Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Russian Attack help pelase

Started by joshepst , Jul 29 2011 07:27 AM

  • Please log in to reply

#1
joshepst
Posted 29 July 2011 - 07:27 AM

joshepst

    New Member

  • Member
  • Pip
  • 1 posts
My firewall slows my connection to a crawl because the ip is being remotly controlled.
Ran MS Security Essentials and Malwarebytes and both came out clean.
Would appreciate any help in figuring out a plan to stop this.
Firwall log, WHOIS, and OTL Log below:

Here is the firewall log:

14 2011-07-29 07:40:03 Send:[HASH][NOTFY:R_U_THERE] 69.38.231.218 64.115.13.162 IKE
15 2011-07-29 07:40:03 The cookie pair is : 0x34AA83E5190904E9 / 0xEDAE3F2381E7C856 69.38.231.218 64.115.13.162 IKE
16 2011-07-29 07:38:49 syn flood TCP (L to W1) (Repeated: 5) 192.168.1.142:49242 178.237.25.51:80 ATTACK
17 2011-07-29 07:38:32 syn flood TCP (L to W1) (Repeated: 4) 192.168.1.142:49231 178.237.25.51:80 ATTACK

WHOIS - 178.237.25.51

Location: Unknown

ARIN says that this IP belongs to RIPE; I'm looking it up there.


% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/...-conditions.pdf

% Information related to '178.237.24.0 - 178.237.31.255'

inetnum: 178.237.24.0 - 178.237.31.255
netname: MAILRU-NET-I2
descr: ICQ NET 2
country: RU
admin-c: MAIL-RU
tech-c: MAIL-RU
status: ASSIGNED PA
mnt-by: MNT-NETBRIDGE
changed: ******@nic.ru 20100824
changed: ******@corp.mail.ru 20110402
source: RIPE

role: MAIL.RU NOC
address: Limited liability company Mail.Ru
address: Leningradskiy prospect, 47, build 2
address: 125167 Moscow Russia
phone: +7 495 7256357
fax-no: +7 495 7256359
remarks: ------------------------------------------
e-mail: ***@corp.mail.ru
admin-c: VG659-RIPE
admin-c: VT1525-RIPE
tech-c: TIMA-RIPE
remarks: -----------------------------------------
remarks: General questions: ***@corp.mail.ru
remarks: Spam & Abuse: *****@corp.mail.ru
remarks: Routing inquiries: ***@corp.mail.ru
remarks: Peering issues: ***@corp.mail.ru
remarks: -----------------------------------------
remarks: --------- A T T E N T I O N !!! ---------
remarks: Please use *****@corp.mail.ru e-mail
remarks: address for spam and abuse complaints.
remarks: Mails for other addresses will be ignored!
remarks: -----------------------------------------
mnt-by: MNT-NETBRIDGE
abuse-mailbox: *****@corp.mail.ru
nic-hdl: MAIL-RU
changed: ******@corp.mail.ru 20101129
changed: ******@corp.mail.ru 20110627
source: RIPE

% Information related to '178.237.16.0/20AS51286'

route: 178.237.16.0/20
descr: icnet
origin: AS51286
mnt-by: MNT-NETBRIDGE
changed: ******@corp.mail.ru 20110331
source: RIPE

% Information related to '178.237.25.0/24AS51286'

route: 178.237.25.0/24
descr: iCnet10
origin: AS51286
mnt-by: MNT-NETBRIDGE
changed: ********@corp.mail.ru 20100824
changed: ******@corp.mail.ru 20110403
source: RIPE


OTL Log:

OTL logfile created on: 7/29/2011 9:15:54 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\JOSHEW500\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 50.00% Memory free
5.86 Gb Paging File | 4.22 Gb Available in Paging File | 72.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 53.41 Gb Free Space | 47.82% Space Free | Partition Type: NTFS

Computer Name: JOSHEW500-PC | User Name: JOSHEW500 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/29 09:15:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\JOSHEW500\Downloads\OTL.exe
PRC - [2011/07/29 06:09:22 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/29 04:46:19 | 000,124,216 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.5\ICQ.exe
PRC - [2011/06/17 14:20:37 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/06/08 13:05:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/06/08 13:04:54 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/06/06 12:55:30 | 001,480,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/10 16:06:42 | 000,951,656 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2011/04/10 16:06:40 | 000,730,472 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/12 21:51:10 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/09/08 17:10:24 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2009/09/08 17:10:22 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009/09/08 16:59:08 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe


