Jump to content

Browser Popups


tvu22
 Share

Recommended Posts

Hello. It took me awhile to finish the GMER scan but I finally got it to work without my computer freezing/lagging really badly.

My computer kept on lagging very very badly after the GMER scan, but I'm not sure why. I thought I should tell you this.

It's better once I restart it though.

If it's needed to know, my problem was that my browser, Mozilla Firefox kept on having pop ups like once every 10-20minutes. Such as, I'll go to Facebook or something, and it'll have a popup that opens in another tab. It's never anything un-appropiate but it gets really annoying. I usually never have popups but they keep on happening.

I'll attach the ark/attach logs and Malwarebytes.

DDS

DDS (Ver_09-12-01.01) - NTFSx86

Run by HP_Administrator at 21:29:18.03 on Sat 01/16/2010

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.481 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\DISC\DiscUpdateMgr.exe

C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

C:\Program Files\DISC\DiscGui.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\wuauclt.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe

mRun: [DISCover] c:\program files\disc\DISCover.exe

mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe

mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [<NO NAME>]

mRun: [PCDrProfiler]

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

Trusted Zone: trymedia.com

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

SSODL: povewidat - {da014440-b550-4234-a57c-90e259bd18e4} - No File

LSA: Notification Packages = scecli yiyagefi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\iejihnro.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-31 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-31 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-31 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-31 56816]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2010-01-17 02:28:23 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable

2010-01-14 20:30:56 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-01-05 00:05:26 122880 ----a-w- c:\windows\system32\Imsmudlg.exe

2010-01-05 00:05:26 0 d-----w- c:\windows\system32\ENU

2010-01-05 00:01:20 227 ----a-w- c:\windows\HP_CounterReport_Update_HPSU.ini

2010-01-05 00:01:17 214 ----a-w- c:\windows\HP_48BitScanUpdatePatch.ini

2010-01-05 00:00:03 221 ----a-w- c:\windows\HP_RedboxHprblog_HPSU.ini

2010-01-04 23:58:22 0 d-----w- C:\SystemRoot

2010-01-04 23:02:57 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HpUpdate

2010-01-04 23:02:55 0 d-----w- c:\windows\Hewlett-Packard

2009-12-28 00:38:47 73728 ----a-w- c:\windows\system32\javacpl.cpl

2009-12-27 14:23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-27 14:23:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-27 14:23:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-26 18:52:26 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-12-26 18:52:25 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-12-26 18:52:25 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

2009-12-26 18:52:24 159232 ----a-w- c:\windows\system32\ptpusd.dll

==================== Find3M ====================

2010-01-15 00:05:32 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys

2009-12-28 00:38:33 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-23 17:47:43 7948 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat

2009-12-07 22:48:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-21 17:44:49 87608 ----a-w- c:\docume~1\hp_adm~1\applic~1\inst.exe

2009-11-21 17:44:49 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-11-21 17:44:49 47360 ----a-w- c:\docume~1\hp_adm~1\applic~1\pcouffin.sys

2009-11-21 16:36:13 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2009-10-27 11:06:22 18432 ------w- c:\windows\system32\dllcache\iedw.exe

2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:00:55 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 06:00:55 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 14:58:48 263552 ------w- c:\windows\system32\dllcache\http.sys

============= FINISH: 21:30:17.63 ===============

ark.zip

DDS.txt

Link to post
Share on other sites

Hello tvu22

Welcome to Malwarebytes.

=====================

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Link to post
Share on other sites

Sure.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Sorry it took awhile, once my computer restared Avira was turned on automatically, and kept on asking me if I wanted to quarantine ComboFix, so I had to ignore it a few times.

Here is the ComboFix log:

ComboFix 10-01-16.04 - HP_Administrator 01/17/2010 11:39:25.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.678 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd

c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\inst.exe

c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\AntiCrash.lnk

c:\documents and settings\HP_Administrator\Application Data\inst.exe

c:\recycler\S-1-5-21-175554784-482997867-2904977345-1008

c:\recycler\S-1-5-21-61209745-1589532965-4150809920-1008

c:\recycler\S-1-5-21-864031089-4010442294-3891632424-1008

c:\windows\kb913800.exe

c:\windows\system32\config\systemprofile\Desktop\Internet Security 2010.lnk

c:\windows\system32\ps2.bat

D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected

Restored copy from - Kitty ate it :)

.

((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))

.

