Jump to content

pdukey

Honorary Members
 View Profile  See their activity

  • Posts

    55

  • Joined

  • Last visited

Reputation

0 Neutral
  1. pdukey
    Thank you once again Elise. All appears well. This topic can be closed.
  2. pdukey
    Had "Security Tool">blue screen of death>system restore>no more "security tool">internet explorer crashes citing corrupted malicious add-on AVG shows clean steps after system restore malwarebytes 1.5 current version nothing found log below defogger disabled DDS logs below and attached GMER nothing found, no log produced Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5302 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/12/2010 4:23:32 PM mbam-log-2010-12-12 (16-23-32).txt Scan type: Quick scan Objects scanned: 159068 Time elapsed: 3 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Timnis at 22:30:59.73 on Sun 12/12/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4106 [GMT -5:00] AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\sminst\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Steam\Steam.exe C:\Users\Timnis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 6\CalCheck.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\AVG\AVG10\avgchsva.exe C:\Program Files (x86)\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\Windows\system32\conhost.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe J:\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.facebook.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent uRun: [Octoshape Streaming Services] "C:\Users\Timnis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" mRun: [Turbine Download Manager Tray Icon] "C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ulead AutoDetector] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe mRun: [ulead Calendar Checker] C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 6\CalCheck.exe mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe StartupFolder: C:\Users\Timnis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Timnis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KUMA_T~1.LNK - C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File mRun-x64: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" mRun-x64: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-6-13 53488] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/01/06 19:31:44];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-1-6 146928] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-1-6 92160] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-6 202752] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R2 SftService;SoftThinks Agent Service;C:\Windows\sminst\SftService.exe [2009-6-13 632048] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920] R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-27 575488] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-6 215040] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-3 135664] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-9-12 25832] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-5 1255736] =============== Created Last 30 ================ 2010-12-12 20:28:04 -------- d-----w- C:\Users\Timnis\AppData\Roaming\AVG10 2010-12-12 20:27:38 -------- d--h--w- C:\PROGRA~3\Common Files 2010-12-12 20:26:40 -------- d-----w- C:\Windows\System32\drivers\AVG 2010-12-12 20:26:40 -------- d-----w- C:\PROGRA~3\AVG10 2010-12-12 17:08:27 -------- d-----w- C:\PROGRA~3\MFAData 2010-12-11 16:32:55 -------- d-----w- C:\PROGRA~3\oKlMe06301 2010-11-23 20:14:26 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2010-11-23 20:14:26 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll 2010-11-19 22:37:26 -------- d-----w- C:\Users\Timnis\AppData\Roaming\.minecraft ==================== Find3M ==================== 2010-11-29 22:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-11-10 03:20:56 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll 2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll 2006-05-03 09:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 10:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 12:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll ============= FINISH: 22:31:17.59 =============== Attach.zip
  3. pdukey
    thank you for the help. all appears well. this topic can be closed.
  4. pdukey
    thank you Elise all appears well. Do i need to run defogger? and enable cd emulation? it disappeared after OLT clean-up.
  5. pdukey
    ESET log: C:\_OTL\MovedFiles\10112010_104614\C_Users\Phoenix\AppData\Local\2287138.exe a variant of Win32/Kryptik.HHB trojan cleaned by deleting - quarantined no issues so far
  6. pdukey
    ok. files hidden and norton has been removed. no issues as of yet. looks clean. let me know next step
  7. pdukey
    OTL completed but did not provide log, only option to reboot. PC rebooted. Mbam updated and ran quick scan. (log below) 2 new desktop icons were created both are desktop.ini and contents are below, can I delete these from the desktop? [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799 [LocalizedFileNames] Norton Internet Security.lnk=@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102 Microsoft Office - 60 Day Trial.lnk=@C:\PROGRA~2\MIDDD5~1\mui\oaa.dll,-103 AND [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4794 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10/11/2010 11:05:37 AM mbam-log-2010-10-11 (11-05-37).txt Scan type: Quick scan Objects scanned: 147324 Time elapsed: 4 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. pdukey
    MrC, please close this post if you can. I had reposted with logs once I found out how to temp stop the issue and Elise has replied. Thank you for your time.