========== Modules (SafeList) ==========

MOD - [2011/07/29 09:15:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\JOSHEW500\Downloads\OTL.exe
MOD - [2010/11/20 17:29:06 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/17 14:50:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/08 13:05:08 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/06/08 13:04:54 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/09/08 17:10:24 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009/09/08 17:10:22 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/29 07:44:29 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49547430-B75C-4B19-9287-C64B27C06A1A}\MpKsl182c7817.sys -- (MpKsl182c7817)
DRV - [2011/06/08 13:05:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/04/10 20:08:50 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.6.31854.0.sys -- (DisplayLinkUsbPort)
DRV - [2011/04/10 16:07:03 | 000,182,896 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2011/04/10 16:07:03 | 000,014,448 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2011/01/11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/12/03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/10/05 17:56:06 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/09/15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2008/08/22 22:10:32 | 000,225,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 76 E2 D6 1D 2D CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {07450679-A737-4F26-B3E6-E994A7C5CD92} http://192.168.24.21...file/DVROcx.cab (DVROcx Control)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenov...ct/acpirexe.cab (IASRunner Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.20
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/29 09:05:49 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{EBA640AE-7341-409D-BC5B-85A9326D6C02}
[2011/07/29 07:56:11 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Roaming\Malwarebytes
[2011/07/29 07:56:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/29 07:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/29 07:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/29 07:56:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/29 07:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/29 07:39:12 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{7D79A81D-FB98-4E15-B18C-09D7F49521FA}
[2011/07/28 07:38:09 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{CE6FD636-6BCA-4F75-B66A-455012344E1D}
[2011/07/27 09:27:37 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{21E98F22-8750-4031-8A20-603A88A6381A}
[2011/07/26 10:25:03 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{EC383038-4D77-4692-AE23-C309CB17472A}
[2011/07/25 07:38:50 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{9D434AEB-5878-4F6E-A3AB-F51737D5A1B9}
[2011/07/23 07:13:37 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Roaming\Apple Computer
[2011/07/23 07:13:37 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\Apple Computer
[2011/07/23 07:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/23 07:13:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/07/23 07:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/23 07:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/23 07:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/23 07:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/07/23 07:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/23 07:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/07/23 07:12:47 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\Apple
[2011/07/23 07:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/23 07:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/23 07:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/07/23 07:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/07/22 12:28:09 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{881CE0BF-B0EB-48B5-811A-6F0B475E239A}
[2011/07/21 08:06:21 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{9A2D6D9D-EF89-4DA4-B6C8-91D2D8E27449}
[2011/07/15 10:04:30 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{5EB3EC74-E0AB-4EC2-A483-CE199629D077}
[2011/07/15 10:02:40 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Roaming\ATI
[2011/07/15 10:02:40 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\ATI
[2011/07/15 10:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/15 10:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/07/15 10:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/15 10:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/07/14 12:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2011/07/14 09:48:16 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{DDBD1F8D-55F8-462B-8AA0-AA66A3DC892F}
[2011/07/13 07:29:05 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{D86BB259-D00A-4824-9B96-CA6A10E77618}
[2011/07/13 07:28:41 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\Desktop\SD
[2011/07/12 09:25:53 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{B06802BE-9F40-4B3B-A38F-5B1D3E617EB4}
[2011/07/11 07:56:39 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{4B243312-B8A8-4CF8-BA13-4846F3D74559}
[2011/07/08 09:40:45 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{4BBD7E69-39D0-4F29-A3B5-D28CF00A7B9F}
[2011/07/07 13:06:58 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{7E53A933-2EF8-4909-B4FA-9495C96B6F7E}
[2011/07/06 08:08:17 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{C244D29F-E0E0-425B-8C22-3C71503F7E61}
[2011/07/05 08:43:56 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\Desktop\Show Desktop
[2011/07/05 07:49:51 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{3E5292AA-902E-412B-AC89-6A0FE5F3761B}
[2011/07/02 07:40:54 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{0E7335FB-1377-4543-BD32-7F2D21F0F05E}
[2011/07/02 07:39:21 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{DCC75A41-3A97-42D4-BD76-1EA2146D9A5F}
[2011/07/01 06:59:07 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{44E81ECA-78FF-4A65-BA09-AA4FE3CC356F}
[2011/06/30 14:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DP N4525
[2011/06/30 14:40:31 | 000,106,559 | ---- | C] (Xerox Corporation) -- C:\Windows\System32\XSNMX.DLL
[2011/06/30 14:40:31 | 000,094,208 | ---- | C] (Xerox) -- C:\Windows\System32\bidiSNMP.dll
[2011/06/30 14:40:31 | 000,081,028 | ---- | C] (Xerox Corp.) -- C:\Windows\System32\XeroxLpr.dll
[2011/06/30 14:40:31 | 000,065,599 | ---- | C] (Xerox Corporation) -- C:\Windows\System32\XBASE.DLL
[2011/06/30 14:40:31 | 000,053,309 | ---- | C] (Xerox Corporation) -- C:\Windows\System32\XV2P.DLL
[2011/06/30 14:40:31 | 000,045,056 | ---- | C] (Xerox) -- C:\Windows\System32\XRXIPDIS.DLL
[2011/06/30 14:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Xerox
[2011/06/30 13:33:56 | 000,000,000 | ---D | C] -- C:\Users\JOSHEW500\AppData\Local\{D7E203DC-7EEC-4457-9CFF-7DBAD492153C}

