Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Search Search
Search for:
Tech Support Guy > > >

Psw.generic7.ayub - Avg Resident Shield Alert

(New)
(!)

DeadIntoIt's Avatar
DeadIntoIt DeadIntoIt is offline
Computer Specs
Junior Member with 2 posts.
THREAD STARTER
 
Join Date: Nov 2009
Experience: Intermediate
27-Nov-2009, 05:49 PM #1
Psw.generic7.ayub - Avg Resident Shield Alert
This morning I walked into my office with a multiple treat detection alert on my screen.

AVG 8.5 - Resident Shield Alert: PSW.Generic7.AYUB

Multiple threat detection:
C:\WINDOWS\system32\winlogon.exe | Trojan horse PSW.Generic7.AYUB | Object is white-listed (critical/system file that should not be removed)

Obviously I chose not to remove considering it is a critical/system file. I chose to close the alert.

Screen shot of Original Alert HERE>> http://www.getfreedom.com/ALERTS/PSW.Generic.jpg

Ran Hijack-This (exe file Named different in Program files) Log is further down.

RELATED ISSUES:
Every time I try to open almost any program (Such as Mbam) the resident shield alert (Small version) pops up - Screen shot HERE>> http://www.getfreedom.com/ALERTS/PSW.Generic-SMALL.jpg

I ran an Mbam SCAN of C:\ only. MBAM found No Infections - Screen shot HERE>> http://www.getfreedom.com/ALERTS/PSW...c-MbamScan.jpg

Now the alert pops up periodically even if I'm not opening another program.

I patiently await your instructions,

Mike C.

--------- Here is my HiJack This Log (Word Wrap OFF): ---------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:44 AM, on 11/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\InstantEyedropper\InstantEyedropper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Mike\Application Data\Mikogo\Mikogo-Host.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SuperClip\SupClip.exe
C:\Program Files\C-Organizer Pro\C-OrganizerPro.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\PowerDesk\PDESK.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TheHJTool\Mike.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [instanteyedropper] "C:\Program Files\InstantEyedropper\InstantEyedropper.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Mikogo] "C:\Documents and Settings\Mike\Application Data\Mikogo\Mikogo-Host.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: C-Organizer Pro.lnk = C:\Program Files\C-Organizer Pro\C-OrganizerPro.exe
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Startup: Toolbar.lnk = C:\Program Files\PowerDesk\PDESK.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SuperClip.lnk = C:\Program Files\SuperClip\SupClip.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra button: Bookmark Master - {6AA1C95A-D47C-4E38-874B-16D1E44D8DC9} - C:\PROGRA~1\BOOKMA~1\FavMM.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1219877315047
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\Mike\My Documents\B-Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 15479 bytes
--

Thanks in advance for your assistance,

Mike C.
DeadIntoIt's Avatar
DeadIntoIt DeadIntoIt is offline
Computer Specs
Junior Member with 2 posts.
THREAD STARTER
 
Join Date: Nov 2009
Experience: Intermediate
27-Nov-2009, 07:41 PM #2
Besides MBAM I also just ran an online BitDefender Scan and it came up with "No Infection Found".

Then ran Spybot Search and Destroy and "No Invection Found".

I'm beginning to wonder if maybe this is a false positive situation with AVG.

Hoping to hear something from someone soon on this.

----- Here is the BitDefender Log -----
BitDefender QuickScan Beta 32-bit v0.9.8.2
------------------------------------------

