Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Atl32.dll Just won't Die


  • This topic is locked This topic is locked
7 replies to this topic

#1 J Coyle

J Coyle

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 11 November 2010 - 07:50 AM

I did a stupid thing (downloaded a file I shouldn't have) on my Vista 64 bit machine and I have been paying for it for a couple of weeks now. I have been running Malwarebytes which identifies and neutralizes most of the files/registry entries, but it always concludes that I need to reboot to eliminate a couple of the files. Unfortunately when I reboot, the whole process starts all over again. It has slowed down my machine and caused me to get incessant messages about atl32.dll being unable to run.

My DDS Log
DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by HP_Administrator at 20:02:22.74 on Thu 11/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4092.2165 [GMT 8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\programdata\atl32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\KBDCAN32.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\mscorier32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\FlashGet\flashget.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\HP_Administrator\Desktop\dds.scr
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed1.dll
uURLSearchHooks: H - No File
mURLSearchHooks: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed1.dll
BHO: {017122c9-028f-4f03-9231-ead74c6d3938} - C:\Windows\SysWow64\atl32.dll
BHO: {0219a4e0-a7f3-4e61-ab24-03fbe79989bc} - C:\Windows\SysWow64\atl32.dll
BHO: {03a3519e-b668-4b6a-ab3e-cb72a928a1d2} - C:\Windows\SysWow64\atl32.dll
BHO: {04787ae3-194b-4da2-a105-3a1b3a255865} - C:\Windows\SysWow64\atl32.dll
{05680098-3305-4cbe-b384-ef1a4e58b94a}
{05d19b7f-bfe8-4ce7-890b-2198270687e8}
BHO: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed1.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
TB: MediaStar2 Toolbar: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "C:\Users\HP_Administrator\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\HP_Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [DC6B.tmp] C:\Windows\TEMP\DC6B.tmp
mRun: [uxthemewow.exe] c:\windows\uxthemewow.exe
mRun: [C5AF.tmp] C:\Windows\TEMP\C5AF.tmp
mRun: [8C38.tmp] C:\Windows\TEMP\8C38.tmp
mRun: [BB06.tmp] C:\Windows\TEMP\BB06.tmp
mRun: [7F6D.tmp] C:\Windows\TEMP\7F6D.tmp
mRun: [BD4E.tmp] C:\Windows\TEMP\BD4E.tmp
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
dRun: [RTHDBPL] C:\Windows\TEMP\A321.tmp
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://208.210.222.66/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\ProgramData\atl32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {067F6FB8-19BA-4AB6-B7BB-2D6270691A20} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

============= SERVICES / DRIVERS ===============

R0 PsBoot;Panda boot driver;C:\Windows\System32\drivers\PsBoot.sys [2010-11-11 28744]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-7-9 54480]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2010-5-4 149512]
R2 Adobe Version Cue CS432;Adobe Version Cue CS4 ;C:\ProgramData\atl32.exe [2010-11-3 1354752]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-4-30 136448]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2010-5-27 158280]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2010-4-30 114696]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2010-4-30 121864]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2010-5-12 126024]
R2 TBS32;TPM Base Services ;c:\windows\system32\mscorier32.exe --> c:\windows\system32\mscorier32.exe [?]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-18 497856]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-29 24664]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2008-7-22 60416]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-10-29 304464]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro35.sys [2010-11-3 19528]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-7-8 628840]
S3 StumbleUponUpdateService;StumbleUponUpdateService;C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2010-3-26 120232]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-20 89920]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-11 11:47:42 28744 ----a-w- C:\Windows\System32\drivers\PsBoot.sys
2010-11-10 11:23:44 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 11:23:44 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-11-09 13:20:04 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{5447A99A-073D-4E9B-8318-594B875C252E}\mpengine.dll
2010-11-09 13:15:43 -------- d-----w- C:\Program Files (x86)\2k Games
2010-11-07 02:43:26 -------- d-----w- C:\Program Files (x86)\Firaxis Games
2010-11-07 00:16:30 -------- d-----w- C:\Program Files (x86)\Sid Meier's Railroads!
2010-11-03 12:00:38 1354752 ----a-w- C:\PROGRA~3\KBDCAN32.exe
2010-11-03 12:00:38 1354752 ----a-w- C:\PROGRA~3\atl32.exe
2010-11-03 11:06:27 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-11-03 11:06:05 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-11-02 05:22:04 -------- d-sh--w- C:\PROGRA~3\EA37BDE19B5ED3CD4819D322EEA2FDE4
2010-10-30 22:19:01 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2010-10-29 22:30:21 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-10-29 22:28:08 -------- d-----w- C:\PROGRA~3\PC Tools
2010-10-29 10:30:25 -------- d-----w- C:\Users\HP_ADM~1\AppData\Roaming\Malwarebytes
2010-10-29 10:29:37 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-29 10:29:35 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-29 10:29:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-29 10:29:35 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-29 08:40:01 -------- d-sh--w- C:\PROGRA~3\SysWoW32
2010-10-29 08:39:47 203776 --sh--w- C:\PROGRA~3\unrar.exe
2010-10-27 14:24:30 1354752 ----a-w- C:\Windows\SysWow64\mscorier32.exe
2010-10-27 12:03:05 -------- d-----w- C:\Users\HP_ADM~1\AppData\Local\Ahead
2010-10-27 11:50:04 -------- d-----w- C:\Program Files (x86)\Nero
2010-10-27 07:50:42 1927680 ----a-w- C:\Windows\System32\gameux.dll
2010-10-27 07:50:42 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2010-10-27 07:50:41 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-27 07:50:41 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-10-27 07:50:41 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-27 07:50:41 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-26 14:23:11 -------- d-----w- C:\Program Files (x86)\ZAR
2010-10-26 14:00:25 -------- d-----w- C:\PROGRA~3\Cached Installations
2010-10-13 00:28:05 408064 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-13 00:28:05 1915904 ----a-w- C:\Windows\System32\ole32.dll
2010-10-13 00:28:04 339968 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-13 00:28:04 1316864 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-13 00:28:02 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-13 00:28:02 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-13 00:28:00 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-13 00:28:00 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-13 00:26:57 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-10-13 00:26:57 274944 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-13 00:26:56 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-13 00:26:56 1090048 ----a-w- C:\Windows\System32\wmpmde.dll