  9. pdukey
    hello, we have the security tool pop ups as seen here. Mbam does find and remove it but security tool returns after restart. I can disable security tool if I end the process quickly after restart. Once disabled we notice no issues. when security tool was running we received the blue screen of death twice citing SPCMDCOM.sys when running OTL I receieved the pop-up "Access violation at 00402975 in Module 'OT.exe' read of address OOBC2304" it then appeared to run fine OTL logfile created on: 10/11/2010 6:55:37 AM - Run 1 OTL by OldTimer - Version 3.2.15.0 Folder = C:\Users\Phoenix\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.13 Gb Total Space | 190.73 Gb Free Space | 66.89% Space Free | Partition Type: NTFS Drive D: | 12.76 Gb Total Space | 2.13 Gb Free Space | 16.70% Space Free | Partition Type: NTFS Computer Name: PHOENIX-PC | User Name: Phoenix | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/10/11 06:54:39 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Phoenix\Desktop\OTL.exe PRC - [2010/10/10 09:29:12 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe PRC - [2010/10/04 15:56:10 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe PRC - [2010/07/21 13:03:13 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe PRC - [2010/07/15 10:49:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe PRC - [2010/07/15 10:49:31 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010/04/11 22:02:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2009/08/22 03:25:16 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe ========== Modules (SafeList) ========== MOD - [2010/10/11 06:54:39 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Phoenix\Desktop\OTL.exe MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/07/21 21:45:27 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/07/21 21:45:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV - [2010/07/21 13:03:13 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/07/15 10:49:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/22 03:25:16 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security) SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV:64bit: - [2010/07/21 21:46:59 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/07/21 21:45:27 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/07/15 10:50:01 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA) DRV:64bit: - [2010/07/15 10:49:32 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64) DRV:64bit: - [2010/06/02 17:32:28 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64) DRV:64bit: - [2010/02/03 16:53:25 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys -- (ccHP) DRV:64bit: - [2010/01/07 11:15:24 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/01/07 11:10:28 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV:64bit: - [2010/01/07 11:10:26 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/12/22 15:35:02 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2009/08/22 03:25:17 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtsp64.sys -- (SRTSP) DRV:64bit: - [2009/08/22 03:25:17 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2009/08/22 03:25:17 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64) DRV:64bit: - [2009/08/22 03:25:17 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symtdi.sys -- (SYMTDI) DRV:64bit: - [2009/08/22 03:25:17 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symfw.sys -- (SYMFW) DRV:64bit: - [2009/08/22 03:25:17 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symndisv.sys -- (SYMNDISV) DRV:64bit: - [2009/08/22 03:25:17 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2009/08/09 03:16:57 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/07/13 18:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/08 16:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009/07/08 16:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009/06/29 14:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009/06/24 15:00:00 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007/05/01 03:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2010/02/03 05:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100220.022\EX64.SYS -- (NAVEX15) DRV - [2010/02/03 05:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100220.022\ENG64.SYS -- (NAVENG) DRV - [2009/12/23 03:26:22 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2009/10/28 18:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys -- (IDSVia64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://airsoftohio.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/07 11:23:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 14:31:46 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [iSUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [2287138] C:\Users\Phoenix\AppData\Local\2287138.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/acti...veX_Control.cab (Photo Upload Plugin Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1 192.168.200.