Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Thinkpoint Post-removal Problems/checkup


  • This topic is locked This topic is locked
17 replies to this topic

#1 SpiderGat

SpiderGat

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 01 December 2010 - 11:14 PM

Hello,

Before we even begin thank you for your service to the community. I use Bleeping computer and recommend it to all of my friends and co-workers. We all appreciate what you do and don't know what we would do without you.

With that being said. This is my girlfriends LapTop. She was recently infected with Microsoft Thinkpoint Rogue Anti-Spyware. I had to stop the "hotfix.exe" process and then start explorer manually. I then ran MalwareBytes but halfway through it's scan the computer restarted itself. Then AVG tried to fix the problem, but was unsuccessful and wound up being uninstalled. I ran MalwareBytes again and it said it removed it finally. I then tried to reinstall AVG 2011 but halfway through installation it said there was an error and then the program stopped and turned off. I currently have only Windows Firewall protecting me and Zero malware detection. Below is the DDS as per the instructions.

Sincere thanks,
George


DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Dorky Doll at 19:16:21.50 on Wed 12/01/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2260 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Ati2evxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dorky Doll\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -k
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PCSuiteTrayApplication] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MPlayerForWindows_UpdateReminder] "C:\Program Files (x86)\MPlayer for Windows\AutoUpdate.exe" /L=1033 /TASK
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
dRun: [Nokia.PCSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
StartupFolder: C:\Users\DORKYD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\DORKYD~1\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4aebb513&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\kSolo\npAVX.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dorky Doll\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Dorky Doll\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Move Media Player: moveplayer@movenetworks.com - C:\Users\Dorky Doll\AppData\Roaming\Move Networks
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\DORKYD~1\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: RadioBar Toolbar: radiobar@toolbar - C:\Users\DORKYD~1\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\radiobar@toolbar
FF - Extension: Ask Toolbar: toolbar@ask.com - C:\Users\DORKYD~1\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\toolbar@ask.com
FF - Extension: Aviary: {d5eeb813-935a-435d-b01e-b3a02f2cb408} - C:\Users\DORKYD~1\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-8-8 225296]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-11-28 233488]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-11-28 112592]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-8-8 839200]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 27648]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-5-26 62208]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-11-28 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-11-28 1142224]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-8-8 292864]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2008-9-3 390656]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-8-8 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-10-6 35840]
S3 cpuz134;cpuz134;C:\Users\DORKYD~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [2010-11-28 21480]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nmwcdcjx64;Nokia USB Port;C:\Windows\System32\drivers\nmwcdcjx64.sys [2007-2-22 17408]
S3 nmwcdcmx64;Nokia USB Modem;C:\Windows\System32\drivers\nmwcdcmx64.sys [2007-2-22 17408]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\nmwcdcx64.sys [2007-2-22 12288]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\nmwcdx64.sys [2007-2-22 173056]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-19 89920]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-12-02 02:06:43 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{557CD9AC-C732-4BC8-9334-2C18B3A58CDF}\mpengine.dll
2010-12-01 21:27:50 -------- d-----w- C:\Program Files (x86)\Samsung
2010-11-29 05:28:33 -------- d-----w- C:\Users\DORKYD~1\AppData\Local\AVG Security Toolbar
2010-11-29 04:49:51 -------- d--h--w- C:\PROGRA~3\Common Files
2010-11-29 04:49:16 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar
2010-11-29 04:45:45 -------- d-----w- C:\PROGRA~3\AVG10
2010-11-29 04:16:55 -------- d-----w- C:\PROGRA~3\MFAData
2010-11-29 04:02:04 767952 ----a-w- C:\Windows\BDTSupport.dll
2010-11-29 04:02:04 165840 ----a-w- C:\Windows\PCTBDRes.dll
2010-11-29 04:02:04 1652688 ----a-w- C:\Windows\PCTBDCore.dll
2010-11-29 04:02:04 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2010-11-29 04:00:11 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2010-11-29 04:00:11 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2010-11-29 04:00:04 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2010-11-29 03:59:57 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2010-11-29 03:59:49 -------- d-----w- C:\Users\DORKYD~1\AppData\Roaming\PC Tools
2010-11-29 03:59:49 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2010-11-29 03:59:49 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-11-29 03:59:49 -------- d-----w- C:\PROGRA~3\PC Tools
2010-11-29 03:48:01 -------- d-----w- C:\rei
2010-11-29 03:47:57 -------- d-----w- C:\Program Files (x86)\Reimage
2010-11-28 20:08:00 217 ----a-w- C:\Users\DORKYD~1\AppData\Roaming\agtyjkj.bat
2010-11-24 03:55:38 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 03:55:38 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-09 20:43:25 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-09 20:43:25 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

==================== Find3M ====================

2010-11-30 01:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-04-21 00:06:55 576000 ----a-w- C:\Program Files\ISSetup.dll
2010-04-21 00:00:57 473 ----a-w- C:\Program Files\layout.bin

============= FINISH: 19:17:54.09 ===============

BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:47 AM

Posted 09 December 2010 - 06:04 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 SpiderGat

SpiderGat
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 11 December 2010 - 02:46 PM

Thank you for responding. I know you guys are busy and I really appreciate what you do. Also, since my last post I got infected with another Rogue-Spyware program. I ended the process before I remembered to look at the name and it hasn't popped up again. It was clever though and disabled my internet by turning on the proxy button. I disabled it, then fixed the internet and now I'm here. Ok so I rescanned with DDS and here are the results for that.




DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Dorky Doll at 11:03:40.62 on Sat 12/11/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.977 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\explorer.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\splwow64.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dorky Doll\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:59274
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [nqhtkexj] C:\Users\DORKYD~1\AppData\Local\Temp\fbxurjtyv\tbhdxokaffm.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [CLMLServer] "c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -k
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PCSuiteTrayApplication] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MPlayerForWindows_UpdateReminder] "C:\Program Files (x86)\MPlayer for Windows\AutoUpdate.exe" /L=1033 /TASK
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [MFARestart] "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
dRun: [Nokia.PCSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
StartupFolder: C:\Users\DORKYD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\DORKYD~1\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4aebb513&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\kSolo\npAVX.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dorky Doll\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Dorky Doll\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Move Media Player: moveplayer@movenetworks.com - C:\Users\Dorky Doll\AppData\Roaming\Move Networks
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\DORKYD~1\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: RadioBar Toolbar: radiobar@toolbar - C:\Users\DORKYD~1\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\radiobar@toolbar
FF - Extension: Ask Toolbar: toolbar@ask.com - C:\Users\DORKYD~1\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\toolbar@ask.com
FF - Extension: Aviary: {d5eeb813-935a-435d-b01e-b3a02f2cb408} - C:\Users\DORKYD~1\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-8-8 225296]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-11-28 233488]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-11-28 112592]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-8-8 839200]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 27648]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-5-26 62208]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-11-28 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-11-28 1142224]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-8-8 292864]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2008-9-3 390656]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-8-8 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-10-6 35840]
S3 cpuz134;cpuz134;C:\Users\DORKYD~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [2010-11-28 21480]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nmwcdcjx64;Nokia USB Port;C:\Windows\System32\drivers\nmwcdcjx64.sys [2007-2-22 17408]
S3 nmwcdcmx64;Nokia USB Modem;C:\Windows\System32\drivers\nmwcdcmx64.sys [2007-2-22 17408]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\nmwcdcx64.sys [2007-2-22 12288]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\nmwcdx64.sys [2007-2-22 173056]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-19 89920]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-12-11 18:37:26 603648 ----a-w- C:\Users\DORKYD~1\AppData\Local\syssvc.exe
2010-12-10 18:54:58 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2010-12-10 18:54:58 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2010-12-10 12:38:52 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{04D3953A-0C94-4C2F-B3C2-E4A3AE707051}\mpengine.dll
2010-12-01 21:27:50 -------- d-----w- C:\Program Files (x86)\Samsung
2010-11-29 05:28:33 -------- d-----w- C:\Users\DORKYD~1\AppData\Local\AVG Security Toolbar
2010-11-29 04:49:51 -------- d--h--w- C:\PROGRA~3\Common Files
2010-11-29 04:49:16 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar
2010-11-29 04:45:45 -------- d-----w- C:\PROGRA~3\AVG10
2010-11-29 04:16:55 -------- d-----w- C:\PROGRA~3\MFAData
2010-11-29 04:02:04 767952 ----a-w- C:\Windows\BDTSupport.dll
2010-11-29 04:02:04 165840 ----a-w- C:\Windows\PCTBDRes.dll
2010-11-29 04:02:04 1652688 ----a-w- C:\Windows\PCTBDCore.dll
2010-11-29 04:02:04 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2010-11-29 04:00:11 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2010-11-29 04:00:11 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2010-11-29 04:00:04 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2010-11-29 03:59:57 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2010-11-29 03:59:49 -------- d-----w- C:\Users\DORKYD~1\AppData\Roaming\PC Tools
2010-11-29 03:59:49 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2010-11-29 03:59:49 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-11-29 03:59:49 -------- d-----w- C:\PROGRA~3\PC Tools
2010-11-29 03:48:01 -------- d-----w- C:\rei
2010-11-29 03:47:57 -------- d-----w- C:\Program Files (x86)\Reimage
2010-11-28 20:08:00 217 ----a-w- C:\Users\DORKYD~1\AppData\Roaming\agtyjkj.bat
2010-11-24 03:55:38 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 03:55:38 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-04-21 00:06:55 576000 ----a-w- C:\Program Files\ISSetup.dll
2010-04-21 00:00:57 473 ----a-w- C:\Program Files\layout.bin

============= FINISH: 11:05:31.92 ===============






I would post the GMER log however when I opened the program, the following options in the Rootkit/Malware tab were greyed out and not even available to be checked or unchecked like in the tutorial post. System, Sections, IAT/EAT, Devices, Modules, processes,Threads, and Libraries. I clicked scan anyway and upon completion it said there were no changes detected. So yeah.. I'm also attaching the attach file.

Attached Files



#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:47 AM

Posted 13 December 2010 - 08:32 AM

Hello again SpiderGat :)

I will be handling your log, please give me some time to look over the logs, and we'll get going on this.

In the meantime, since GMER didn't want to run, try this:

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
    Copy the entire contents of the report and paste it in a reply here.
Note** You may get this warning:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Just ignore it, click Cancel, then Accept. :thumbup2:

Best Regards,
oneof4.


#5 SpiderGat

SpiderGat
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 13 December 2010 - 02:05 PM

Hello Oneof4, thank you for the help!

Ok, so I downloaded, unzipped, installed, and tried to run the program. When I did. It gave me this error.