==================== Find3M ====================

2010-10-19 03:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-14 20:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-08 03:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 03:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe
2010-04-03 06:43:04 233472 ----a-w- C:\Program Files\GoodReaderUSB.exe

============= FINISH: 20:04:13.79 ===============


I also ran GMER but it didn't let me check anything other than Services, Registrym, Files and ADS. The other options were greyed out. Nothing was returned from the scan.

Any help would be appreciated.

Thanks,
Jeff

BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:53 AM

Posted 19 November 2010 - 12:15 PM

Hi J Coyle, and welcome to Bleeping Computer.

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

If MBAM doesn't reboot your machine, do it manually...

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    dir c:\ /c
    dir /a:h c:\ /c
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 J Coyle

J Coyle
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 27 November 2010 - 08:32 PM

Thanks for your reply!
I did as you suggested, and I think there must have have been a recent patch to MBAM to eradicate the problem. Here is the log from MBAM with the newest patch:
07:30:14 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:14 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:14 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:14 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:14 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:14 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:30:19 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:34:09 HP_Administrator IP-BLOCK 109.235.49.221
07:38:34 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:39:00 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
07:39:00 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:41:17 HP_Administrator IP-BLOCK 109.235.49.221
07:42:01 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
07:50:12 HP_Administrator MESSAGE Protection started successfully
07:50:16 HP_Administrator MESSAGE IP Protection started successfully
07:52:32 HP_Administrator IP-BLOCK 77.245.58.100
07:55:38 HP_Administrator IP-BLOCK 109.235.49.221
07:55:38 HP_Administrator IP-BLOCK 109.235.49.221
07:55:38 HP_Administrator IP-BLOCK 109.235.49.221
07:58:52 HP_Administrator IP-BLOCK 95.168.183.162
08:02:38 HP_Administrator IP-BLOCK 109.235.49.221
08:02:46 HP_Administrator IP-BLOCK 109.235.49.221
08:02:46 HP_Administrator IP-BLOCK 109.235.49.221
08:06:24 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur QUARANTINE
08:06:25 HP_Administrator ERROR Quarantine failed: DeleteFile failed with error code 5
08:06:26 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:06:28 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:06:28 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:06:28 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:06:29 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:06:32 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:06:35 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:09:10 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:09:10 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:09:44 HP_Administrator IP-BLOCK 109.235.49.221
08:09:52 HP_Administrator IP-BLOCK 109.235.49.221
08:10:12 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:10:39 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:11:37 HP_Administrator IP-BLOCK 95.168.183.162
08:16:51 HP_Administrator IP-BLOCK 109.235.49.221
08:16:51 HP_Administrator IP-BLOCK 109.235.49.221
08:16:51 HP_Administrator IP-BLOCK 109.235.49.221
08:18:37 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:20:00 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:20:01 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:21:42 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:22:20 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:22:25 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:22:39 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:22:41 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:23:42 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:23:42 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:23:57 HP_Administrator IP-BLOCK 109.235.49.221
08:23:57 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:24:32 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:24:42 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:24:52 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:25:02 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:25:10 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:25:22 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:25:31 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:25:40 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:25:50 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:26:40 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:26:42 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:26:43 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:26:43 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:26:44 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:26:44 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:26:45 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:26:49 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:26:50 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:26:50 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:27:25 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:28:00 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:28:36 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:29:11 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:29:11 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:29:46 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:30:21 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:30:56 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:31:03 HP_Administrator IP-BLOCK 109.235.49.221
08:31:03 HP_Administrator IP-BLOCK 109.235.49.221
08:31:03 HP_Administrator IP-BLOCK 109.235.49.221
08:31:31 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:31:32 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:32:07 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:32:42 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:33:17 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:33:26 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:33:52 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:33:52 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:34:27 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:35:02 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:35:38 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:36:13 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:36:13 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:36:48 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:37:23 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:37:58 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:38:07 HP_Administrator IP-BLOCK 109.235.49.221
08:38:16 HP_Administrator IP-BLOCK 109.235.49.221
08:38:34 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:38:34 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:39:00 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:39:00 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:39:09 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:39:44 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:40:19 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:40:54 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:40:54 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:41:30 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:42:05 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:42:40 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:43:15 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:43:15 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:43:50 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:44:25 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:45:00 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:45:12 HP_Administrator IP-BLOCK 109.235.49.221
08:45:12 HP_Administrator IP-BLOCK 109.235.49.221
08:45:20 HP_Administrator IP-BLOCK 109.235.49.221
08:45:36 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:45:36 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:46:11 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:46:46 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:46:52 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:47:00 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur DENY
08:47:01 HP_Administrator DETECTION C:\PROGRAMDATA\ATL32.DLL Trojan.Tracur DENY
08:47:02 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:47:21 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur DENY
08:47:33 HP_Administrator MESSAGE IP Protection stopped
08:47:38 HP_Administrator MESSAGE Database updated successfully
08:47:39 HP_Administrator MESSAGE IP Protection started successfully
08:48:00 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur.S QUARANTINE
08:48:01 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:48:01 HP_Administrator ERROR Quarantine failed: DeleteFile failed with error code 5
08:48:10 HP_Administrator IP-BLOCK 89.187.53.210
08:48:10 HP_Administrator IP-BLOCK 89.187.53.210
08:48:10 HP_Administrator IP-BLOCK 89.187.53.210
08:48:10 HP_Administrator IP-BLOCK 89.187.53.210
08:48:33 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:48:34 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:48:36 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:48:38 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur.S DENY
08:48:38 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:48:51 HP_Administrator IP-BLOCK 109.235.49.220
08:48:51 HP_Administrator IP-BLOCK 77.78.240.82
08:49:12 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:49:47 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:50:15 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur.S DENY
08:50:21 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur.S DENY
08:50:22 HP_Administrator DETECTION C:\PROGRAMDATA\ATL32.DLL Trojan.Tracur.S DENY
08:50:22 HP_Administrator DETECTION C:\PROGRAMDATA\ATL32.DLL Trojan.Tracur.S DENY
08:50:22 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:50:23 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:50:57 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:51:33 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:52:08 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:52:19 HP_Administrator IP-BLOCK 109.235.49.221
08:52:28 HP_Administrator IP-BLOCK 109.235.49.221
08:52:43 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur.S DENY
08:52:43 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:53:18 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:53:53 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:54:29 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:55:04 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur.S DENY
08:55:04 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:55:39 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:56:14 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:56:28 HP_Administrator DETECTION C:\PROGRAMDATA\atl32.dll Trojan.Tracur.S DENY
08:56:28 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:56:28 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:56:28 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:56:28 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:56:29 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:56:29 HP_Administrator DETECTION C:\ProgramData\atl32.dll Trojan.Tracur.S DENY
08:56:33 HP_Administrator DETECTION C:\PROGRAMDATA\ATL32.DLL Trojan.Tracur.S DENY
08:57:16 (null) DETECTION C:\PROGRAMDATA\ATL32.DLL Trojan.Tracur.S DENY
09:00:48 HP_Administrator MESSAGE Protection started successfully
09:00:52 HP_Administrator MESSAGE IP Protection started successfully