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/11 06:54:39 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Phoenix\Desktop\OTL.exe [2010/10/10 14:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/10/10 14:33:09 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Phoenix\Documents\mbam-setup-1.46.exe [2010/10/05 11:03:41 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Roaming\Roxio [2010/09/15 22:31:03 | 000,000,000 | ---D | C] -- C:\271a6406e41b9b40e64f403ec0317b2c [2010/09/12 22:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2010/09/12 22:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2010/09/12 21:38:23 | 001,247,056 | ---- | C] (Microsoft Corporation) -- C:\Users\Phoenix\Documents\wlsetup-web.exe [2010/09/12 19:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010/09/12 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010/09/12 18:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010/09/12 18:56:41 | 034,456,880 | ---- | C] (Apple Inc.) -- C:\Users\Phoenix\Documents\QuickTimeInstaller.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/10/11 06:55:47 | 004,980,736 | -HS- | M] () -- C:\Users\Phoenix\NTUSER.DAT [2010/10/11 06:54:39 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Phoenix\Desktop\OTL.exe [2010/10/11 06:21:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/10/10 22:19:42 | 000,014,986 | ---- | M] () -- C:\Users\Phoenix\Documents\JFK......docx [2010/10/10 18:52:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/10/10 18:52:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/10/10 18:45:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/10/10 18:45:03 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys [2010/10/10 17:47:24 | 000,000,000 | ---- | M] () -- C:\Users\Phoenix\defogger_reenable [2010/10/10 16:34:25 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/10/10 16:34:25 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/10/10 16:34:25 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/10/10 14:52:35 | 000,293,376 | ---- | M] () -- C:\Users\Phoenix\Desktop\6j21ut87.exe [2010/10/10 14:51:35 | 000,544,768 | ---- | M] () -- C:\Users\Phoenix\Desktop\dds.pif [2010/10/10 14:50:24 | 000,050,477 | ---- | M] () -- C:\Users\Phoenix\Desktop\Defogger.exe [2010/10/10 14:35:18 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/10 14:33:39 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Phoenix\Documents\mbam-setup-1.46.exe [2010/10/10 13:23:12 | 000,989,184 | ---- | M] () -- C:\Users\Phoenix\AppData\Local\2287138.exe [2010/10/10 09:33:13 | 065,853,478 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010/10/07 15:58:19 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPhoenix.job [2010/09/30 22:21:08 | 000,015,061 | ---- | M] () -- C:\Users\Phoenix\Documents\Einstein's Response to Prayer.docx [2010/09/29 20:00:00 | 000,012,673 | ---- | M] () -- C:\Users\Phoenix\Documents\Document Revision.docx [2010/09/24 15:15:44 | 000,019,728 | ---- | M] () -- C:\Users\Phoenix\Documents\locust corner field rules.pdf [2010/09/21 17:09:40 | 000,010,951 | ---- | M] () -- C:\Users\Phoenix\Documents\PLC REV 1.docx [2010/09/17 20:41:31 | 000,083,208 | ---- | M] () -- C:\Users\Phoenix\Documents\Land of Illusion.pdf [2010/09/14 17:01:13 | 000,011,242 | ---- | M] () -- C:\Users\Phoenix\Documents\Scorpion reply.docx [2010/09/13 16:06:19 | 000,010,670 | ---- | M] () -- C:\Users\Phoenix\Documents\OPEN 23 BLACKSIDE.docx [2010/09/12 21:38:26 | 001,247,056 | ---- | M] (Microsoft Corporation) -- C:\Users\Phoenix\Documents\wlsetup-web.exe [2010/09/12 19:40:49 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/09/12 18:58:23 | 034,456,880 | ---- | M] (Apple Inc.) -- C:\Users\Phoenix\Documents\QuickTimeInstaller.exe [2010/09/12 12:56:10 | 000,098,267 | ---- | M] () -- C:\Users\Phoenix\Documents\Troop 710 Roster.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/10/10 17:47:24 | 000,000,000 | ---- | C] () -- C:\Users\Phoenix\defogger_reenable [2010/10/10 14:52:35 | 000,293,376 | ---- | C] () -- C:\Users\Phoenix\Desktop\6j21ut87.exe [2010/10/10 14:51:31 | 000,544,768 | ---- | C] () -- C:\Users\Phoenix\Desktop\dds.pif [2010/10/10 14:50:24 | 000,050,477 | ---- | C] () -- C:\Users\Phoenix\Desktop\Defogger.exe [2010/10/10 14:35:18 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/10 13:23:12 | 000,989,184 | ---- | C] () -- C:\Users\Phoenix\AppData\Local\2287138.exe [2010/10/05 15:23:27 | 000,014,986 | ---- | C] () -- C:\Users\Phoenix\Documents\JFK......docx [2010/09/29 19:59:34 | 000,012,673 | ---- | C] () -- C:\Users\Phoenix\Documents\Document Revision.docx [2010/09/24 15:15:43 | 000,019,728 | ---- | C] () -- C:\Users\Phoenix\Documents\locust corner field rules.pdf [2010/09/22 14:54:50 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPhoenix.job [2010/09/21 17:09:39 | 000,010,951 | ---- | C] () -- C:\Users\Phoenix\Documents\PLC REV 1.docx [2010/09/17 20:41:31 | 000,083,208 | ---- | C] () -- C:\Users\Phoenix\Documents\Land of Illusion.pdf [2010/09/14 16:50:38 | 000,011,242 | ---- | C] () -- C:\Users\Phoenix\Documents\Scorpion reply.docx [2010/09/13 16:06:19 | 000,010,670 | ---- | C] () -- C:\Users\Phoenix\Documents\OPEN 