Scan date: Fri Nov 27 16:26:27 2009
Machine ID: 4015D8E6



No infection found.
---------------------


Processes
---------
<unsigned> C-OrganizerPro.exe 2224 C:\Program Files\C-Organizer Pro\C-OrganizerPro.exe
<unsigned> FSCapture.exe 2260 C:\Program Files\FastStone Capture\FSCapture.exe
<unsigned> hpotdd01 1384 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
<unsigned> hpwuSchd 268 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
<unsigned> HP Task Management Component 2824 C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
<unsigned> HP Framework Component Manager Service 192 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
<unsigned> InstantEyedropper.exe 336 C:\Program Files\InstantEyedropper\InstantEyedropper.exe
<unsigned> MaxBackServiceInt Module 376 C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
<unsigned> MSS & OneTouch™ MFC Application 704 C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
<unsigned> Maxtor OneTouch Detection 668 C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
<unsigned> SyncServices 864 C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
<unsigned> Microsoft IntelliType Pro 1144 C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
<unsigned> Point32.exe 1072 C:\Program Files\Microsoft IntelliPoint\point32.exe
<unsigned> Toolbar 2280 C:\Program Files\PowerDesk\PDESK.EXE
<unsigned> System settings protector 1004 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> Super Clipboard Executable File 2164 C:\Program Files\SuperClip\SupClip.exe
<unsigned> WordWeb thesaurus/dictionary 2304 C:\Program Files\WordWeb\wweb32.exe
<unsigned> Windows NT Logon Application 560 C:\WINDOWS\system32\winlogon.exe
<unsigned> Microsoft Tablet PC Platform Component 2560 C:\WINDOWS\system32\WISPTIS.EXE

<verified> Mikogo 572 C:\Documents and Settings\Mike\Application Data\Mikogo\Mikogo-Host.exe
<verified> AVG Scanning Core Module - Server Part 1960 C:\Program Files\AVG\AVG8\avgcsrvx.exe
<verified> AVG Resident Shield Service 1256 C:\Program Files\AVG\AVG8\avgrsx.exe
<verified> AVG Tray Monitor 1504 C:\Program Files\AVG\AVG8\avgtray.exe
<verified> AVG Watchdog Service 2040 C:\Program Files\AVG\AVG8\avgwdsvc.exe
<verified> Bonjour Service 176 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> Logitech KHAL Main Process 2800 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
<verified> Machine Debug Manager 808 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> RealNetworks Scheduler 3748 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> Google Desktop 1760 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
<verified> Google Desktop 2092 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
<verified> GoogleToolbarNotifier 696 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified> Java(TM) Quick Starter Service 272 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java(TM) Platform SE binary 2004 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Ad-Aware Service Application 1296 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
<verified> Ad-Aware Tray Application 3556 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
<verified> Logitech SetPoint Event Manager (UNICODE) 2140 C:\Program Files\Logitech\SetPoint\SetPoint.exe
<verified> Firefox 1532 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> RoboForm TaskBar Icon 1920 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
<verified> PC Tools ThreatFire Service 896 C:\Program Files\ThreatFire\TFService.exe
<verified> PC Tools ThreatFire Tray App 1828 C:\Program Files\ThreatFire\TFTray.exe
<verified> WordPad MFC Application 828 C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
<verified> Windows Explorer 1572 C:\WINDOWS\Explorer.EXE
<verified> Application Layer Gateway Service 3852 C:\WINDOWS\System32\alg.exe
<verified> Client Server Runtime Process 536 C:\WINDOWS\system32\csrss.exe
<verified> CTF Loader 508 C:\WINDOWS\system32\ctfmon.exe
<verified> LSA Shell (Export Version) 652 C:\WINDOWS\system32\lsass.exe
<verified> Services and Controller app 616 C:\WINDOWS\system32\services.exe
<verified> Windows NT Session Manager 480 C:\WINDOWS\System32\smss.exe
<verified> hpztsb09.exe 1252 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
<verified> Spooler SubSystem App 1564 C:\WINDOWS\system32\spoolsv.exe
<verified> Generic Host Process for Win32 Services 1036 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 1940 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 948 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 844 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1108 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 3632 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 2812 C:\WINDOWS\system32\svchost.exe
<verified> WMI 3348 C:\WINDOWS\system32\wbem\unsecapp.exe
<verified> WMI 3768 C:\WINDOWS\system32\wbem\wmiprvse.exe


Network activity
----------------
Process firefox.exe (1532) connected on port 80 (HTTP) - iy-in-f149.1e100.net
Process firefox.exe (1532) connected on port 80 (HTTP) - a72-247-92-20.deploy.akamaitechnologies.com
Process firefox.exe (1532) connected on port 443 (HTTP over SSL) - iy-in-f83.1e100.net
Process firefox.exe (1532) connected on port 80 (HTTP) - iw-in-f104.1e100.net
Process firefox.exe (1532) connected on port 80 (HTTP) - iw-in-f104.1e100.net
Process firefox.exe (1532) connected on port 80 (HTTP) - iw-in-f138.1e100.net
Process firefox.exe (1532) connected on port 80 (HTTP) - iy-in-f100.1e100.net
Process firefox.exe (1532) connected on port 80 (HTTP) - iy-in-f101.1e100.net
Process firefox.exe (1532) connected on port 80 (HTTP) - iw-in-f148.1e100.net
Process firefox.exe (1532) connected on port 80 (HTTP) - 98.174.31.227
Process firefox.exe (1532) connected on port 80 (HTTP) - ec2-174-129-12-136.compute-1.amazonaws.com
Process GoogleDesktop.exe (2092) connected on port 80 (HTTP) - 74.220.207.143