"Error Loading Driver, NTSTATUS code 0xC000036B

I'm going out to lunch, and then I have work tonight, I'll check this again probably late tonight. I'm up late anyway. Thanks again for the help, hope I'm not going to be a pain for you!


Many Thanks,
George

#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:47 AM

Posted 14 December 2010 - 06:05 PM

Hello SpiderGat, and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!
  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

======

You mentioned that you had to uninstall AVG. I notice some remaining files associated with AVG, still present in your log. Please perform the following to complete AVG's removal:
Download the AVG Removal Tool and run it.

You now need to install an antivirus program as soon as you can until we complete our work. Then if you want to re-install AVG, you can.
Here are some good free ones:


======

I notice from your scan log that you have installed on your machine one or more peer-to-peer file sharing programs. Please follow these instructions to remove it: Click on Start > Control Panel > Add/Remove Programs, then go down the list and choose the following:

  • uTorrent
Then choose Remove
We do not ask you to do this without reason.

P2P programs form a direct conduit into your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further, if your P2P program is not configured correctly you may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P progam.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We may possibly be wasting our time in cleaning your machine if you continue to use P2P programs, as it is pretty much certain that if you continue to use them then you will get infected again.


======

Open Internet Explorer, choose Tools > Internet Options > Connections, click the LAN Settings button at the bottom. If there is a check in the box beside "Use a proxy server for your LAN", click the Advanced button to the right of it, and clear anything listed in the boxes under "Servers". Click OK if you had to clear anything, then uncheck the box next to 'Use a proxy server for your LAN".

======


Things I need to see in your next reply:


  • Confirm for me the above steps I asked you to take.
  • Confirm if you had to make changes to your LAN settings, or not.


Best Regards,
oneof4.

Best Regards,
oneof4.


#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:47 AM

Posted 17 December 2010 - 08:00 AM

Three Day Bump...

Are you still there?

Best Regards,
oneof4.


#8 SpiderGat

SpiderGat
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 18 December 2010 - 11:17 AM

Sorry for the delay, been working more hours this week than usual. Thanks for the patience.

I successfully got rid of the rest of AVG with the remover.
I successfully installed Avira Free Personal.
I Successfully uninstalled Utorrent and will cease to use it. And tell my GF to not use it as well.

I went into my IE settings and checked the proxy server so that I could access the advanced menu. There was an address in the HTTP box, and a port number to the right of it. removed them and it said "do you want to turn off Proxy?" I said yes and it went back to the menu with the Proxy server box unchecked(not ticked). I'm assuming they were put there when the last Fake Anti-Spyware program came up and disabled my internet by using that proxy. I had just unchecked the box and not removed the address from the advanced menu.



I have not done anything else to the computer and am ready to follow instructions that you have for me. Again thank you for your patience and help!

Sincerely,
George

#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:47 AM

Posted 18 December 2010 - 01:20 PM

Hi SpiderGat :santa:

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Things I need to see in your next reply:

  • OTL.txt
  • Extra.txt (as an attachment)

Best Regards,
oneof4.

Best Regards,
oneof4.


#10 SpiderGat

SpiderGat
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 18 December 2010 - 11:45 PM

OTL logfile created on: 12/18/2010 8:13:08 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dorky Doll\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 110.68 Gb Free Space | 38.65% Space Free | Partition Type: NTFS

Computer Name: DORKYDOLL-PC | User Name: Dorky Doll | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/18 20:12:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dorky Doll\Desktop\OTL.exe
PRC - [2010/12/08 15:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2010/12/03 17:59:41 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010/12/03 11:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 11:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/30 18:13:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/30 18:13:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/30 18:13:16 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/03 21:57:52 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/26 14:26:44 | 000,236,288 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/05/26 14:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/04/02 15:21:36 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/04/02 07:31:34 | 001,552,497 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2008/10/17 09:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/07/18 18:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/06/18 15:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/18 20:12:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dorky Doll\Desktop\OTL.exe
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/02/26 08:16:18 | 000,213,912 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\smum32.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2009/04/03 18:55:28 | 000,839,200 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/02/18 16:49:06 | 000,949,248 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/30 18:13:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/30 18:13:16 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/17 11:23:45 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/19 10:46:00 | 003,474,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/05/26 14:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/03/29 20:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 19:41:00 | 000,437,248 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/05/05 14:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/12/03 17:57:53 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/11/30 18:13:39 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/11/30 18:13:39 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/02/10 09:46:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 15:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 15:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/17 10:29:46 | 000,637,440 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/02/23 15:18:58 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/02/18 16:52:58 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/02/18 16:52:26 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2009/02/18 16:47:52 | 005,171,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/02/13 13:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 13:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 13:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/02/06 10:33:04 | 000,262,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/12/29 14:59:42 | 001,185,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/11/03 19:40:46 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\XAudio64.sys -- (XAudio)
DRV:64bit: - [2008/09/03 20:12:42 | 000,390,656 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/05/28 16:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/01/20 18:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 18:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2007/02/22 11:19:08 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV:64bit: - [2007/02/22 11:18:14 | 000,017,408 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcmx64.sys -- (nmwcdcmx64)
DRV:64bit: - [2007/02/22 11:18:14 | 000,017,408 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcjx64.sys -- (nmwcdcjx64)
DRV:64bit: - [2007/02/22 11:18:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcx64.sys -- (nmwcdcx64)
DRV:64bit: - [2006/09/18 13:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/18 21:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/12/13 11:00:50 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2010/11/28 19:48:34 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Users\Dorky Doll\AppData\Local\Temp\cpuz134\cpuz134_x64.sys -- (cpuz134)
DRV - [2004/12/31 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=nv52_series
IE - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {d5eeb813-935a-435d-b01e-b3a02f2cb408}:0.8.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4aebb513&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 10:55:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 10:54:59 | 000,000,000 | ---D | M]

