Jump to content

dcJeff

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. dcJeff
    Got all of that done. Only issue seeming to remain is my IE8 keeps popping up a bar about running with add-ons disabled and occasionally it will complain about adobe flash player needing to be updated. The flash player shouldn't be a big deal to update, but my pc is refusing to download the update for some reason. Would this be a good time to just upgrade to IE9? Thanks
  2. dcJeff
    After a restart, the bluetooth is now working, and it looks like all of the previously missing Start -> All Programs listings have also returned. So to my knowledge, the issues have been resolved. The ESET log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=1e3782676c6bf843a38eddb5bdee53b3 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-08 01:36:07 # local_time=2011-06-07 08:36:07 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 64568260 64568260 0 0 # compatibility_mode=5891 16776533 42 87 0 18594214 0 0 # compatibility_mode=6912 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=98714 # found=0 # cleaned=0 # scan_time=4035 And the security checkup log: Results of screen317's Security Check version 0.99.12 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner Java 6 Update 24 Java 6 Update 25 Out of date Java installed! Adobe Flash Player 10.3.181.14 Adobe Reader X (10.0.1) Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Microsoft Security Essentials msseces.exe SecurityCheck.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log````````````
  3. dcJeff
    Ok the MBAM log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6804 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/7/2011 5:08:47 PM mbam-log-2011-06-07 (17-08-47).txt Scan type: Quick scan Objects scanned: 173030 Time elapsed: 8 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The ComboFix log: ComboFix 11-06-06.07 - Jeff 06/07/2011 17:29:28.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1204 [GMT -5:00] Running from: g:\virus protection\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Jeff\Application Data\inst.exe c:\documents and settings\Jeff\Start Menu\Programs\Windows XP Recovery c:\documents and settings\Jeff\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk c:\documents and settings\Jeff\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk c:\documents and settings\Jeff\WINDOWS c:\program files\rnamfler c:\program files\rnamfler\naomf.exe c:\program files\rnamfler\radprlib.dll c:\program files\rnamfler\stream.rep . c:\windows\system32\grpconv.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe . . ((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 ))))))))))))))))))))))))))))))) . . 2011-06-07 22:35 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2011-06-07 22:35 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2011-06-07 19:05 . 2011-06-07 19:05 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93759F96-96A3-4820-9466-936184C13225}\MpKsl5993ca76.sys 2011-06-07 19:04 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93759F96-96A3-4820-9466-936184C13225}\mpengine.dll 2011-06-02 18:10 . 2011-06-02 18:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 18:08 . 2011-06-02 18:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2011-06-02 18:08 . 2011-06-02 18:08 -------- d-----w- c:\program files\Common Files\Skype 2011-06-02 18:08 . 2011-06-02 18:08 -------- d-----r- c:\program files\Skype 2011-06-02 17:48 . 2011-06-02 17:48 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\Secunia PSI 2011-06-02 17:47 . 2011-06-02 17:47 -------- d-----w- c:\program files\Secunia 2011-06-02 17:46 . 2011-06-02 17:46 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-29 00:03 . 2011-06-02 17:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-28 23:37 . 2011-05-28 23:37 0 ----a-w- c:\windows\system32\REN1A.tmp 2011-05-28 23:37 . 2011-05-28 23:37 0 ----a-w- c:\windows\system32\REN19.tmp 2011-05-28 23:37 . 2011-05-28 23:37 0 ----a-w- c:\windows\system32\REN18.tmp 2011-05-28 23:20 . 2011-05-28 23:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-05-28 23:06 . 2011-05-28 23:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2011-05-28 23:01 . 2011-05-28 23:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2011-05-28 00:53 . 2011-05-28 00:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-05-28 00:52 . 2011-05-28 00:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-05-26 21:21 . 2011-05-26 21:23 967 ----a-w- c:\windows\ScUnin.pif 2011-05-26 21:21 . 2011-05-26 21:23 94208 ----a-w- c:\windows\ScUnin.exe 2011-05-26 21:20 . 2011-05-26 21:30 -------- d-----w- c:\program files\Starcraft 2011-05-20 17:13 . 