Process svchost.exe (844) listens on ports: 3389 (Terminal Server)
Process svchost.exe (948) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
<unsigned> Adobe Acrobat SpeedLauncher C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
<unsigned> C-OrganizerPro.exe C:\Program Files\C-Organizer Pro\C-OrganizerPro.exe
<unsigned> Adobe Gamma Loader C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
<unsigned> FSCapture.exe C:\Program Files\FastStone Capture\FSCapture.exe
<unsigned> Google Desktop c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
<unsigned> hpotdd01 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
<unsigned> hpwuSchd C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
<unsigned> HP Data Archive Module C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
<unsigned> HP Framework Component Manager Service C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
<unsigned> InstantEyedropper.exe C:\Program Files\InstantEyedropper\InstantEyedropper.exe
<unsigned> MSS & OneTouch™ MFC Application C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
<unsigned> Maxtor OneTouch Detection C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
<unsigned> Microsoft IntelliType Pro C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
<unsigned> Point32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe
<unsigned> Toolbar C:\Program Files\PowerDesk\PDESK.EXE
<unsigned> QuickTime Task C:\Program Files\QuickTime\qttask.exe
<unsigned> SDMessaging Application C:\Program Files\SmartDraw 7\Messages\SDNotify.exe
<unsigned> System settings protector C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> Super Clipboard Executable File C:\Program Files\SuperClip\SupClip.exe
<unsigned> WordWeb thesaurus/dictionary C:\Program Files\WordWeb\wweb32.exe

<verified> Mikogo C:\Documents and Settings\Mike\Application Data\Mikogo\Mikogo-Host.exe
<verified> Google Installer C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
<verified> Adobe Update Manager C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> AVG Tray Monitor C:\Program Files\AVG\AVG8\avgtray.exe
<verified> NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
<verified> Logitech Bluetooth Service C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
<verified> RealNetworks Scheduler C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> Google Desktop C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified> Java(TM) Platform SE binary C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
<verified> Logitech SetPoint Event Manager (UNICODE) C:\Program Files\Logitech\SetPoint\SetPoint.exe
<verified> Windows Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> RoboForm TaskBar Icon C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
<verified> Updater for Spybot-S&D C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
<verified> Spybot - Search & Destroy C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
<verified> PC Tools ThreatFire Tray App C:\Program Files\ThreatFire\TFTray.exe
<verified> Logitech KHAL Main Process C:\WINDOWS\KHALMNPR.EXE
<verified> AVG Resident Shield Starter C:\WINDOWS\system32\avgrsstx.dll
<verified> Shell Browser UI Library C:\WINDOWS\system32\browseui.dll
<verified> Crypto API32 C:\WINDOWS\system32\crypt32.dll
<verified> Crypto Network Related API C:\WINDOWS\system32\cryptnet.dll
<verified> Offline Network Agent C:\WINDOWS\system32\cscdll.dll
<verified> CTF Loader C:\WINDOWS\system32\ctfmon.exe
<verified> DIMS Notification Handler C:\WINDOWS\system32\dimsntfy.dll
<verified> Windows Error Reporting Dump Reporting Tool C:\WINDOWS\system32\dumprep.exe
<verified> Windows Logon UI C:\WINDOWS\system32\logonui.exe
<verified> OGAEXEC.exe C:\WINDOWS\system32\OGAEXEC.exe
<verified> Secondary Logon Service Notification DLL C:\WINDOWS\system32\sclgntfy.dll
<verified> Windows Shell Common Dll C:\WINDOWS\system32\shell32.dll
<verified> hpztsb09.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
<verified> Systray shell service object C:\WINDOWS\system32\stobject.dll
<verified> Userinit Logon Application c:\windows\system32\userinit.exe
<verified> Web Site Monitor C:\WINDOWS\system32\webcheck.dll
<verified> Windows Genuine Advantage Notifications C:\WINDOWS\system32\WgaLogon.dll
<verified> Common DLL to receive Winlogon notifications C:\WINDOWS\system32\wlnotify.dll
<verified> Windows Portable Device Shell Service Object C:\WINDOWS\system32\WPDShServiceObj.dll