[2009/12/10 13:39:13 | 000,000,000 | ---D | M] -- C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Extensions
[2009/10/02 01:49:10 | 000,000,000 | ---D | M] -- C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/17 20:56:22 | 000,000,000 | ---D | M] -- C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions
[2010/05/11 20:49:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/11 20:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
[2010/07/29 19:46:04 | 000,000,000 | ---D | M] (Aviary) -- C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}
[2010/05/01 14:03:27 | 000,000,000 | ---D | M] -- C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\radiobar@toolbar
[2010/10/14 13:11:05 | 000,000,000 | ---D | M] -- C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\extensions\toolbar@ask.com
[2010/07/29 19:46:09 | 000,002,391 | ---- | M] () -- C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Profiles\zdyuw3vx.default\searchplugins\aviary.xml
[2010/12/10 10:54:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/05 08:25:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/10 16:21:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [MPlayerForWindows_UpdateReminder] C:\Program Files (x86)\MPlayer for Windows\AutoUpdate.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Dorky Doll\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/18 20:12:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dorky Doll\Desktop\OTL.exe
[2010/12/18 08:02:13 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/12/18 08:02:13 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/12/18 08:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/12/18 08:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/12/15 17:44:03 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/12/15 17:44:03 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/15 17:44:03 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/12/15 17:44:02 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/12/15 17:44:02 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/12/15 17:44:02 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/12/15 17:44:02 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/12/15 17:44:02 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/12/15 17:44:02 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/12/15 17:44:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/12/15 17:44:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/12/15 17:44:02 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/12/15 17:44:02 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/12/15 17:44:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/15 17:44:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/15 17:44:01 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/15 17:44:01 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/12/15 17:44:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/15 17:44:01 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/15 17:44:01 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/12/15 17:44:01 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/12/15 17:44:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/12/15 17:44:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/12/15 17:44:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/12/15 17:44:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/12/15 17:44:01 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/15 17:44:01 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/12/15 17:44:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/15 17:41:03 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/12/15 17:41:03 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/15 17:41:03 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/12/15 17:41:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/12/15 17:41:03 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/12/15 17:41:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/15 17:40:47 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/15 17:40:12 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/15 17:40:12 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/15 17:40:12 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/15 17:40:11 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/15 17:40:11 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/15 17:40:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/12/13 10:57:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MustBeRandomlyNamed
[2010/12/13 10:56:10 | 000,000,000 | ---D | C] -- C:\Users\Dorky Doll\Desktop\RkU3.8.388.590
[2010/12/13 10:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/12/11 10:37:26 | 000,603,648 | ---- | C] (PPtJCIHx) -- C:\Users\Dorky Doll\AppData\Local\syssvc.exe
[2010/12/01 13:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2010/11/28 21:28:33 | 000,000,000 | ---D | C] -- C:\Users\Dorky Doll\AppData\Local\AVG Security Toolbar
[2010/11/28 20:49:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/28 20:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/28 20:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/28 20:02:04 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/11/28 20:02:04 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/11/28 20:02:04 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/11/28 20:00:11 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/11/28 20:00:11 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/11/28 20:00:04 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/11/28 19:59:57 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/11/28 19:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/11/28 19:59:49 | 000,000,000 | ---D | C] -- C:\Users\Dorky Doll\AppData\Roaming\PC Tools
[2010/11/28 19:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/28 19:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/11/28 19:48:01 | 000,000,000 | ---D | C] -- C:\rei
[2010/11/28 19:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reimage
[2010/04/20 15:59:53 | 000,576,000 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\ISSetup.dll

========== Files - Modified Within 30 Days ==========

[2010/12/18 20:12:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dorky Doll\Desktop\OTL.exe
[2010/12/18 19:56:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/18 19:55:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/18 08:02:31 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/18 07:40:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/17 19:16:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/17 19:16:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/16 03:29:12 | 000,317,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/14 14:56:49 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/12/13 11:00:50 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/12/11 11:08:52 | 000,296,448 | ---- | M] () -- C:\Users\Dorky Doll\Desktop\jrp2n6ps.exe
[2010/12/11 10:37:26 | 000,603,648 | ---- | M] (PPtJCIHx) -- C:\Users\Dorky Doll\AppData\Local\syssvc.exe
[2010/12/10 10:55:02 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/06 17:49:29 | 000,028,160 | ---- | M] () -- C:\Users\Dorky Doll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/04 14:25:26 | 000,013,269 | ---- | M] () -- C:\Users\Dorky Doll\Desktop\char_pelswick.jpg
[2010/12/03 17:57:56 | 000,092,896 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/12/03 17:57:53 | 000,233,488 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/12/01 19:02:56 | 000,708,489 | ---- | M] () -- C:\Program Files\AVGInstLog.cab
[2010/11/30 18:13:39 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/11/30 18:13:39 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/28 20:00:01 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/11/28 19:48:41 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2010/11/28 19:48:03 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2010/11/28 19:08:03 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/28 19:08:03 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/28 19:08:03 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/28 18:59:38 | 271,831,220 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/28 12:08:45 | 000,000,010 | ---- | M] () -- C:\Users\Dorky Doll\AppData\Roaming\install
[2010/11/28 12:08:00 | 000,000,217 | ---- | M] () -- C:\Users\Dorky Doll\AppData\Roaming\agtyjkj.bat