2011-05-20 17:13 -------- d-----w- c:\program files\iPod 2011-05-20 17:13 . 2011-05-20 17:34 -------- d-----w- c:\program files\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 14:11 . 2009-01-10 15:40 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 14:11 . 2009-01-10 15:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-09 20:46 . 2010-11-23 20:42 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-04-30 15:17 . 2011-03-28 12:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "gStart"="c:\garmin\gStart.exe" [2006-09-06 1891416] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-28 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-27 15147400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120] "nwiz"="nwiz.exe" [2006-03-21 1519616] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-04-01 155648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653] Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-6-28 2056266] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-5-7 24576] Monitor.lnk - c:\program files\Philips Webcam\Monitor.exe [2007-10-16 249856] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896] WinZip Quick Pick.lnk - c:\winzip\WZQKPICK.EXE [2007-10-7 118784] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "c:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port "427:TCP"= 427:TCP:Advanced TCP/IP SLP Port "161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port . R1 MpKsl5993ca76;MpKsl5993ca76;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93759F96-96A3-4820-9466-936184C13225}\MpKsl5993ca76.sys [6/7/2011 2:05 PM 28752] R1 MpKsl658f1f4b;MpKsl658f1f4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933E3E99-F46B-4B62-B229-D0152BE3E8AD}\MpKsl658f1f4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933E3E99-F46B-4B62-B229-D0152BE3E8AD}\MpKsl658f1f4b.sys [?] R1 MpKsle3d8f251;MpKsle3d8f251;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CECED2B-BA8B-45A9-929F-8E24CDBD8BF8}\MpKsle3d8f251.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CECED2B-BA8B-45A9-929F-8E24CDBD8BF8}\MpKsle3d8f251.sys [?] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [10/29/2010 3:30 PM 99896] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/10/2009 10:40 AM 366640] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2007 10:14 AM 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/10/2009 10:40 AM 22712] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S1 MpKsl00946ab2;MpKsl00946ab2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40632111-6A4E-46CE-B774-5DA125023B5E}\MpKsl00946ab2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40632111-6A4E-46CE-B774-5DA125023B5E}\MpKsl00946ab2.sys [?] S1 MpKsle4b92584;MpKsle4b92584;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D30D229F-B2A4-48FA-802E-CAE91728B2E7}\MpKsle4b92584.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D30D229F-B2A4-48FA-802E-CAE91728B2E7}\MpKsle4b92584.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2011 6:01 PM 135664] S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2/19/2008 11:48 AM 2333568] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL5993CA76 . Contents of the 'Scheduled Tasks' folder . 2011-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 23:00] . 2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 23:00] . 2011-06-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.att.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: myspace.com\www TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\m5w5augp.default\ . - - - - ORPHANS REMOVED - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe AddRemove-Atari800Win PLus - c:\program files\Atari800WinPLus\Uninstall.exe AddRemove-Audacity 1.3 Beta (Unicode)_is1 - e:\program files\Audacity 1.3 Beta (Unicode)\unins000.exe AddRemove-AviSynth - e:\program files\AviSynth 2.5\Uninstall.exe AddRemove-AVStoDVD - e:\program files\AVStoDVD\uninst.exe AddRemove-DarkBASIC - c:\program files\Dark Basic Software\Dark Basic\Uninstal.exe AddRemove-HaaliMkx - e:\program files\Haali\MatroskaSplitter\uninstall.exe AddRemove-{40C03514-89C3-41BA-0090-3B440256DB87} - e:\ea games\The Sims 2\EAUninstall.exe AddRemove-{4817189D-1785-4627-A33C-39FD90919300} - e:\ea games\The Sims 2 Pets\EAUninstall.exe AddRemove-{7B3577F5-1D82-4C9B-008B-69D026FD8BCA} - e:\ea games\The Sims 2 Open For Business\EAUninstall.exe AddRemove-{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2} - e:\ea games\The Sims 2 University\EAUninstall.exe AddRemove-{962E05CF-3394-496D-0091-850CF1762F6B} - e:\program files\EA GAMES\The Battle for Middle-earth\EAUninstall.exe AddRemove-{B6F5B704-06D3-4687-90F3-6195304AD755} - e:\ea games\The Sims 2 Apartment Life\EAUninstall.exe AddRemove-{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06} - e:\ea games\The Sims 2 Seasons\EAUninstall.exe AddRemove-{F248ADFA-64E0-4b03-8A83-059078BED6A0} - e:\ea games\The Sims 2 Bon Voyage\EAUninstall.exe AddRemove-{F7529650-B9DB-481B-0089-A2AC3C2821C1} - e:\ea games\The Sims 2 Nightlife\EAUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-07 17:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3330895311-695767755-1025199814-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c1,43,da,0e,c4,6a,a4,e4,50,6d,a4,b8,56,88,0a,4a,e0,26,e4,73,b4,a0,e1, 9b,fd,b1,83,99,fa,e0,00,c3,cf,2d,d9,a6,7d,ad,70,fd,0d,0d,2c,2b,5e,51,bc,1a,\ "??"