When I rebooted I ran OTL. It gave me this log, but not the extras:
OTL logfile created on: 11/28/2010 9:03:03 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\HP_Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 39.97 Gb Free Space | 8.58% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 0.64 Gb Free Space | 0.28% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 145.58 Gb Free Space | 31.26% Space Free | Partition Type: NTFS

Computer Name: PACKER3 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe (Visicom Media Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (StumbleUponUpdateService) -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PsBoot) -- C:\Windows\SysNative\Drivers\PsBoot.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (InCDRm) -- C:\Windows\SysNative\drivers\InCDRm.sys File not found
DRV:64bit: - (InCDPass) -- C:\Windows\SysNative\drivers\InCDPass.sys File not found
DRV:64bit: - (InCDFs) -- C:\Windows\SysNative\drivers\InCDFs.sys File not found
DRV:64bit: - (hitmanpro35) -- C:\Windows\SysNative\drivers\hitmanpro35.sys ()
DRV:64bit: - (mozyFilter) -- C:\Windows\SysNative\DRIVERS\mozy.sys (Mozy, Inc.)
DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\DRIVERS\PSINProt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\DRIVERS\PSINFile.sys (Panda Security, S.L.)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\DRIVERS\psinknc.sys (Panda Security, S.L.)
DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\DRIVERS\PSINAflt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\DRIVERS\PSINProc.sys (Panda Security, S.L.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://ph.msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 F3 C3 83 C5 80 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B9 4D 56 00 DB DA D5 43 8E A2 11 80 A9 A7 24 AC [binary data]
IE - HKCU\..\URLSearchHook: {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\widgetruntime@surfsecret.com: C:\Program Files (x86)\Panda Security\Panda ID Protect\Firefox [2010/06/25 21:28:56 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/19 05:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {00564DB9-DADB-43D5-8EA2-1180A9A724Ac} - C:\Windows\SysWow64\atl32.dll File not found
O2 - BHO: (no name) - {006B05D6-37EA-48BD-BB00-DB1F4A6CE0D8} - C:\Windows\SysWow64\atl32.dll File not found
O2 - BHO: (no name) - {00CC5833-DFC8-40BD-81C3-19069FDB1943} - C:\Windows\SysWow64\atl32.dll File not found
O2 - BHO: (no name) - {017122C9-028F-4F03-9231-EAD74C6D3938} - C:\Windows\SysWow64\atl32.dll File not found
O2 - BHO: (no name) - {0219A4E0-A7F3-4E61-AB24-03FBE79989Bc} - C:\Windows\SysWow64\atl32.dll File not found
O2 - BHO: (no name) - {03A3519E-B668-4B6A-AB3E-CB72A928A1D2} - C:\Windows\SysWow64\atl32.dll File not found
O2 - BHO: (no name) - {04787AE3-194B-4DA2-A105-3A1B3A255865} - C:\Windows\SysWow64\atl32.dll File not found
O2 - BHO: (no name) - {05680098-3305-4CBE-B384-EF1A4E58B94a} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {05D19B7F-BFE8-4CE7-890B-2198270687E8} - Reg Error: Value error. File not found
O2 - BHO: (MediaStar2 Toolbar) - {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed1.dll (Conduit Ltd.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaStar2 Toolbar) - {067f6fb8-19ba-4ab6-b7bb-2d6270691a20} - C:\Program Files (x86)\MediaStar2\tbMed1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (MediaStar2 Toolbar) - {067F6FB8-19BA-4AB6-B7BB-2D6270691A20} - C:\Program Files (x86)\MediaStar2\tbMed1.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [392A.tmp] C:\Windows\TEMP\392A.tmp File not found
O4 - HKLM..\Run: [7F6D.tmp] C:\Windows\TEMP\7F6D.tmp File not found
O4 - HKLM..\Run: [8C38.tmp] C:\Windows\TEMP\8C38.tmp File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BB06.tmp] C:\Windows\TEMP\BB06.tmp File not found
O4 - HKLM..\Run: [BD4E.tmp] C:\Windows\TEMP\BD4E.tmp File not found
O4 - HKLM..\Run: [C5AF.tmp] C:\Windows\TEMP\C5AF.tmp File not found
O4 - HKLM..\Run: [DC6B.tmp] C:\Windows\TEMP\DC6B.tmp File not found
O4 - HKLM..\Run: [E300.tmp] C:\Windows\TEMP\E300.tmp File not found
O4 - HKLM..\Run: [E86B.tmp] C:\Windows\TEMP\E86B.tmp File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Panda Security Toolbar Antiphishing] C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [cdloader] C:\Users\HP_Administrator\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://208.210.222.66/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 114.108.192.32 114.108.192.30
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\temp\IMG_4994 edit.jpg
O24 - Desktop BackupWallPaper: C:\temp\IMG_4994 edit.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/16 13:00:22 | 000,000,063 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2010/11/26 12:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/26 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/26 12:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/26 09:21:51 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/11/26 09:17:11 | 000,000,000 | ---D | C] -- C:\Users\HP_Administrator\AppData\Local\panda2_0dn
[2010/11/26 09:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security Toolbar Antiphishing
[2010/11/12 22:27:24 | 000,066,552 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys
[2010/11/09 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2k Games
[2010/11/07 10:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2010/11/07 08:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Railroads!
[2010/11/05 21:31:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\HP_Administrator\Desktop\OTL.exe
[2010/11/03 19:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/11/02 13:22:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\EA37BDE19B5ED3CD4819D322EEA2FDE4
[2010/10/30 06:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/10/30 06:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/10/29 18:30:25 | 000,000,000 | ---D | C] -- C:\Users\HP_Administrator\AppData\Roaming\Malwarebytes
[2010/10/29 18:29:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/29 18:29:35 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/29 18:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/29 18:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/29 16:40:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/10/27 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\HP_Administrator\AppData\Local\Ahead
[2010/10/27 19:52:40 | 000,000,000 | ---D | C] -- C:\Users\HP_Administrator\AppData\Roaming\Ahead
[2010/10/27 19:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/10/27 19:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2010/10/27 15:50:42 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/27 15:50:42 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/27 15:50:41 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/27 15:50:41 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/27 15:50:41 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/27 15:50:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/26 22:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZAR
[2010/10/26 22:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
[2010/10/25 21:18:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/25 21:18:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/25 21:18:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/13 08:28:05 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/13 08:28:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/13 08:28:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/13 08:28:00 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/13 08:28:00 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/13 08:27:57 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/13 08:27:56 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/13 08:27:56 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/13 08:27:47 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/13 08:27:47 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/13 08:27:47 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/13 08:27:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/13 08:27:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/13 08:27:47 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/13 08:27:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/13 08:27:46 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/13 08:27:46 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/13 08:27:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/13 08:27:45 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/13 08:27:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/13 08:27:45 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/13 08:27:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/13 08:27:45 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/13 08:27:44 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/13 08:27:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/13 08:27:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/13 08:27:44 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/13 08:27:44 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/13 08:27:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/13 08:27:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/13 08:27:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/13 08:27:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/13 08:27:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/13 08:27:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/13 08:27:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/13 08:27:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/13 08:27:30 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/13 08:27:28 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/13 08:27:22 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/13 08:27:21 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/13 08:27:02 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/13 08:27:02 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/13 08:27:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/13 08:27:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/13 08:26:56 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/13 08:26:56 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/03 09:59:03 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/10/03 09:59:03 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/10/01 22:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/01 22:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

========== Files - Modified Within 60 Days ==========

[2010/11/28 09:06:20 | 000,005,080 | ---- | M] () -- C:\Windows\mozy.flt
[2010/11/28 09:06:20 | 000,004,798 | ---- | M] () -- C:\Windows\mozy.blk
[2010/11/28 08:58:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/28 08:58:19 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 08:58:19 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/28 08:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/28 08:39:01 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-357848200-734892409-2541734777-1002UA.job
[2010/11/28 08:20:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/28 07:48:26 | 000,001,185 | ---- | M] () -- C:\ProgramData\1925793530
[2010/11/28 07:48:09 | 000,000,090 | ---- | M] () -- C:\Windows\SysWow64\2015177457
[2010/11/28 07:48:08 | 000,000,614 | -HS- | M] () -- C:\ProgramData\1390636502
[2010/11/28 07:47:41 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/11/28 07:42:01 | 000,001,060 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2010/11/28 07:30:32 | 000,005,610 | ---- | M] () -- C:\ProgramData\GnuHashes.ini
[2010/11/28 06:49:59 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{587739B1-BC38-4789-A599-6DE8CF8F23CE}.job
[2010/11/27 22:39:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-357848200-734892409-2541734777-1002Core.job
[2010/11/27 18:00:00 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/11/26 12:39:48 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/26 09:04:44 | 000,000,276 | ---- | M] () -- C:\Windows\SysNative\PSUNCpl.dat
[2010/11/16 22:45:44 | 000,000,184 | ---- | M] () -- C:\Windows\SysWow64\mdminst32.exe.nanflmrkxtns
[2010/11/12 22:27:25 | 000,000,824 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/11/11 20:01:20 | 000,630,272 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\dds.scr
[2010/11/11 20:00:43 | 000,000,000 | ---- | M] () -- C:\Users\HP_Administrator\defogger_reenable
[2010/11/11 19:27:28 | 000,364,032 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\rkill.com
[2010/11/10 21:01:18 | 000,135,680 | ---- | M] () -- C:\Users\HP_Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/08 16:06:40 | 000,066,552 | ---- | M] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\gmer.exe
[2010/11/08 09:34:37 | 000,288,107 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\gmer.zip
[2010/11/05 21:39:45 | 000,002,059 | ---- | M] () -- C:\Users\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/05 21:39:44 | 000,002,097 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\Google Chrome.lnk
[2010/11/05 21:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\HP_Administrator\Desktop\OTL.exe
[2010/11/05 20:01:44 | 000,000,930 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\magicJack.lnk
[2010/11/04 22:11:21 | 000,000,184 | ---- | M] () -- C:\Windows\KBDBEwow.exe.nanflmrkxtns
[2010/10/31 06:19:07 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/10/30 06:31:53 | 002,371,858 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/10/29 18:29:40 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/29 16:39:47 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/10/28 20:29:47 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/27 19:54:27 | 000,002,555 | ---- | M] () -- C:\Users\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/10/27 19:54:27 | 000,002,531 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/10/27 19:54:27 | 000,002,439 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2010/10/27 19:52:27 | 000,002,623 | ---- | M] () -- C:\Windows\Irremote.ini
[2010/10/27 19:26:02 | 000,000,403 | ---- | M] () -- C:\Users\HP_Administrator\Documents\RECOVERY LOG.DRM
[2010/10/26 22:21:42 | 000,000,224 | ---- | M] () -- C:\Windows\SysWow64\9B13A86D.plf
[2010/10/26 22:09:22 | 000,002,237 | ---- | M] () -- C:\Users\HP_Administrator\Desktop\ASL HTML Rulebook v2.6.lnk
[2010/10/25 21:24:02 | 000,000,732 | ---- | M] () -- C:\Users\HP_Administrator\AppData\Local\d3d9caps64.dat
[2010/10/25 21:20:25 | 000,007,592 | ---- | M] () -- C:\Users\HP_Administrator\AppData\Local\d3d9caps.dat
[2010/10/14 18:53:44 | 005,192,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/11/26 12:39:48 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/11 20:07:38 | 000,288,107 | ---- | C] () -- C:\Users\HP_Administrator\Desktop\gmer.zip
[2010/11/11 20:01:16 | 000,630,272 | ---- | C] () -- C:\Users\HP_Administrator\Desktop\dds.scr
[2010/11/11 20:00:43 | 000,000,000 | ---- | C] () -- C:\Users\HP_Administrator\defogger_reenable
[2010/11/11 19:36:21 | 000,000,184 | ---- | C] () -- C:\Windows\SysWow64\mdminst32.exe.nanflmrkxtns
[2010/11/11 19:27:25 | 000,364,032 | ---- | C] () -- C:\Users\HP_Administrator\Desktop\rkill.com
[2010/11/08 10:32:38 | 000,296,448 | ---- | C] () -- C:\Users\HP_Administrator\Desktop\gmer.exe
[2010/11/04 22:11:21 | 000,000,184 | ---- | C] () -- C:\Windows\KBDBEwow.exe.nanflmrkxtns
[2010/11/03 19:15:07 | 000,001,060 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2010/11/03 19:06:27 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/10/31 06:19:01 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/10/30 06:31:16 | 002,371,858 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/10/30 06:30:25 | 000,371,710 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Local\dd_vcredistMSI7AAD.txt
[2010/10/30 06:30:24 | 000,010,566 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Local\dd_vcredistUI7AB0.txt
[2010/10/30 06:30:23 | 000,011,378 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Local\dd_vcredistUI7AAD.txt
[2010/10/29 18:29:40 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/29 17:45:47 | 000,005,610 | ---- | C] () -- C:\ProgramData\GnuHashes.ini
[2010/10/29 16:41:24 | 000,000,614 | -HS- | C] () -- C:\ProgramData\1390636502
[2010/10/29 16:40:03 | 000,001,185 | ---- | C] () -- C:\ProgramData\1925793530
[2010/10/29 16:39:47 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/10/27 22:24:30 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\2015177457
[2010/10/27 19:54:27 | 000,002,555 | ---- | C] () -- C:\Users\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/10/27 19:54:27 | 000,002,531 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010/10/27 19:54:27 | 000,002,439 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2010/10/27 19:52:27 | 000,002,623 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/10/27 19:26:02 | 000,000,403 | ---- | C] () -- C:\Users\HP_Administrator\Documents\RECOVERY LOG.DRM
[2010/10/26 22:21:42 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\9B13A86D.plf
[2010/10/26 22:01:28 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/10/25 21:24:02 | 000,000,732 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Local\d3d9caps64.dat
[2010/08/23 18:58:34 | 000,007,592 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Local\d3d9caps.dat
[2010/04/27 22:38:58 | 000,233,472 | ---- | C] () -- C:\Program Files\GoodReaderUSB.exe
[2010/04/03 17:42:12 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2010/03/18 21:17:31 | 018,499,623 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2010/02/14 11:23:16 | 000,135,680 | ---- | C] () -- C:\Users\HP_Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/13 12:05:45 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/02/13 12:05:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/25 15:19:17 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/24 14:16:57 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/12/20 17:20:24 | 000,020,678 | ---- | C] () -- C:\ProgramData\SlingSetup.log
[2009/12/20 12:12:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/20 12:11:40 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/20 10:52:19 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/20 10:33:13 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008/01/21 10:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 14:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/12/20 05:27:45 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/10/26 22:09:24 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2009/12/28 04:12:17 | 000,004,128 | ---- | M] () -- C:\NanoRepository.bin
[2009/12/28 04:12:17 | 000,004,128 | ---- | M] () -- C:\NanoRepository.bin.bak
[2010/11/28 08:58:05 | 310,370,303 | -HS- | M] () -- C:\pagefile.sys
[2010/11/11 23:14:27 | 000,000,397 | ---- | M] () -- C:\rkill.log
[2009/12/20 05:17:50 | 536,870,912 | -HS- | M] () -- C:\WinPEpge.sys