========== Files - Modified Within 30 Days ==========

[2011/07/29 08:41:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/29 07:59:39 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/29 07:59:39 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/29 07:56:06 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/29 07:43:36 | 000,022,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/29 07:43:36 | 000,022,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/29 07:41:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/29 07:36:37 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2011/07/29 07:36:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/29 07:36:25 | 2360,893,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 15:23:47 | 000,001,914 | ---- | M] () -- C:\Users\JOSHEW500\Desktop\TS Mas.lnk
[2011/07/13 12:14:41 | 000,342,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/13 07:34:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/12 10:19:18 | 000,000,157 | ---- | M] () -- C:\Users\JOSHEW500\Desktop\Duckback Products - Woodperfect Coating.url
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/30 14:40:51 | 000,000,178 | ---- | M] () -- C:\Windows\PowerReg.dat
[2011/06/30 14:40:31 | 000,000,117 | ---- | M] () -- C:\Windows\XaddPort.Ini
[2011/06/30 14:38:58 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmp70F88.FOT
[2011/06/30 14:38:57 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmp24D88.FOT
[2011/06/29 10:10:49 | 000,085,920 | ---- | M] () -- C:\Users\JOSHEW500\Desktop\scp houstons.png

========== Files Created - No Company Name ==========

[2011/07/29 07:56:06 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/23 07:12:47 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/13 07:34:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/12 10:19:18 | 000,000,157 | ---- | C] () -- C:\Users\JOSHEW500\Desktop\Duckback Products - Woodperfect Coating.url
[2011/06/30 14:40:45 | 000,000,178 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/06/30 14:40:31 | 000,013,492 | ---- | C] () -- C:\Windows\BiDiSNMP.ini
[2011/06/30 14:40:31 | 000,003,220 | ---- | C] () -- C:\Windows\XPmPrint.ini
[2011/06/30 14:40:31 | 000,000,117 | ---- | C] () -- C:\Windows\XaddPort.Ini
[2011/06/30 14:38:58 | 000,001,409 | ---- | C] () -- C:\Windows\System32\tmp70F88.FOT
[2011/06/30 14:38:57 | 000,001,409 | ---- | C] () -- C:\Windows\System32\tmp24D88.FOT
[2011/06/29 10:10:49 | 000,085,920 | ---- | C] () -- C:\Users\JOSHEW500\Desktop\scp houstons.png
[2011/06/21 15:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2011/06/21 15:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd11.dll
[2011/06/21 15:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2011/06/18 09:13:51 | 000,086,016 | ---- | C] () -- C:\Windows\System32\amd422codec.dll
[2011/06/17 16:25:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/17 16:15:39 | 000,007,609 | ---- | C] () -- C:\Users\JOSHEW500\AppData\Local\Resmon.ResmonCfg
[2011/06/17 15:53:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/12/02 19:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,342,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,626,278 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/13 16:24:40 | 000,131,072 | ---- | C] () -- C:\Windows\System32\hidecCodec.dll
[2009/02/18 17:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 20:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2011/07/06 12:13:01 | 000,000,000 | ---D | M] -- C:\Users\JOSHEW500\AppData\Roaming\BitTorrent
[2011/06/29 08:23:13 | 000,000,000 | ---D | M] -- C:\Users\JOSHEW500\AppData\Roaming\FinalTorrent
[2011/07/29 07:37:36 | 000,000,000 | ---D | M] -- C:\Users\JOSHEW500\AppData\Roaming\ICQ
[2011/06/17 14:07:31 | 000,000,000 | ---D | M] -- C:\Users\JOSHEW500\AppData\Roaming\PCDr
[2011/06/17 14:03:43 | 000,000,000 | ---D | M] -- C:\Users\JOSHEW500\AppData\Roaming\Update
[2011/06/20 07:34:05 | 000,000,000 | ---D | M] -- C:\Users\JOSHEW500\AppData\Roaming\Windows Live Writer
[2011/07/29 07:36:37 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\FinalTorrent Update Checker.job
[2009/07/14 00:53:46 | 000,020,396 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by joshepst, 29 July 2011 - 07:38 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP