Hi knight_wolf

I would like you do the prework (link in my sig) and post the resulting logs back here. The security team can then advise on your next course of action. I'm sure we can get this sorted for you.
Thanks for your patience

Here you go ...



DDS (Ver_09-07-30.01) - NTFSx86
Run by Anirudh at 2:34:34.00 on Sun 09/20/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1770 [GMT 5.5:30]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\Debug32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\System32\nvscv32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\8150.exe
C:\Program Files\K-Lite Codec Pack\Media player Classic\mplayerc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anirudh\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Google Update] "c:\users\anirudh\appdata\local\google\update\Goog leUpdate.exe" /c
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [debug] c:\windows\system32\Debug32.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [32.exe] c:\windows\system32\nvscv32.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {626385F1-AE09-46C8-9D42-ECD650719724} = 202.56.215.6,202.56.215.54
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\anirudh\appdata\roaming\mozilla\firefox\p rofiles\q4gweo58.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.gmail.com
FF - prefs.js: keyword.URL -
FF - component: c:\users\anirudh\appdata\roaming\mozilla\firefox\p rofiles\q4gweo58.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\anirudh\appdata\local\google\update\1.2.1 83.7\npGoogleOneClick8.dll
FF - plugin: c:\users\anirudh\appdata\roaming\mozilla\plugins\n pgoogletalk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-9-20 269648]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2009-9-20 19160]
S2 0010281253392305mcinstcleanup;McAfee Application Installer Cleanup (0010281253392305);c:\windows\temp\001028~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\001028~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-23 79360]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-8-29 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-8-29 3072]
=============== Created Last 30 ================
2009-09-20 02:06 30,720 a------- c:\windows\system32\8150.exe
2009-09-20 01:48 23 a--sh--- c:\windows\system32\dbddac2_d.dll
2009-09-20 01:48 23 a------- c:\windows\system32\fbbb2_d.ocx
2009-09-20 01:48 <DIR> --d----- c:\program files\RegSupreme Pro
2009-09-20 00:14 <DIR> --d----- c:\users\anirudh\appdata\roaming\Malwarebytes
2009-09-20 00:14 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-20 00:14 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 00:14 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-20 00:14 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-20 00:14 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 00:13 30,720 a------- c:\windows\system32\28176.exe
2009-09-19 22:25 30,720 a------- c:\windows\system32\23223.exe
2009-09-19 22:18 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-19 22:14 <DIR> --d----- c:\program files\CleanUp!
2009-09-19 21:30 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-09-19 21:30 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-19 21:30 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-09-19 20:47 30,720 a------- c:\windows\system32\19355.exe
2009-09-19 20:28 30,720 a------- c:\windows\system32\19050.exe
2009-09-19 19:14 8,712 a------- c:\windows\system32\download23763.exe
2009-09-19 18:01 20,480 a------- c:\windows\system32\download30606.exe
2009-09-19 17:53 30,720 a------- c:\windows\system32\31371.exe
2009-09-19 17:49 30,720 a------- c:\windows\system32\1368.exe
2009-09-19 17:47 20,480 a------- c:\windows\system32\download29105.exe
2009-09-19 17:22 <DIR> --d----- c:\users\anirudh\appdata\roaming\LimeWire
2009-09-19 17:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-09-19 17:06 <DIR> --d----- C:\DOWNLOADS
2009-09-19 17:06 <DIR> --d----- C:\!Temp
2009-09-19 17:05 <DIR> --d----- c:\program files\BearShare Pro
2009-09-19 15:42 20,480 a------- c:\windows\system32\download9492.exe
2009-09-19 15:42 22,528 a------- c:\windows\system32\16959.exe
2009-09-19 12:51 22,528 a------- c:\windows\system32\9514.exe
2009-09-19 12:51 20,480 a------- c:\windows\system32\download13421.exe
2009-09-19 12:23 22,528 a------- c:\windows\system32\7814.exe
2009-09-19 12:23 20,480 a------- c:\windows\system32\download10433.exe