< %systemroot%\*. /mp /s >

< dir c:\ /c >
Volume in drive C has no label.
Volume Serial Number is 02B3-3D86
Directory of C:\
10/05/2010 09:33 PM <DIR> AdobeTemp
10/26/2010 10:09 PM 0 FileRecovery.log
12/28/2009 04:12 AM 4,128 NanoRepository.bin
12/28/2009 04:12 AM 4,128 NanoRepository.bin.bak
01/21/2008 11:04 AM <DIR> PerfLogs
11/26/2010 12:39 PM <DIR> Program Files
11/26/2010 12:39 PM <DIR> Program Files (x86)
11/11/2010 11:14 PM 397 rkill.log
09/18/2010 05:23 PM <DIR> temp
09/18/2010 10:36 PM <DIR> Users
4 File(s) 8,653 bytes
6 Dir(s) 42,945,126,400 bytes free

< dir /a:h c:\ /c >
Volume in drive C has no label.
Volume Serial Number is 02B3-3D86
Directory of C:\
05/02/2010 07:49 PM <DIR> $Recycle.Bin
12/20/2009 11:58 PM <DIR> Boot
04/11/2009 02:36 PM 333,257 bootmgr
12/28/2009 09:58 PM <DIR> CanoScan
11/02/2006 11:42 PM <JUNCTION> Documents and Settings [C:\Users]
12/25/2009 01:44 PM <DIR> MSOCache
11/28/2010 08:58 AM 4,605,337,600 pagefile.sys
11/28/2010 08:56 AM <DIR> ProgramData
11/28/2010 09:05 AM <DIR> System Volume Information
11/28/2010 09:06 AM <DIR> Windows
12/20/2009 05:17 AM 536,870,912 WinPEpge.sys
3 File(s) 5,142,541,769 bytes
8 Dir(s) 42,945,114,112 bytes free

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2009/12/28 04:12:17 | 000,000,000 | ---D | M](C:\Windows\SysWow64\?) -- C:\Windows\SysWow64\Ƥ
[2009/12/28 04:12:17 | 000,000,000 | ---D | C](C:\Windows\SysWow64\?) -- C:\Windows\SysWow64\Ƥ

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >


When I reran MBAM, I could find no problems!!

Thanks again (espcially the reminder to check for updates!)

Jeff


#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:53 AM

Posted 28 November 2010 - 10:40 AM

Hi again Jeff!!.. :)

I did as you suggested, and I think there must have have been a recent patch to MBAM to eradicate the problem.

MBAM is updated several times a day, and since you have a paid version of the program, it should update automatically... Could you confirm??..