========== Files Created - No Company Name ==========

[2010/12/18 08:02:31 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/13 11:00:50 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/12/11 11:08:51 | 000,296,448 | ---- | C] () -- C:\Users\Dorky Doll\Desktop\jrp2n6ps.exe
[2010/12/04 14:25:26 | 000,013,269 | ---- | C] () -- C:\Users\Dorky Doll\Desktop\char_pelswick.jpg
[2010/12/01 19:02:56 | 000,708,489 | ---- | C] () -- C:\Program Files\AVGInstLog.cab
[2010/11/28 20:02:04 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/11/28 20:02:04 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/11/28 20:02:04 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/11/28 20:02:04 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/11/28 20:02:04 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/11/28 20:00:11 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/11/28 20:00:04 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/11/28 20:00:01 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/11/28 19:59:57 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/11/28 19:59:53 | 000,365,518 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Local\dd_vcredistMSI1ED1.txt
[2010/11/28 19:59:51 | 000,012,806 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Local\dd_vcredistUI1ED4.txt
[2010/11/28 19:59:50 | 000,013,458 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Local\dd_vcredistUI1ED1.txt
[2010/11/28 19:48:28 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/11/28 19:48:03 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2010/11/28 12:08:45 | 000,000,010 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Roaming\install
[2010/11/28 12:08:00 | 000,000,217 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Roaming\agtyjkj.bat
[2010/10/06 12:41:18 | 000,437,478 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Local\dd_vcredistMSI221D.txt
[2010/10/06 12:41:17 | 000,214,730 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Local\dd_vcredistUI221D.txt
[2010/10/06 12:40:39 | 000,438,616 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Local\dd_vcredistMSI217D.txt
[2010/10/06 12:40:28 | 000,214,650 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Local\dd_vcredistUI217D.txt
[2010/09/05 08:27:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/16 08:51:56 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/20 15:59:53 | 696,666,008 | ---- | C] () -- C:\Program Files\data2.cab
[2010/04/20 15:59:53 | 001,669,931 | ---- | C] () -- C:\Program Files\setup.isn
[2010/04/20 15:59:53 | 001,079,468 | ---- | C] () -- C:\Program Files\data1.cab
[2010/04/20 15:59:53 | 000,368,424 | ---- | C] () -- C:\Program Files\data1.hdr
[2010/04/20 15:59:53 | 000,254,098 | ---- | C] () -- C:\Program Files\setup.inx
[2010/04/20 15:59:53 | 000,021,494 | ---- | C] () -- C:\Program Files\0x0409.ini
[2010/04/20 15:59:53 | 000,001,224 | ---- | C] () -- C:\Program Files\setup.ini
[2010/04/20 15:59:53 | 000,000,473 | ---- | C] () -- C:\Program Files\layout.bin
[2010/01/25 09:39:55 | 000,334,343 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Roaming\NMM-MetaData.db
[2009/11/21 07:52:16 | 000,000,680 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Local\d3d9caps.dat
[2009/10/01 02:27:20 | 000,000,732 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Local\d3d9caps64.dat
[2009/09/19 02:31:06 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/19 02:28:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/07 11:03:46 | 000,000,000 | ---- | C] () -- C:\Windows\CastleMalloy.INI
[2009/09/04 11:56:04 | 000,028,160 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/04 11:51:50 | 000,000,246 | ---- | C] () -- C:\Users\Dorky Doll\AppData\Roaming\wklnhst.dat
[2009/08/08 13:06:22 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/03/04 13:49:37 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/03/04 13:49:37 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/03/04 13:48:52 | 000,000,061 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/03/04 13:48:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\SysWow64\CddbCdda.dll
[2007/01/26 00:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007/01/26 00:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >


Here is what you requested. Everything went smoothly.
And hope you are having happy holidays!
Thank you again for the help.
George

Attached Files



#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:47 AM

Posted 20 December 2010 - 11:58 PM

Hello SpiderGat :)

You have the Ask Toolbar installed on your machine, this program has been suspected of malicious activity. To be safe, I would advise you to uninstall it per the following steps:

  • Close all open Web browsers
  • From the "Start" menu in Windows, select "Control Panel"
  • Under the "Programs" icon, select "Uninstall a program"
  • Select the program with the Ask logo and the text "Ask Toolbar"
  • Click "Uninstall" and then "Continue" to remove the Toolbar

If you reopen your Web browser and still see the Toolbar, you may need to restart your computer for the uninstall process to be completed.

======

You have some installation files that have been placed in the program files root directory, do you know how the following files got there?:


C:\Program Files\data2.cab
C:\Program Files\setup.isn
C:\Program Files\data1.cab
C:\Program Files\data1.hdr
C:\Program Files\setup.inx
C:\Program Files\0x0409.ini
C:\Program Files\setup.ini
C:\Program Files\layout.bin


======


We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-1974498072-3467794118-4165628094-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    [2010/12/11 10:37:26 | 000,603,648 | ---- | C] (PPtJCIHx) -- C:\Users\Dorky Doll\AppData\Local\syssvc.exe
    [2010/12/06 17:49:29 | 000,028,160 | ---- | M] () -- C:\Users\Dorky Doll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/28 12:08:45 | 000,000,010 | ---- | M] () -- C:\Users\Dorky Doll\AppData\Roaming\install
    [2010/11/28 12:08:00 | 000,000,217 | ---- | M] () -- C:\Users\Dorky Doll\AppData\Roaming\agtyjkj.bat
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Things I need to see in your next reply:

  • Answer concerning installation files location.
  • OTL.txt
  • How are things running?

Best Regards,
oneof4.

Best Regards,
oneof4.


#12 SpiderGat

SpiderGat
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 21 December 2010 - 11:35 AM

Hello again!

I actually have no idea how those files got in the Program Files folder. My girlfriend uses this computer the most and when I download things it's always to specific directories. All of her downloads go right to the "downloads" folder or other random places. But I looked at their properties and they all have full permissions, are under every group and user name, are owned by "Administrator", and were all made and then modified 5 minutes later, and haven't been touched since. have no idea what they could be for.

I uninstalled the Ask toolbar. It took a LONG time which made me suspicious. Also while uninstalling vista popped up asking me to let the ASK toolbar uninstall, then the uninstalation got to the end of the bar, and started over. Don't know if it's usual.

And I know I have tracking cookies and spyware right now. I haven't been able to run M-Bam or anything else since I started with you because I was waiting. And I'm fine with it. Spyware doctor (which I downloaded before we started) updates me now and then and claims 430+ infections, but they are all trackers and doubleclick.net stuff and I have no reason to doubt it's validity. Also because when I run netstat in command prompt I can see all the connections to the servers that they report back to. However I do have a LOT of foreign connections active or close_wait or listening on the 55k+ ports.
(Also, what does FIN_WAIT_1 mean? it's the first time I've seen it in my netstat -na list as a state modifier)

Beneath is the log for the code you gave me. The program did not ask me to restart. Don't know if that's pertinent but I just want you to know everything that happens while I perform your tasks!


========== OTL ==========
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1974498072-3467794118-4165628094-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
C:\Users\Dorky Doll\AppData\Local\syssvc.exe moved successfully.
C:\Users\Dorky Doll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Users\Dorky Doll\AppData\Roaming\install moved successfully.
C:\Users\Dorky Doll\AppData\Roaming\agtyjkj.bat moved successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully.

OTL by OldTimer - Version 3.2.17.3 log created on 12212010_081314


The computer is running the speed it used to. The internet is still slow, but I think that is Router setup/roommate PS3 on ALL THE TIME/X-Box and other things. I haven't gotten any popups or redirects, and the thinkpoint window hasn't reared it's head at all. Nor the HotFix process in the process viewer. (started monitoring for it)

Thank you again for the help. Hope you're having a wonderful Christmas. I don't know if you're traveling or not but don't worry I don't expect help on Christmas day. I'll be working that night anyway. It feels like the main part of the infection is gone, just little guys hanging on. In the end you'll be the one to decide obviously, but I just don't want you to feel pressured during christmas ^.^ And I will still wait for your instructions.

Thanks again for the help.
Merry Christmas

George

#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:47 AM

Posted 21 December 2010 - 08:08 PM

Hello Goerge :santa:

Good job with the removal process thus far! :thumbup2:

To try to answer your question about FIN_WAIT_1:

A socket enters the FIN_WAIT_1 state when one side of a connection calls
close() on an open socket (causing a FIN to be transmitted to the other
end). It stays in this state whilst waiting for the other end to respond
with an ACK to the FIN that was transmitted to it. The remote (should)
automatically send the ACK, causing the client to enter the FIN_WAIT_2
state (This is done by the kernel). It remains in this state until the
remote sends LAST_ACK. This happens when the other side calls close()
on it's end of the socket. At that point it will enter the TIME_WAIT
state where it will stay for the 2MSL timeout (30, 60 or 180 seconds
typically, linux == 60).

I obtained this information from the following link, if your interested in more: http://beowulf.es.embnet.org/listarchives/beowulf/1998/10/0074.html

======

Now, update MBAM and run a scan. Post the log in your next reply.

======

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things I need to see in your next reply:

  • MBAM Log
  • ESET Scan Results


Best Regards, and Merry Christmas to you!
oneof4.

Best Regards,
oneof4.


#14 SpiderGat

SpiderGat
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 22 December 2010 - 03:27 PM

Alrighty, this one was fun.

SO I started running M-Bam and while it was running, AVIR pops up and says itfound a threat I ignored because M-Bam was in the middle of a scan and I've heard annoying things can happen if two programs try to access the same file at once. I found the AV scan logs of the two items and will include them below Mbam and ESET. It says they are in Quarantine, which is also something I don't understand. If you could explain that with a link like you did the WAIT I would appreciate it!

----------------------MBAM LOG---------------------------------


Malwarebytes' Anti-Malware 1.42
Database version: 3361
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

1/2/2010 9:40:54 PM
mbam-log-2010-01-02 (21-40-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 297465
Time elapsed: 1 hour(s), 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\Dorky Doll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\EvenMoreMegaSwellAdsForYou (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\PlayMP3z\PlayMP3.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\Dorky Doll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files (x86)\EvenMoreMegaSwellAdsForYou\uninstall.exe (Adware.EvenMoreMegaSwellAdsForYou) -> Quarantined and deleted successfully.