Browser plugins
---------------
<unsigned> Ask Toolbar c:\program files\askpbar\bar\1.bin\askpbar.dll
<unsigned> Ask.com Search Assistant c:\program files\askpbar\srchastt\1.bin\a9srchas.dll
<unsigned> Bonjour Namespace Provider C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> FavMM.exe C:\Program Files\BookMark Master\FavMM.exe
<unsigned> InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
<unsigned> Adobe Acrobat Plug-In Version 7.00 for Netscape C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> Xara graphic plug-in C:\Program Files\Internet Explorer\plugins\NPXaraC.dll
<unsigned> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<unsigned> Java(TM) Quick Starter binary c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> Internet Explorer add-in for MindManager 6 c:\program files\mindjet\mindmanager 6\mm6internetexplorer.dll
<unsigned> Heppkat Communicator C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
<unsigned> Adobe Acrobat Plug-In Version 7.00 for Netscape C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> RealJukebox Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> 6.0.12.448 C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> RealJukebox Netscape Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
<unsigned> 6.0.12.448 c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<unsigned> VMN Toolbar from http://toolbar.vmn.net c:\program files\vmntoolbar\vmntoolbar.dll
<unsigned> Adobe Shockwave for Director Netscape plug-in, ver C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

<verified> Adobe Acrobat IE Helper Version 7.0 for ActiveX c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
<verified> Ask.com Toolbar c:\program files\askbardis\bar\bin\askbar.dll
<verified> Safe Search for Internet Explorer c:\program files\avg\avg8\avgssie.dll
<verified> Fast Search c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
<verified> Google Toolbar c:\program files\google\google toolbar\googletoolbar_32.dll
<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
<verified> Java(TM) Platform SE binary c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Windows Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> 3.0.40818.0 c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
<verified> atcliun C:\Program Files\Mozilla Firefox\plugins\atcliun.exe
<verified> Download Decompress Library C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
<verified> Download Extension Library C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
<verified> AtMgr Module C:\Program Files\Mozilla Firefox\plugins\atmgr.exe
<verified> ActiveTouch General Plugin Container Version 103 C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
<verified> NPRuntime Script Plug-in Library for Java(TM) Depl C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> Office Plugin for Netscape Navigator C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> RealPlayer(tm) LiveConnect-Enabled Plug-In C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified> RealPlayer(tm) LiveConnect-Enabled Plug-In c:\program files\real\realplayer\Netscape6\nppl3260.dll
<verified> RealPlayer Download and Record Plugin c:\program files\real\realplayer\rpbrowserrecordplugin.dll
<verified> RoboForm Main Module C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
<verified> SBSD IE Protection c:\program files\spybot - search & destroy\sdhelper.dll
<verified> Yahoo! activeX Plug-in Bridge C:\Program Files\Yahoo!\Common\npyaxmpb.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll
<verified> Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
<verified> Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe
<verified> Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> Windows Presentation Foundation (WPF) plug-in for c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Network Diagnostic for Windows XP C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Microsoft Windows Sockets 2.0 Service Provider C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll
<verified> LDAP RnR Provider DLL C:\WINDOWS\system32\winrnr.dll


Scan
----
The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Google\Google Desktop Search\GoogleDesktopSSD.dll
C:\Program Files\SuperClip\SupClip.exe

Upload started - 2 file(s)
Upload: C:\Program Files\SuperClip\SupClip.exe - 516096 bytes, hash: e7416f13c8bb6b161ecc9c562ad20ea0
Upload: C:\Program Files\Google\Google Desktop Search\GoogleDesktopSSD.dll - 147456 bytes, hash: ddf9ee06d5aa267535ff2d9a4d787d14
Upload speed - 33 KB/s
Upload finished - 2 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 22 sec
Total traffic - 0.71 MB sent, 7.35 KB recvd
Scanned 1323 files and modules - 327 seconds

------ End Log ------

Thanks,

Mike C.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
psw.generic7.ayub

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