2010-01-14 20:30 . 2010-01-14 20:47 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-01-11 22:21 . 2010-01-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2010-01-05 00:05 . 2010-01-05 00:05 -------- d-----w- c:\windows\system32\ENU

2010-01-05 00:05 . 2006-03-09 13:57 122880 ----a-w- c:\windows\system32\Imsmudlg.exe

2010-01-04 23:58 . 2010-01-04 23:58 -------- d-----w- C:\SystemRoot

2010-01-04 23:02 . 2010-01-11 22:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate

2010-01-04 23:02 . 2010-01-04 23:02 -------- d-----w- c:\windows\Hewlett-Packard

2009-12-27 14:23 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-27 14:23 . 2010-01-14 20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-27 14:23 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-26 18:52 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-12-26 18:52 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-12-26 18:52 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

2009-12-26 18:52 . 2004-08-04 05:56 159232 ----a-w- c:\windows\system32\ptpusd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-17 16:37 . 2009-03-02 23:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent

2010-01-15 00:05 . 2005-06-17 13:33 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys

2010-01-14 22:02 . 2009-05-16 20:03 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-01-14 20:33 . 2010-01-14 20:33 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-14 00:31 . 2008-11-11 22:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire

2010-01-14 00:21 . 2009-11-05 00:57 -------- d-----w- c:\program files\LimeWire

2010-01-10 23:01 . 2009-12-06 20:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Move Networks

2010-01-09 16:53 . 2009-07-29 22:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Vso

2010-01-09 16:53 . 2009-07-29 22:51 -------- d-----w- c:\program files\DVDFab 6

2010-01-04 23:03 . 2006-02-28 02:37 -------- d-----w- c:\program files\HP

2010-01-04 23:03 . 2006-02-28 02:57 -------- d-----w- c:\program files\Hewlett-Packard

2009-12-28 01:11 . 2006-02-28 02:48 56152 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-28 00:38 . 2009-11-05 00:59 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-23 17:47 . 2008-11-16 23:41 7948 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat

2009-12-12 20:09 . 2008-11-10 00:12 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3

2009-12-07 22:48 . 2009-10-31 21:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-06 20:41 . 2009-12-06 20:41 127872 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\uninstall.exe

2009-12-06 20:41 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll

2009-11-21 17:44 . 2009-07-29 22:51 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-11-21 17:44 . 2009-07-29 22:51 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys

2009-11-21 17:44 . 2009-07-29 22:51 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys

2009-11-21 16:36 . 2004-08-10 04:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-21 16:01 . 2009-07-29 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink

2009-11-05 00:59 . 2009-10-30 00:41 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

2009-11-03 23:57 . 2009-11-03 23:48 52770576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe

2009-10-31 23:01 . 2009-10-31 23:01 45056 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe1_08C2044E9E9840058E3CE438A10501EC.exe

2009-10-31 23:01 . 2009-10-31 23:01 45056 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe_08C2044E9E9840058E3CE438A10501EC.exe

2009-10-31 23:01 . 2009-10-31 23:01 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\ARPPRODUCTICON.exe

2009-10-29 05:48 . 2004-08-10 04:00 662016 ----a-w- c:\windows\system32\wininet.dll

2009-10-29 01:58 . 2009-10-29 01:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-10-27 23:29 . 2001-10-17 21:09 66 ----a-w- c:\windows\anticrash.dat

2009-10-27 23:29 . 2009-10-22 22:19 64512 ---ha-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\dach100.dll

2009-10-27 23:29 . 2009-10-22 22:19 64512 ---ha-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\dach100.dll

2009-10-25 20:44 . 2009-08-17 22:47 202 ---ha-w- c:\windows\winshell.dat

2009-10-21 22:00 . 2009-10-21 22:00 47360 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\pcouffin.sys

2009-10-21 22:00 . 2009-10-21 22:00 47360 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\pcouffin.sys

2009-10-21 06:00 . 2004-08-10 04:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:00 . 2004-08-10 04:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 00:17 . 2009-10-21 00:12 23510720 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe

2009-10-20 14:58 . 2004-08-10 04:00 263552 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-20 00:17 . 2009-10-20 00:06 52770576 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-31 2923192]

"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-27 133104]

"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-04 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-05 7307264]

"nwiz"="nwiz.exe" [2005-11-05 1519616]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]

"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-28 149280]

c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-11-10 3450608]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-11-10 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-27 36903]

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe"=

"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"57144:TCP"= 57144:TCP:Pando Media Booster

"57144:UDP"= 57144:UDP:Pando Media Booster

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/31/2009 4:16 PM 108289]

.

Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3085225329-3884617760-1248814583-1008Core.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 22:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

Trusted Zone: trymedia.com

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\iejihnro.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)

SSODL-povewidat-{da014440-b550-4234-a57c-90e259bd18e4} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-17 11:49

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2900)

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\program files\Stardock\ObjectDock\DockShellHook.dll

c:\windows\system32\nview.dll

c:\windows\system32\nvwddi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\RTHDCPL.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\rundll32.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

c:\windows\ehome\mcrdsvc.exe

c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

c:\windows\system32\dllhost.exe

c:\windows\eHome\ehmsas.exe

c:\program files\DISC\DiscStreamHub.exe

.

**************************************************************************

.

Completion time: 2010-01-17 11:56:13 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-17 16:56

Pre-Run: 155,588,149,248 bytes free

Post-Run: 155,523,063,808 bytes free

- - End Of File - - DD22731DFA4355F1B130F745F60F432F

Link to post
Share on other sites

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

I just finished the Malwarebytes Scan, and I'll show the results to you of the ESET scan once it's finished..

Nothing appeared for Malwarebytes.

Malwarebytes' Anti-Malware 1.44

Database version: 3583

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

1/17/2010 1:14:06 PM

mbam-log-2010-01-17 (13-14-06).txt

Scan type: Quick Scan

Objects scanned: 130634

Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello again. I finally finished the ESET scanner. There was 1 threat but it said it was cleaned.

A log didn't appear but in the ESET Online Scanner folder I found one that says log but I'm not sure, but I'm pretty sure it's the right one.

Here the the contents, and sorry to keep you waiting.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=fe359fc9556dc8418d15b9861718d3e9

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-01-17 08:14:46

# local_time=2010-01-17 03:14:46 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=769 16774142 0 2 16980034 16980034 0 0

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775125 100 100 83453 40081788 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=117679

# found=1

# cleaned=1

# scan_time=6735

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AED virus (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Since I haven't been on my computer with the exception of scanning, etc, I'm not 100% sure,

but for now everything is running smoothly again. If the browser tab pop up happens again, I'll be sure to post. :)

Thank you for spending your time helping me. I appreciate it a lot.

DDS

DDS (Ver_09-12-01.01) - NTFSx86

Run by HP_Administrator at 16:12:08.73 on Sun 01/17/2010

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.583 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\DISC\DiscUpdateMgr.exe

C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe

mRun: [DISCover] c:\program files\disc\DISCover.exe

mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe

mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

Trusted Zone: trymedia.com

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\iejihnro.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-31 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-31 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-31 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-31 56816]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2010-01-17 18:18:58 0 d-----w- c:\program files\ESET

2010-01-17 16:34:12 98816 ----a-w- c:\windows\sed.exe

2010-01-17 16:34:12 77312 ----a-w- c:\windows\MBR.exe

2010-01-17 16:34:12 261632 ----a-w- c:\windows\PEV.exe

2010-01-17 16:34:12 161792 ----a-w- c:\windows\SWREG.exe

2010-01-17 02:28:23 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable

2010-01-14 20:30:56 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-01-05 00:05:26 122880 ----a-w- c:\windows\system32\Imsmudlg.exe

2010-01-05 00:05:26 0 d-----w- c:\windows\system32\ENU

2010-01-05 00:01:20 227 ----a-w- c:\windows\HP_CounterReport_Update_HPSU.ini

2010-01-05 00:01:17 214 ----a-w- c:\windows\HP_48BitScanUpdatePatch.ini

2010-01-05 00:00:03 221 ----a-w- c:\windows\HP_RedboxHprblog_HPSU.ini

2010-01-04 23:58:22 0 d-----w- C:\SystemRoot

2010-01-04 23:02:57 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HpUpdate

2010-01-04 23:02:55 0 d-----w- c:\windows\Hewlett-Packard

2009-12-28 00:38:47 73728 ----a-w- c:\windows\system32\javacpl.cpl

2009-12-27 14:23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-27 14:23:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-27 14:23:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-26 18:52:26 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-12-26 18:52:25 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-12-26 18:52:25 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

2009-12-26 18:52:24 159232 ----a-w- c:\windows\system32\ptpusd.dll

==================== Find3M ====================

2010-01-15 00:05:32 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys

2009-12-28 00:38:33 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-23 17:47:43 7948 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat

2009-12-07 22:48:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-21 17:44:49 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-11-21 17:44:49 47360 ----a-w- c:\docume~1\hp_adm~1\applic~1\pcouffin.sys

2009-11-21 16:36:13 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2009-10-27 11:06:22 18432 ------w- c:\windows\system32\dllcache\iedw.exe

2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:00:55 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 06:00:55 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 14:58:48 263552 ------w- c:\windows\system32\dllcache\http.sys

============= FINISH: 16:12:49.12 ===============

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.