Looking over your log, it looks like your computer uses DNS servers in Philippines - 114.108.192.32 114.108.192.3 - these IP addresses belong to SKYBROADBAND - is it your ISP, do you recognise the addresses??..

Firstly, two optional programs to remove:
- Panda Security Toolbar - it's a Visicom "Dynamic Toolbar" bundled with Panda Cloud Antivirus, see here and heree...

- Media Plus Toolbar / MediaStar2 Toolbar - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality. See here...

I suggest you remove these two programs now... If you decide, use Start -> Control Panel -> Programs and Features...

Secondly,
Please go to http://www.virustotal.com/ , click on Browse, and upload the following file for analysis:

C:\Windows\SysWow64\mdminst32.exe.nanflmrkxtns

Then click Send File. Allow the file to be uploaded and scanned. Then, please post a link to the results page for me to see.

Thirdly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {00564DB9-DADB-43D5-8EA2-1180A9A724Ac} - C:\Windows\SysWow64\atl32.dll File not found
    O2 - BHO: (no name) - {006B05D6-37EA-48BD-BB00-DB1F4A6CE0D8} - C:\Windows\SysWow64\atl32.dll File not found
    O2 - BHO: (no name) - {00CC5833-DFC8-40BD-81C3-19069FDB1943} - C:\Windows\SysWow64\atl32.dll File not found
    O2 - BHO: (no name) - {017122C9-028F-4F03-9231-EAD74C6D3938} - C:\Windows\SysWow64\atl32.dll File not found
    O2 - BHO: (no name) - {0219A4E0-A7F3-4E61-AB24-03FBE79989Bc} - C:\Windows\SysWow64\atl32.dll File not found
    O2 - BHO: (no name) - {03A3519E-B668-4B6A-AB3E-CB72A928A1D2} - C:\Windows\SysWow64\atl32.dll File not found
    O2 - BHO: (no name) - {04787AE3-194B-4DA2-A105-3A1B3A255865} - C:\Windows\SysWow64\atl32.dll File not found
    O2 - BHO: (no name) - {05680098-3305-4CBE-B384-EF1A4E58B94a} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {05D19B7F-BFE8-4CE7-890B-2198270687E8} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O4 - HKLM..\Run: [392A.tmp] C:\Windows\TEMP\392A.tmp File not found
    O4 - HKLM..\Run: [7F6D.tmp] C:\Windows\TEMP\7F6D.tmp File not found
    O4 - HKLM..\Run: [8C38.tmp] C:\Windows\TEMP\8C38.tmp File not found
    O4 - HKLM..\Run: [BB06.tmp] C:\Windows\TEMP\BB06.tmp File not found
    O4 - HKLM..\Run: [BD4E.tmp] C:\Windows\TEMP\BD4E.tmp File not found
    O4 - HKLM..\Run: [C5AF.tmp] C:\Windows\TEMP\C5AF.tmp File not found
    O4 - HKLM..\Run: [DC6B.tmp] C:\Windows\TEMP\DC6B.tmp File not found
    O4 - HKLM..\Run: [E300.tmp] C:\Windows\TEMP\E300.tmp File not found
    O4 - HKLM..\Run: [E86B.tmp] C:\Windows\TEMP\E86B.tmp File not found
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    [2010/11/02 13:22:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\EA37BDE19B5ED3CD4819D322EEA2FDE4
    [2010/10/29 16:40:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
    [2010/11/28 07:48:26 | 000,001,185 | ---- | M] () -- C:\ProgramData\1925793530
    [2010/11/28 07:48:09 | 000,000,090 | ---- | M] () -- C:\Windows\SysWow64\2015177457
    [2010/11/28 07:48:08 | 000,000,614 | -HS- | M] () -- C:\ProgramData\1390636502
    [2010/10/29 16:39:47 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Finally,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:53 AM

Posted 11 December 2010 - 06:07 PM

Still with us Jeff??..
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 J Coyle

J Coyle
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 12 December 2010 - 01:18 AM

Hi!

Still with you. I do have the paid version of MBAM, but it didn't appear to automatically update.

I removed the toolbars as you suggested.