=hex:40,c1,e5,32,14,41,af,33,2c,e2,50,05,d4,d1,0e,68 . [HKEY_USERS\S-1-5-21-3330895311-695767755-1025199814-1006\Software\SecuROM\License information*] "datasecu"=hex:0f,d7,e8,fc,98,5d,c2,06,f1,64,8a,6d,be,74,38,d8,b9,be,83,90,47, 28,8b,aa,05,35,0b,5f,ec,d3,d0,04,26,af,5b,68,5a,f9,e1,2e,19,a8,df,d6,aa,49,\ "rkeysecu"=hex:fe,91,be,78,bd,01,a6,56,9c,3b,b6,2e,38,38,92,64 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(504) c:\windows\System32\BCMLogon.dll . Completion time: 2011-06-07 17:39:15 ComboFix-quarantined-files.txt 2011-06-07 22:39 . Pre-Run: 66,323,107,840 bytes free Post-Run: 66,593,001,472 bytes free . - - End Of File - - 9300CE03136393F3342D9EEC7A140572 The DDS log (and I've attached the attach.txt): . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25 Run by Jeff at 17:42:33 on 2011-06-07 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1250 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\HPSIsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Garmin\gStart.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.att.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [gStart] c:\garmin\gStart.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [statusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\philips webcam\Monitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\winzip\WZQKPICK.EXE IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL Trusted Zone: myspace.com\www DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184345771921 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{E8EAE12D-1544-43BD-B886-07593DA25934} : DhcpNameServer = 192.168.1.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\m5w5augp.default\ FF - plugin: c:\documents and settings\jeff\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264] R1 MpKsl5993ca76;MpKsl5993ca76;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93759f96-96a3-4820-9466-936184c13225}\MpKsl5993ca76.sys [2011-6-7 28752] R1 MpKsl658f1f4b;MpKsl658f1f4b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933e3e99-f46b-4b62-b229-d0152be3e8ad}\mpksl658f1f4b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933e3e99-f46b-4b62-b229-d0152be3e8ad}\MpKsl658f1f4b.sys [?] R1 MpKsle3d8f251;MpKsle3d8f251;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ceced2b-ba8b-45a9-929f-8e24cdbd8bf8}\mpksle3d8f251.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ceced2b-ba8b-45a9-929f-8e24cdbd8bf8}\MpKsle3d8f251.sys [?] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-10-29 99896] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-10 366640] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-26 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-10 22712] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S1 MpKsl00946ab2;MpKsl00946ab2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40632111-6a4e-46ce-b774-5da125023b5e}\mpksl00946ab2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40632111-6a4e-46ce-b774-5da125023b5e}\MpKsl00946ab2.sys [?] S1 MpKsle4b92584;MpKsle4b92584;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d30d229f-b2a4-48fa-802e-cae91728b2e7}\mpksle4b92584.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d30d229f-b2a4-48fa-802e-cae91728b2e7}\MpKsle4b92584.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 135664] S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2008-2-19 2333568] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] . =============== Created Last 30 ================ . 