23 BLACKSIDE.docx [2010/09/12 19:40:49 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/09/12 12:56:08 | 000,098,267 | ---- | C] () -- C:\Users\Phoenix\Documents\Troop 710 Roster.pdf [2010/08/22 20:31:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/08/19 09:24:24 | 000,000,092 | ---- | C] () -- C:\Users\Phoenix\AppData\Roaming\wklnhst.dat [2010/05/11 17:16:47 | 000,003,584 | ---- | C] () -- C:\Users\Phoenix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/26 22:04:43 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010/04/04 11:38:48 | 000,288,595 | ---- | C] () -- C:\Users\Phoenix\AppData\Local\tmp2009320125339149.JPG [2010/03/08 11:18:20 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/02/01 18:47:45 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2010/01/07 11:23:20 | 000,000,366 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009/12/22 15:40:09 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2009/12/22 15:33:31 | 000,000,000 | ---- | C] () -- C:\Users\Phoenix\AppData\Local\QSwitch.txt [2009/12/22 15:33:31 | 000,000,000 | ---- | C] () -- C:\Users\Phoenix\AppData\Local\DSwitch.txt [2009/12/22 15:33:31 | 000,000,000 | ---- | C] () -- C:\Users\Phoenix\AppData\Local\AtStart.txt [2009/12/22 15:33:29 | 000,000,464 | ---- | C] () -- C:\ProgramData\HPWALog.txt [2009/10/25 22:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009/08/25 04:59:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2009/08/25 04:59:21 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2009/08/25 04:59:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2009/08/25 04:58:47 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2009/08/25 04:58:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2009/08/09 04:42:48 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2009/08/09 04:38:18 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2009/08/09 04:36:08 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2009/08/09 04:35:20 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000011.DLL < End of report > OTL Extras logfile created on: 10/11/2010 6:55:37 AM - Run 1 OTL by OldTimer - Version 3.2.15.0 Folder = C:\Users\Phoenix\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.13 Gb Total Space | 190.73 Gb Free Space | 66.89% Space Free | Partition Type: NTFS Drive D: | 12.76 Gb Total Space | 2.13 Gb Free Space | 16.70% Space Free | Partition Type: NTFS Computer Name: PHOENIX-PC | User Name: Phoenix | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit) "{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel
  10. pdukey
    Hello security tool reappears after mbam removes and after restart. Requested software will not run in reg mode. Requested software was ran in safe mode. Defogger <disabled> Mbam log below (inlcudes earlier one that ran before security tool conflicts) PC was not restarted after latest scan/removal DDS log below and zip attached GMER gave error "c:windows\system32\config\sysem" cannot locate specifed file. Report had nothing in log file so it os not attached. Tried to run from zip drive with ame result. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4791 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 10/10/2010 5:45:07 PM mbam-log-2010-10-10 (17-45-07).txt Scan type: Quick scan Objects scanned: 148158 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4791 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10/10/2010 2:41:56 PM EARLIER SCAN mbam-log-2010-10-10 (14-41-56).txt Scan type: Quick scan Objects scanned: 149922 Time elapsed: 4 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. DDS (Ver_10-10-10.03) - NTFS_AMD64 MINIMAL Run by Phoenix at 17:48:01.88 on Sun 10/10/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.3433 [GMT -4:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Users\Phoenix\Desktop\dds.pif C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://airsoftohio.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler uRunOnce: [2287138] "C:\Users\Phoenix\AppData\Local\2287138.exe" 0 33 mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE uPolicies-system: WallpaperStyle = 2 mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) dPolicies-system: WallpaperStyle = 2 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background mRun-x64: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe AppInit_DLLs-X64: avgrssta.dll ============= SERVICES / DRIVERS =============== R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-24 52856] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-2-3 402992] R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656] S1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-5-2 269904] S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-5-2 35536] S1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-5-2 317520] S1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-2-3 334384] S1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-2-3 583296] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys [2010-2-19 466992] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [2010-7-21 