----------------------------------------ESET LOG-----------------------------------------

C:\Users\Dorky Doll\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\175228cf-4f872124 a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined
C:\Users\Dorky Doll\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-35e0df6e multiple threats deleted - quarantined
C:\Users\Dorky Doll\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\36353a9c-1c287ce0 multiple threats deleted - quarantined



----------------------AV SCAN LOGS----------------------


Avira AntiVir Personal
Report file date: Wednesday, December 22, 2010 08:01

Scanning for 2282993 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista x64
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DORKYDOLL-PC

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/1/2010 02:13:17
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/1/2010 02:13:24
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:03:39
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 16:03:39
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 16:03:39
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 16:03:40
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 16:03:40
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 16:03:40
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 16:03:40
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 16:03:40
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 16:03:40
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 16:03:40
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 16:03:40
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 16:03:40
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 16:03:41
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 16:03:12
VBASE015.VDF : 7.11.0.92 2048 Bytes 12/20/2010 16:03:13
VBASE016.VDF : 7.11.0.93 2048 Bytes 12/20/2010 16:03:13
VBASE017.VDF : 7.11.0.94 2048 Bytes 12/20/2010 16:03:13
VBASE018.VDF : 7.11.0.95 2048 Bytes 12/20/2010 16:03:13
VBASE019.VDF : 7.11.0.96 2048 Bytes 12/20/2010 16:03:13
VBASE020.VDF : 7.11.0.97 2048 Bytes 12/20/2010 16:03:13
VBASE021.VDF : 7.11.0.98 2048 Bytes 12/20/2010 16:03:14
VBASE022.VDF : 7.11.0.99 2048 Bytes 12/20/2010 16:03:14
VBASE023.VDF : 7.11.0.100 2048 Bytes 12/20/2010 16:03:14
VBASE024.VDF : 7.11.0.101 2048 Bytes 12/20/2010 16:03:14
VBASE025.VDF : 7.11.0.102 2048 Bytes 12/20/2010 16:03:14
VBASE026.VDF : 7.11.0.103 2048 Bytes 12/20/2010 16:03:14
VBASE027.VDF : 7.11.0.104 2048 Bytes 12/20/2010 16:03:15
VBASE028.VDF : 7.11.0.105 2048 Bytes 12/20/2010 16:03:15
VBASE029.VDF : 7.11.0.106 2048 Bytes 12/20/2010 16:03:15
VBASE030.VDF : 7.11.0.107 2048 Bytes 12/20/2010 16:03:15
VBASE031.VDF : 7.11.0.119 117248 Bytes 12/21/2010 16:03:15
Engineversion : 8.2.4.126
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/1/2010 02:13:13
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/18/2010 16:03:51
AESCN.DLL : 8.1.7.2 127349 Bytes 12/1/2010 02:13:12
AESBX.DLL : 8.1.3.2 254324 Bytes 12/1/2010 02:13:12
AERDL.DLL : 8.1.9.2 635252 Bytes 12/1/2010 02:13:12
AEPACK.DLL : 8.2.4.5 512375 Bytes 12/18/2010 16:03:48
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/1/2010 02:13:11
AEHEUR.DLL : 8.1.2.57 3142008 Bytes 12/18/2010 16:03:48
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/18/2010 16:03:45
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/18/2010 16:03:45
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/1/2010 02:13:06
AECORE.DLL : 8.1.19.0 196984 Bytes 12/18/2010 16:03:44
AEBB.DLL : 8.1.1.0 53618 Bytes 12/1/2010 02:13:05
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/1/2010 02:13:17
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/1/2010 02:13:16
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/1/2010 02:13:17
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/1/2010 02:13:17
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/1/2010 02:13:14
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/1/2010 02:13:15
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/1/2010 02:13:17
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/1/2010 02:13:38

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4df1e690\guard_slideup.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Wednesday, December 22, 2010 08:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'BackupManagerTray.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'PDVD8Serv.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'VideoWebCamera.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'IScheduleSvc.exe' - '1' Module(s) have been scanned
Scan process 'BDTUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Users\Dorky Doll\AppData\Local\Temp\0.8949249823413558.exe'
C:\Users\Dorky Doll\AppData\Local\Temp\0.8949249823413558.exe
[DETECTION] Is the TR/Code.taf.5 Trojan
--> Object
[DETECTION] Is the TR/Code.taf.5 Trojan

Beginning disinfection:
C:\Users\Dorky Doll\AppData\Local\Temp\0.8949249823413558.exe
[DETECTION] Is the TR/Code.taf.5 Trojan
[WARNING] The file was ignored!


End of the scan: Wednesday, December 22, 2010 08:03
Used time: 00:00 Minute(s)

The scan has been done completely.

0 Scanned directories
27 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
26 Files not concerned
0 Archives were scanned
1 Warnings
0 Notes


The scan results will be transferred to the Guard.