2011-06-07 22:35:14 39424 ----a-w- c:\windows\system32\grpconv.exe 2011-06-07 22:35:14 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2011-06-07 22:26:23 98816 ----a-w- c:\windows\sed.exe 2011-06-07 22:26:23 518144 ----a-w- c:\windows\SWREG.exe 2011-06-07 22:26:23 256512 ----a-w- c:\windows\PEV.exe 2011-06-07 22:26:23 208896 ----a-w- c:\windows\MBR.exe 2011-06-07 19:05:38 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93759f96-96a3-4820-9466-936184c13225}\MpKsl5993ca76.sys 2011-06-07 19:04:51 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93759f96-96a3-4820-9466-936184c13225}\mpengine.dll 2011-06-02 18:10:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 18:08:06 -------- d-----r- c:\program files\Skype 2011-06-02 17:48:14 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Secunia PSI 2011-06-02 17:47:59 -------- d-----w- c:\program files\Secunia 2011-06-02 17:46:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-29 00:03:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN1A.tmp 2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN19.tmp 2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN18.tmp 2011-05-26 21:21:09 967 ----a-w- c:\windows\ScUnin.pif 2011-05-26 21:21:09 94208 ----a-w- c:\windows\ScUnin.exe 2011-05-26 21:20:30 -------- d-----w- c:\program files\Starcraft 2011-05-20 17:13:51 -------- d-----w- c:\program files\iPod 2011-05-20 17:13:47 -------- d-----w- c:\program files\iTunes . ==================== Find3M ==================== . 2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 17:43:11.54 =============== AttachLog 6-7-2011.txt
  4. dcJeff
    Last week, I removed the windows xp recovery virus from my computer. After getting rid of it, I realized that I still had various things missing from my Start -> All Programs list. Also, the bluetooth antenna and functions no longer work. Here is the dds log from my machine, and I've attached the attach.txt from DDS and ark.txt from GMER. I also ran a full MBAM scan last night, and all it caught was a Malware.Packer.GenX. I still have that log if you would like to see it too. Thanks in advance . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25 Run by Jeff at 8:31:20 on 2011-06-03 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1430 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\HPSIsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Garmin\gStart.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\iPod\bin\iPodService.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.att.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [gStart] c:\garmin\gStart.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [statusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL Trusted Zone: myspace.com\www DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184345771921 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jeff\application data\mozilla\firefox\profiles\m5w5augp.default\ FF - plugin: c:\documents and settings\jeff\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-10-29 99896] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-10 366640] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-26 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-10 22712] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S1 MpKsl00946ab2;MpKsl00946ab2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40632111-6a4e-46ce-b774-5da125023b5e}\mpksl00946ab2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40632111-6a4e-46ce-b774-5da125023b5e}\MpKsl00946ab2.sys [?] S1 MpKsle4b92584;MpKsle4b92584;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d30d229f-b2a4-48fa-802e-cae91728b2e7}\mpksle4b92584.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d30d229f-b2a4-48fa-802e-cae91728b2e7}\MpKsle4b92584.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 135664] S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [2008-2-19 2333568] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-10 39984] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] . =============== Created Last 30 ================ . 2011-06-02 18:10:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 18:08:06 -------- d-----r- c:\program files\Skype 2011-06-02 17:48:14 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Secunia PSI 2011-06-02 17:47:59 -------- d-----w- c:\program files\Secunia 2011-06-02 17:46:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-02 17:43:37 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ceced2b-ba8b-45a9-929f-8e24cdbd8bf8}\mpengine.dll 2011-05-29 00:03:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN1A.tmp 2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN19.tmp 2011-05-28 23:37:42 0 ----a-w- c:\windows\system32\REN18.tmp 2011-05-26 21:21:09 967 ----a-w- c:\windows\ScUnin.pif 2011-05-26 21:21:09 94208 ----a-w- c:\windows\ScUnin.exe 2011-05-26 21:20:30 -------- d-----w- c:\program files\Starcraft 2011-05-20 17:13:51 -------- d-----w- c:\program files\iPod 2011-05-20 17:13:47 -------- d-----w- c:\program files\iTunes . ==================== Find3M ==================== . 2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 8:32:45.70 =============== ark.zip attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.