89600] S2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-7-15 921952] S2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520] S2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640] S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-9 228408] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-1-7 139264] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-25 216576] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-25 233472] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008000.029\symndisv.sys [2010-2-3 56880] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] =============== Created Last 30 ================ 2010-10-10 18:35:15 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2010-10-10 17:23:12 989184 ----a-w- C:\Users\Phoenix\AppData\Local\2287138.exe 2010-09-29 13:06:47 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys 2010-09-29 13:06:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys 2010-09-28 18:16:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2010-09-28 18:16:39 2048 ----a-w- C:\Windows\System32\tzres.dll 2010-09-28 18:13:55 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2010-09-28 18:13:55 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll 2010-09-16 02:31:03 -------- d-----w- C:\271a6406e41b9b40e64f403ec0317b2c 2010-09-15 19:51:28 558592 ----a-w- C:\Windows\System32\spoolsv.exe 2010-09-13 02:36:51 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2010-09-13 02:35:56 -------- d-----w- C:\Program Files (x86)\Microsoft 2010-09-13 02:13:00 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\304d4dbc1cb52e9\DSETUP.dll 2010-09-13 02:13:00 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\304d4dbc1cb52e9\DXSETUP.exe 2010-09-13 02:13:00 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\304d4dbc1cb52e9\dsetup32.dll 2010-09-12 23:40:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll 2010-09-12 23:40:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll 2010-09-12 23:40:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll 2010-09-12 23:40:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll 2010-09-12 23:40:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll 2010-09-12 23:40:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll 2010-09-12 23:40:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll ==================== Find3M ==================== 2010-08-10 09:15:58 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2010-08-10 09:15:58 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll 2010-07-22 01:46:59 395048 ----a-w- C:\Windows\System32\SynCOM.dll 2010-07-22 01:46:59 261928 ----a-w- C:\Windows\System32\SynCtrl.dll 2010-07-22 01:46:59 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll 2010-07-22 01:46:59 204584 ----a-w- C:\Windows\System32\SynTPAPI.dll 2010-07-22 01:46:59 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll 2010-07-22 01:46:59 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll 2010-07-22 01:46:59 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll 2010-07-22 01:46:59 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll 2010-07-22 01:45:27 604672 ------w- C:\Windows\System32\stapi64.dll 2010-07-22 01:45:27 456192 ----a-w- C:\Windows\sttray64.exe 2010-07-22 01:45:27 431616 ----a-w- C:\Windows\System32\stcplx64.dll 2010-07-22 01:45:27 3738112 ----a-w- C:\Windows\System32\stlang64.dll 2010-07-22 01:45:27 209920 ----a-w- C:\Windows\System32\staco64.dll 2010-07-22 01:45:27 1431552 ----a-w- C:\Windows\System32\stapo64.dll 2010-07-22 01:45:26 90624 ----a-w- C:\Windows\System32\AESTCo64.dll 2010-07-22 01:45:26 68608 ----a-w- C:\Windows\System32\AESTAR64.dll 2010-07-22 01:45:26 564224 ----a-w- C:\Windows\System32\idt64mp1.exe 2010-07-22 01:45:26 444928 ----a-w- C:\Windows\System32\AESTEC64.dll 2010-07-22 01:45:26 162304 ----a-w- C:\Windows\System32\AESTAC64.dll 2010-07-22 01:45:26 12350464 ----a-w- C:\Windows\System32\idtcpl64.cpl 2010-07-17 09:00:04 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2010-07-16 17:51:00 14904 ----a-w- C:\Windows\help\OEM\Scripts\LaunchHPForums.exe 2010-07-15 14:50:00 13048 ----a-w- C:\Windows\System32\avgrssta.dll ============= FINISH: 17:49:01.65 =============== Attach.zip
  11. pdukey
    hello i downloaded malwarebytes and it uploaded, updated and launched and ran. it found security tool, followed directions to remove, and restarted. security tool is back on restart. mbam will not run nor will defogger, dds, or gmer. thanks
  12. pdukey
    oops I will repost in appropriate forum. thanks
  13. pdukey
    hello i downloaded malwarebytes and it uploaded, updated and launched and ran. it found security tool, followed directions to remove, and restarted. security tool is back on restart. mbam will not run nor will defogger, dds, or gmer. thanks
  14. pdukey
    Am I clean ? I have experienced no other issues so far.
  15. pdukey
    screen shot attached of AVG threat while visiting website. not sure if this helps. I did update MBAM and run quick scan with nothing found.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.