Here are the logs you suggested:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00564DB9-DADB-43D5-8EA2-1180A9A724Ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00564DB9-DADB-43D5-8EA2-1180A9A724Ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{006B05D6-37EA-48BD-BB00-DB1F4A6CE0D8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006B05D6-37EA-48BD-BB00-DB1F4A6CE0D8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CC5833-DFC8-40BD-81C3-19069FDB1943}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00CC5833-DFC8-40BD-81C3-19069FDB1943}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{017122C9-028F-4F03-9231-EAD74C6D3938}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017122C9-028F-4F03-9231-EAD74C6D3938}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0219A4E0-A7F3-4E61-AB24-03FBE79989Bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0219A4E0-A7F3-4E61-AB24-03FBE79989Bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03A3519E-B668-4B6A-AB3E-CB72A928A1D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03A3519E-B668-4B6A-AB3E-CB72A928A1D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04787AE3-194B-4DA2-A105-3A1B3A255865}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04787AE3-194B-4DA2-A105-3A1B3A255865}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05680098-3305-4CBE-B384-EF1A4E58B94a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05680098-3305-4CBE-B384-EF1A4E58B94a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05D19B7F-BFE8-4CE7-890B-2198270687E8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05D19B7F-BFE8-4CE7-890B-2198270687E8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\392A.tmp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\7F6D.tmp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\8C38.tmp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BB06.tmp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BD4E.tmp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\C5AF.tmp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DC6B.tmp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\E300.tmp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\E86B.tmp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
C:\ProgramData\EA37BDE19B5ED3CD4819D322EEA2FDE4\h\2 folder moved successfully.
C:\ProgramData\EA37BDE19B5ED3CD4819D322EEA2FDE4\h\1\files folder moved successfully.
C:\ProgramData\EA37BDE19B5ED3CD4819D322EEA2FDE4\h\1 folder moved successfully.
C:\ProgramData\EA37BDE19B5ED3CD4819D322EEA2FDE4\h folder moved successfully.
C:\ProgramData\EA37BDE19B5ED3CD4819D322EEA2FDE4\b folder moved successfully.
C:\ProgramData\EA37BDE19B5ED3CD4819D322EEA2FDE4 folder moved successfully.
C:\ProgramData\SysWoW32 folder moved successfully.
C:\ProgramData\1925793530 moved successfully.
C:\Windows\SysWOW64\2015177457 moved successfully.
C:\ProgramData\1390636502 moved successfully.
C:\ProgramData\unrar.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 222168172 bytes
->Temporary Internet Files folder emptied: 128828004 bytes
->Java cache emptied: 29930045 bytes
->Google Chrome cache emptied: 378580997 bytes
->Flash cache emptied: 47543 bytes

User: Jeff
->Temp folder emptied: 4287847 bytes
->Temporary Internet Files folder emptied: 37279047 bytes
->Java cache emptied: 18693871 bytes
->Flash cache emptied: 2628 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36047919 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 816.00 mb

Error: Unable to interpret <[EMPTYFLASH> in the current context!

OTL by OldTimer - Version 3.2.17.3 log created on 11292010_070207

Files\Folders moved on Reboot...
File move failed. C:\Users\HP_Administrator\AppData\Local\Temp\Temp1_Civilization 4 IV + ALL expansions [PC GAMES - Multi 5] crack keygen.zip\keymaker.exe.nanflmrkxtns scheduled to be moved on reboot.
File move failed. C:\Users\HP_Administrator\AppData\Local\Temp\Temp1_Civilization 4 IV + ALL expansions [PC GAMES - Multi 5] crack keygen.zip\Setup.exe.nanflmrkxtns scheduled to be moved on reboot.

Registry entries deleted on Reboot...


and the ESET log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=bb60619cdaed7a4191384c9ed2eb2333
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-12 06:05:05
# local_time=2010-12-12 02:05:05 (+0800, China Standard Time)
# country="United States"
# lang=9
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1538 16774142 20 3 555608 119860168 0 0
# compatibility_mode=5892 16776573 100 56 136467 129644586 0 0
# compatibility_mode=8192 67108863 100 0 1136376 1136376 0 0
# scanned=382294
# found=11
# cleaned=11
# scan_time=9624
C:\Windows\System32\atl32.dll a variant of Win32/Kryptik.IUH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11292010_070207\C_ProgramData\EA37BDE19B5ED3CD4819D322EEA2FDE4\b\bint1 a variant of Win32/Kryptik.IUH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11292010_070207\C_ProgramData\SysWoW32\@u1491691484v1 a variant of Win32/Kryptik.IUH trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11292010_070207\C_ProgramData\SysWoW32\@u1491691484v2 a variant of Win32/Kryptik.IUH trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11292010_070207\C_ProgramData\SysWoW32\@u1491691484v3 a variant of Win32/Kryptik.IUH trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11292010_070207\C_ProgramData\SysWoW32\wu1491691484v1 a variant of Win32/Kryptik.IUH trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11292010_070207\C_ProgramData\SysWoW32\wu1491691484v2 a variant of Win32/Kryptik.IUH trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11292010_070207\C_ProgramData\SysWoW32\wu1491691484v3 a variant of Win32/Kryptik.IUH trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11292010_070207\C_ProgramData\SysWoW32\_u1491691484v1 a variant of Win32/Kryptik.IUH trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11292010_070207\C_ProgramData\SysWoW32\_u1491691484v2 a variant of Win32/Kryptik.IUH trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11292010_070207\C_ProgramData\SysWoW32\_u1491691484v3 a variant of Win32/Kryptik.IUH trojan (deleted - quarantined) 00000000000000000000000000000000 C

Things have been working smoothly the last couple of weeks.

Thanks!

#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:53 AM

Posted 12 December 2010 - 07:53 AM

Hi again J Coyle!!.. :)

I do have the paid version of MBAM, but it didn't appear to automatically update.

That would be possible if an active infection blocks the updates... (or it was just a glitch of some sort)
And now, does it automatically update or still not??..

Things have been working smoothly the last couple of weeks.

Good to hear that!.. However, I'd like you to run the scans below - to make sure everything works as it should and that no malware is hiding...

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Please run a fresh scan with OTL - open OTL.exe, click Run Scan - wait for the scan to be finished, post the contents of the OTL.txt logfile generated...

Thirdly,
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:01:53 AM

Posted 26 December 2010 - 10:24 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users