----------------------NEXT LOG---------------------



Avira AntiVir Personal
Report file date: Wednesday, December 22, 2010 12:15

Scanning for 2282993 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista x64
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DORKYDOLL-PC

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/1/2010 02:13:17
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/1/2010 02:13:24
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:03:39
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 16:03:39
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 16:03:39
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 16:03:40
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 16:03:40
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 16:03:40
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 16:03:40
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 16:03:40
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 16:03:40
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 16:03:40
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 16:03:40
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 16:03:40
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 16:03:41
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 16:03:12
VBASE015.VDF : 7.11.0.92 2048 Bytes 12/20/2010 16:03:13
VBASE016.VDF : 7.11.0.93 2048 Bytes 12/20/2010 16:03:13
VBASE017.VDF : 7.11.0.94 2048 Bytes 12/20/2010 16:03:13
VBASE018.VDF : 7.11.0.95 2048 Bytes 12/20/2010 16:03:13
VBASE019.VDF : 7.11.0.96 2048 Bytes 12/20/2010 16:03:13
VBASE020.VDF : 7.11.0.97 2048 Bytes 12/20/2010 16:03:13
VBASE021.VDF : 7.11.0.98 2048 Bytes 12/20/2010 16:03:14
VBASE022.VDF : 7.11.0.99 2048 Bytes 12/20/2010 16:03:14
VBASE023.VDF : 7.11.0.100 2048 Bytes 12/20/2010 16:03:14
VBASE024.VDF : 7.11.0.101 2048 Bytes 12/20/2010 16:03:14
VBASE025.VDF : 7.11.0.102 2048 Bytes 12/20/2010 16:03:14
VBASE026.VDF : 7.11.0.103 2048 Bytes 12/20/2010 16:03:14
VBASE027.VDF : 7.11.0.104 2048 Bytes 12/20/2010 16:03:15
VBASE028.VDF : 7.11.0.105 2048 Bytes 12/20/2010 16:03:15
VBASE029.VDF : 7.11.0.106 2048 Bytes 12/20/2010 16:03:15
VBASE030.VDF : 7.11.0.107 2048 Bytes 12/20/2010 16:03:15
VBASE031.VDF : 7.11.0.119 117248 Bytes 12/21/2010 16:03:15
Engineversion : 8.2.4.126
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/1/2010 02:13:13
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/18/2010 16:03:51
AESCN.DLL : 8.1.7.2 127349 Bytes 12/1/2010 02:13:12
AESBX.DLL : 8.1.3.2 254324 Bytes 12/1/2010 02:13:12
AERDL.DLL : 8.1.9.2 635252 Bytes 12/1/2010 02:13:12
AEPACK.DLL : 8.2.4.5 512375 Bytes 12/18/2010 16:03:48
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/1/2010 02:13:11
AEHEUR.DLL : 8.1.2.57 3142008 Bytes 12/18/2010 16:03:48
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/18/2010 16:03:45
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/18/2010 16:03:45
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/1/2010 02:13:06
AECORE.DLL : 8.1.19.0 196984 Bytes 12/18/2010 16:03:44
AEBB.DLL : 8.1.1.0 53618 Bytes 12/1/2010 02:13:05
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/1/2010 02:13:17
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/1/2010 02:13:16
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/1/2010 02:13:17
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/1/2010 02:13:17
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/1/2010 02:13:14
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/1/2010 02:13:15
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/1/2010 02:13:17
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/1/2010 02:13:38

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4df199b2\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Wednesday, December 22, 2010 12:15

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'BackupManagerTray.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'PDVD8Serv.exe' - '1' Module(s) have been scanned
Scan process 'VideoWebCamera.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'IScheduleSvc.exe' - '1' Module(s) have been scanned
Scan process 'BDTUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Users\Dorky Doll\AppData\Local\Temp\8.914463504380317E8.exe'
C:\Users\Dorky Doll\AppData\Local\Temp\8.914463504380317E8.exe
[DETECTION] Is the TR/Kazy.5698 Trojan
[NOTE] The file was moved to the quarantine directory under the name '49fefdd9.qua'.


End of the scan: Wednesday, December 22, 2010 12:16
Used time: 00:57 Minute(s)

The scan has been done completely.

0 Scanned directories
29 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
28 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.






When the second warning popped up I hit Clean instead of Ignore with AVIR and it started a loading bar for scanning, got to 100% and then stopped. Suddenly quit, don't know what happened. Sorry about the length of this message, I know it's a lot of stuff to go through, Thanks again for all the hard work!

George

#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:11:47 AM

Posted 23 December 2010 - 11:12 PM

Hey SpiderGat, :santa:

Interesting, I think you may have grabbed an old MBAM log and posted it in your last reply. Take a look at the log header in the quote box below:

Malwarebytes' Anti-Malware 1.42
Database version: 3361
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

1/2/2010 9:40:54 PM
mbam-log-2010-01-02 (21-40-53).txt


Note especially the version (1.50 is the most current), the database version (5386 is the most recent), and finally the date of the scan; almost one year ago!

Let's try MBAM one more time:
  • Start MBAM by double-clicking its icon
  • Choose the Update tab and update it
  • Choose the Scanner tab and run a "Quick scan"
  • Post the results log in your next reply


======

Oh, BTW to answer your question about "Quarantine", that's simply a special isolated folder that anti-virus and spy-ware scanners place infected items. The reason for this instead of immediately "deleting" the infected files, is in case one or more of the files are actual criticle system files required for the proper operation of Windows, or some other legitimate program, they can be restored back out of Quarantine, this will then allow the system, or program to work. If the file is truly infected, it can then be replaced with a clean copy using other tools designed to accomplish that. I hope this made sense.

======

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Things I need to see in your next reply:

  • Up to date MBAM log
  • OTL.txt
  • How are things running?


Best Regards,
oneof4.

Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users