2009-09-18 22:09 20,480 a------- c:\windows\system32\download15920.exe
2009-09-18 22:09 20,480 a------- c:\windows\system32\download14082.exe
2009-09-18 22:08 20,480 a------- c:\windows\system32\download22261.exe
2009-09-18 22:08 20,480 a------- c:\windows\system32\download3766.exe
2009-09-18 21:48 20,480 a------- c:\windows\system32\download20209.exe
2009-09-18 19:24 22,528 a------- c:\windows\system32\2598.exe
2009-09-18 19:24 20,480 a------- c:\windows\system32\download12662.exe
2009-09-18 16:26 20,480 a------- c:\windows\download17427.exe
2009-09-18 16:25 22,528 ---shr-- c:\windows\msnmger.exe
2009-09-18 16:25 22,528 a------- c:\windows\system32\9492.exe
2009-09-18 10:28 20,480 a------- c:\windows\system32\download12589.exe
2009-09-18 10:22 20,480 a------- c:\windows\system32\download32057.exe
2009-09-17 21:29 20,480 a------- c:\windows\system32\download369.exe
2009-09-17 20:36 20,480 a------- c:\windows\system32\download16569.exe
2009-09-17 18:09 20,480 a------- c:\windows\system32\download22154.exe
2009-09-17 09:56 20,480 a------- c:\windows\system32\download3357.exe
2009-09-16 21:02 20,480 a------- c:\windows\system32\download17879.exe
2009-09-16 10:26 20,480 a------- c:\windows\system32\download30540.exe
2009-09-16 08:02 20,480 a------- c:\windows\download10331.exe
2009-09-16 08:01 20,480 ---shr-- c:\windows\system32\nvscv32.exe
2009-09-16 08:01 20,480 a------- c:\windows\system32\download28291.exe
2009-09-12 14:16 <DIR> --d----- c:\programdata\Nero
2009-09-12 14:16 <DIR> --d----- c:\progra~2\Nero
2009-09-12 14:15 <DIR> --d----- c:\program files\Nero
2009-09-10 21:42 <DIR> --d----- c:\program files\Unlocker
2009-09-08 23:28 1,374,312 a------- C:\winrar_install.exe
2009-09-08 23:28 22,528 ---shr-- c:\windows\system32\Debug32.exe
2009-09-08 23:28 22,528 a------- C:\ms18467.exe
2009-09-05 16:25 <DIR> --d----- c:\programdata\Blizzard
2009-09-05 16:25 <DIR> --d----- c:\progra~2\Blizzard
2009-09-04 12:39 304,128 a------- c:\windows\IsUninst.exe
2009-09-03 23:01 2,048 a------- c:\windows\system32\tzres.dll
2009-09-03 22:27 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-09-03 22:27 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-03 22:27 218,624 a------- c:\windows\system32\msv1_0.dll
2009-09-03 22:27 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-03 22:27 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-09-03 22:27 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-03 22:27 270,848 a------- c:\windows\system32\schannel.dll
2009-09-03 22:27 72,704 a------- c:\windows\system32\secur32.dll
2009-09-03 22:27 9,728 a------- c:\windows\system32\lsass.exe
2009-09-03 22:26 2,034,688 a------- c:\windows\system32\win32k.sys
2009-09-03 22:26 156,672 a------- c:\windows\system32\t2embed.dll
2009-09-03 22:26 72,704 a------- c:\windows\system32\fontsub.dll
2009-09-03 22:26 289,792 a------- c:\windows\system32\atmfd.dll
2009-09-03 22:26 23,552 a------- c:\windows\system32\lpk.dll
2009-09-03 22:26 10,240 a------- c:\windows\system32\dciman32.dll
2009-09-03 22:26 71,680 a------- c:\windows\system32\atl.dll
2009-09-03 22:26 623,616 a------- c:\windows\system32\localspl.dll
2009-09-03 22:26 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-09-03 22:26 160,256 a------- c:\windows\system32\wkssvc.dll
2009-09-03 22:26 91,136 a------- c:\windows\system32\avifil32.dll
2009-09-03 22:25 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-09-03 22:25 4,096 a------- c:\windows\system32\msdxm.ocx
2009-09-03 22:25 4,096 a------- c:\windows\system32\dxmasf.dll
2009-09-03 22:25 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-09-03 22:25 7,680 a------- c:\windows\system32\spwmp.dll
2009-09-03 22:25 43,520 a------- c:\windows\system32\msdxm.tlb
2009-09-03 22:25 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-31 13:50 <DIR> --d----- c:\users\anirudh\appdata\roaming\Microsoft Games
2009-08-31 13:32 <DIR> --d----- c:\program files\common files\Microsoft Games
2009-08-29 15:36 1,663,488 a------- c:\windows\system32\BootMan.exe
2009-08-29 15:36 86,408 a------- c:\windows\system32\setupempdrv03.exe
2009-08-29 15:36 14,848 a------- c:\windows\system32\EuEpmGdi.dll
2009-08-29 15:36 9,728 a------- c:\windows\system32\epmntdrv.sys
2009-08-29 15:36 3,072 a------- c:\windows\system32\EuGdiDrv.sys
2009-08-29 15:36 <DIR> --d----- c:\program files\EASEUS
2009-08-26 10:50 <DIR> --d----- c:\programdata\Yahoo!
2009-08-26 10:50 <DIR> --d----- c:\program files\Yahoo!
