)\Skype
2012-02-03 18:24:13 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-02-03 18:18:24 -------- d-----w- C:\ProgramData\ALM
2012-02-03 18:10:49 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-02-03 18:10:49 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-02-03 18:10:49 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-02-03 18:10:49 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-02-03 18:10:49 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-02-03 18:10:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-02-03 18:04:08 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Adobe
2012-02-03 18:04:02 -------- d-----w- C:\Windows\Panther
2012-02-03 17:51:34 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Xmarks
2012-02-03 17:51:34 -------- d-----w- C:\Program Files (x86)\Xmarks
2012-02-03 16:23:11 -------- d-----w- C:\Program Files\Windows XP Mode
2012-02-03 16:19:07 -------- d-----r- C:\Users\Jonathan Smith\Virtual Machines
2012-02-03 16:11:32 66304 ----a-w- C:\Windows\System32\drivers\vpcnfltr.sys
2012-02-03 16:04:35 -------- d-sh--w- C:\Diskeeper
2012-02-03 15:49:46 52144 ----a-w- C:\Windows\System32\drivers\DKRtWrt.sys
2012-02-03 15:49:44 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation
2012-02-03 15:49:43 -------- d-----w- C:\ProgramData\Diskeeper Corporation
2012-02-03 15:49:42 -------- d-----w- C:\Program Files\Diskeeper Corporation
2012-02-03 15:43:13 -------- d-----w- C:\Program Files (x86)\GPLGS
2012-02-03 15:42:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2012-02-03 15:42:41 -------- d-----w- C:\Program Files (x86)\Acro Software
2012-02-03 15:38:31 333864 ----a-w- C:\Windows\System32\drivers\mv64xx.sys
2012-02-03 15:38:31 18944 ----a-w- C:\Windows\System32\mvcoinst.dll
2012-02-03 15:24:40 -------- d-----w- C:\Program Files\DivX
2012-02-03 15:24:38 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-02-03 15:24:14 -------- d-----w- C:\Program Files (x86)\DivX
2012-02-03 15:23:19 -------- d-----w- C:\ProgramData\DivX
2012-02-03 15:20:38 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
2012-02-03 15:20:38 497664 ----a-w- C:\Windows\SysWow64\ac3filter.acm
2012-02-03 15:20:37 -------- d-----w- C:\Program Files (x86)\AC3Filter
2012-02-03 15:19:32 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-02-03 15:13:30 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2012-02-03 15:13:30 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-02-03 15:13:30 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2012-02-03 15:13:30 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-02-03 15:13:30 173568 ----a-w- C:\Windows\System32\xvid.ax
2012-02-03 15:13:30 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-02-03 15:13:26 -------- d-----w- C:\Program Files (x86)\Xvid
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-03 15:12:27 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-03 15:11:35 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Apple
2012-02-03 15:04:53 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Spotify
2012-02-03 15:04:29 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\Spotify
2012-02-03 15:00:33 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-02-03 15:00:08 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-03 13:10:17 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Thunderbird
2012-02-03 11:55:13 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\PasswordSafe
2012-02-03 11:49:53 -------- d-----w- C:\Program Files\CCleaner
2012-02-03 11:46:54 -------- d-----w- C:\Windows\SysWow64\Wat
2012-02-03 11:46:54 -------- d-----w- C:\Windows\System32\Wat
2012-02-03 11:36:54 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-02-03 11:36:54 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-02-03 11:29:34 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-02-03 11:29:34 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-02-03 11:23:34 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2012-02-03 11:22:25 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-02-03 11:22:25 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-02-03 11:22:25 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-02-03 11:22:25 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-02-03 11:22:25 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-02-03 11:22:25 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-02-03 11:22:25 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-02-03 11:22:25 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-02-03 11:22:25 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-02-03 11:22:25 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-02-03 11:22:06 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-02-03 11:11:06 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-02-03 11:11:06 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-02-03 11:09:57 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-02-03 11:08:59 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2012-02-03 11:05:18 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-02-03 11:05:17 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-02-03 11:05:17 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-02-03 11:05:17 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-02-03 11:04:27 3141632 ----a-w- C:\Windows\System32\win32k.sys
2012-02-03 11:03:43 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-02-03 11:03:43 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-02-03 11:03:43 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-02-03 11:03:39 112000 ----a-w- C:\Windows\System32\consent.exe
2012-02-03 11:01:39 77312 ----a-w- C:\Windows\System32\packager.dll
2012-02-03 11:01:39 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-03 10:51:26 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DF9E14C-6F51-4408-B5C6-6E0518883839}\gapaengine.dll
2012-02-03 10:48:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-03 10:48:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-03 10:48:01 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-02-03 10:40:54 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{79989280-CD39-4C20-B37B-73289CF27240}\mpengine.dll
2012-02-03 10:40:53 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-03 10:29:29 -------- d-----w- C:\Users\Jonathan Smith\AppData\Roaming\Malwarebytes
2012-02-03 10:29:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-03 10:29:25 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-03 10:29:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-03 10:20:51 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Google
2012-02-03 10:20:40 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Deployment
2012-02-03 10:20:40 -------- d-----w- C:\Users\Jonathan Smith\AppData\Local\Apps
2012-02-03 10:20:37 -------- d-sh--w- C:\Windows\Installer
2012-02-03 10:20:36 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-02-03 10:20:36 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-02-03 10:20:33 539168 ----a-w- C:\Windows\System32\nvuninst.exe
2012-02-03 10:19:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-03 10:19:31 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-03 10:19:30 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-02-03 10:19:30 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
.
==================== Find3M ====================
.
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:52:26.50 ===============