2009-08-26 10:48 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-08-23 22:34 <DIR> --d----- c:\programdata\Adobe
2009-08-23 21:48 <DIR> --d----- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
==================== Find3M ====================
2009-09-19 23:54 87,841 a------- c:\programdata\nvModes.dat
2009-09-19 23:54 87,841 a------- c:\progra~2\nvModes.dat
2009-09-03 21:13 86,016 a------- c:\windows\inf\infstrng.dat
2009-09-03 21:13 51,200 a------- c:\windows\inf\infpub.dat
2009-09-03 21:13 86,016 a------- c:\windows\inf\infstor.dat
2009-08-17 02:42 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-08-17 02:42 1,346,080 a------- c:\windows\system32\nvsvs.dll
2009-08-17 02:41 3,176,992 a------- c:\windows\system32\nvwss.dll
2009-08-17 02:41 4,033,056 a------- c:\windows\system32\nvvitvs.dll
2009-08-17 02:41 1,292,832 a------- c:\windows\system32\nvmobls.dll
2009-08-17 02:41 195,104 a------- c:\windows\system32\nvmccss.dll
2009-08-17 02:41 3,553,824 a------- c:\windows\system32\nvgames.dll
2009-08-17 02:41 13,904,416 a------- c:\windows\system32\nvcpl.dll
2009-08-17 02:41 4,930,080 a------- c:\windows\system32\nvdisps.dll
2009-08-17 02:41 764,448 a------- c:\windows\system32\nvsvc.dll
2009-08-17 02:41 215,584 a------- c:\windows\system32\nvvsvc.exe
2009-08-17 02:41 92,704 a------- c:\windows\system32\nvmctray.dll
2009-08-17 00:57 10,858,496 a------- c:\windows\system32\nvoglv32.dll
2009-08-17 00:57 9,545,152 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-17 00:57 7,569,920 a------- c:\windows\system32\nvd3dum.dll
2009-08-17 00:57 3,298,304 a------- c:\windows\system32\nvwgf2um.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-08-17 00:57 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod162.dll
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod.dll
2009-08-17 00:57 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-08-14 13:36 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-08-11 12:35 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-08-03 12:28 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-08-03 00:21 23,320 a------- c:\windows\system32\PhysXDevice.dll
2009-07-25 21:25 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-07-25 01:46 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-23 21:57 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-23 12:53 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-23 12:53 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-22 03:22 915,456 a------- c:\windows\system32\wininet.dll
2009-07-22 03:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-22 03:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-22 01:43 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-15 00:24 795,104 a------- c:\windows\system32\dpinst.exe
2009-07-15 00:24 151,552 a------- c:\windows\system32\nvcod157.dll
2009-07-14 13:29 143,360 a------- c:\windows\system32\nvshext.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-04-11 18:53 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 08:11 174 a--sh--- c:\program files\desktop.ini
2006-11-02 18:10 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 18:10 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 18:10 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 18:10 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 2:35:43.75 ===============

and here is a screen shot to show you just what happens :



Its very annoying since the focus always changes to it whenever it opens a new tab/window

i am having the same exact issue with the same website opening new tabs in firefox

linsey,

Please start your own thread and complete the instructions in prework. That way things won't get confusing with your fixes and the original posters fixes. Thanks

Knightwolf,


Please download Malwarebytes' Anti-Malware from one of these places:

https://www.cleverbridge.com/342/coo...%3ddl-10804572

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, navigate to the Update tab and click Check For Updates. It will then download the latest updates for you
* Now navigate back to the Scan tab
* Select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please check my first post , I have already scanned my system with it and it did not come up with anything, i have the log , and will give a hijackthis log too,

one more thing MBAM keeps blocking this IP "82x146x51x38" , a balloon pops up saying MBAM has successfully blocked this